Forum Discussion
Excluding user to MFA with conditional access
Im having some issues with excluding users from MFA with conditional access. The user what im trying to exclude is an functional account. But the thing is, this account is both in the including and excluding part of this setting, because the user is member of the Azure group where all users are in.
With this configuration, the user is still getting promped for MFA registration when login into Office365. So the exclusion doesnt seem to override the inclusion option.
Do i need to remove this user from the Azure group where all users are members from, or is there another solution for this?
I am having this same issue. We have a hybrid environment. It is with an Entra only gloabal admin and the account can access all of 365 except, the Intune Portal and the Entra Portal. Those two are requesting MFA. I ran what if and the account has no policies applied. All CA policies for this account are not applied because it is excluded. I can't seem to figure out what the issue is with just thes two portals.
- Exclusion overrides inclusion policy. I will suggest to validate the CA policies against the user in question using the what if tool and also analyse the sign in logs.
- Im not sure what you mean with the what if tool. I checked the sign in logs in Azure and it says Single-factor authentication on the Basic info tab. On the Conditional Access tab is no info displayed. It only says Not applicable. The authentication Details is also empty with no information.
I just logged in with this account, and i'm still getting a MFA registration prompt in Office365.
