Azure Active Directory: Excluded Users from MFA enforcement Policy | Voters

Azure Active Directory: Excluded Users from MFA enforcement Policy

submitted

Samuel Pierce

You will need to customize the displayName in the query to the string you use to describe your MFA policy. For example if your policy name is Required MFA DUO then your metric would look like this instead Users[?contains(~.Policies.ConditionalAccess[?displayName ==

Required MFA DUO

].conditions.users.excludeUsers[], id) ].displayName

Users[?contains(~.Policies.ConditionalAccess[?displayName ==

Exchange Online Requires Compliant Device

].conditions.users.excludeUsers[], id) ].displayName

January 13, 2022

Aaron Dalla-Longa

is it possible to do the lookup the other way? I.E, list a CAP that has excluded users in it, then do the lookup for the excluded users displayName?