Summary: Microsoft 365 connection account should be excluded from conditional access policies, including Baseline policies and custom policies, and from per-user MFA policies.
Applies to: Cayosoft Administrator 6.4.0 or later
Microsoft 365 connection account should be excluded from conditional access policies, including Baseline policies and custom policies, and from per-user MFA policies.
Note: You can use Trusted IPs feature that bypasses two-step verification for users who sign in from the company intranet. For more information, please see this Microsoft article https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings#trusted-ips.
How to check
- Navigate to https://login.microsoftonline.com
- Login using Microsoft 365 connection account
- Open Microsoft 365 Admin Center
- Navigate to Admin centers > Azure Active Directories
- In the Azure portal, on the left navbar, click Azure Active Directory
- On the Azure Active Directory page, in the Security section, click Conditional access
- Exclude Microsoft 365 connection account from all access policies, including Baseline and custom policies.
- Save changes
- In Azure AD select Users and click Per-user MFA.
- Check that MFA is disabled for Microsoft 365 connection account.
KB20180503-1 Troubleshooting connection to Office 365
Please sign in to leave a comment.