Microsoft Surface Hub and MFA (Security Defaults)
Hope someone can help me on this topic.
After we have enabled Security Defaults in Azure Active Directory, our Surface hub can't login to their accounts which basically makes our Hubs worhtless as they are used for Skype Meeting.
Please don't tell me that the only solution is, that we have to buy Premium P2 subscribtions for all our user(+100) and setup conditional access to allow our three Hubs to avoid use MFA?
Re: Microsoft Surface Hub and MFA (Security Defaults)
There is no solution currently for any SfB Room devices or Teams Room devices - we need to wait for an update for Teams, which was targeted for end of this year, but there is no committed ETA.
So it is required to disable AAD security defaults and use conditional access - or enable MFA for each user account. Note this does not require AAD Premium Plan2, but Plan1.
Even when you use conditional access to exclude those account from MFA, note that the contractual requirements require Partner to have MFA enabled for all accounts - so you would not fulfill these requirements from a contract persepctive.
So it is still not allowed, however excluding this account from MFA does technically work for forseeable future - see here for info on how the enforcement is done and possible technical exceptions: https://docs.microsoft.com/en-us/partner-center/partner-security-requirements-mandating-mfa
The only other solution to become fully compliant is to split of the production and the CSP tenant.