Service account MFA best practices

Like (0) Share

Report

Posted on 11 Sep 2023 15:34:02 by byrnep

218

We are trying to figure out how to avoid having to transfer the MFA for a service account to someone else when they go on vacation.

Is there anything that can either be done to make it easier to have more than one person own the MFA, OR a good approach to expempt service account from MFA.

I'm not talking about conditional access polices, but no MFA, and what guardrails would you put in place instead to ensure that the service account can't be used if breached.

Categories:

Environment

Management

I have the same question (0)

All responses (1)

Answers (0)

joe_hannes_col 1,843 Super User 2024 Season 1 on 11 Sep 2023 at 15:39:54

Like (2)

Report

Re: Service account MFA best practices

Hello @byrnep,

If you are using Microsoft Authenticator, you can add the account to Microsoft Authenticator apps on multiple phones.
I think you can also exclude individual users from MFA. I would not recommend this, however, because the service account typically has a higher number of privileges.

Was this reply helpful? Yes No