Hero Banner

Multi-Factor Authentication (MFA)

Learn and ask questions on how to implement MFA

Take the survey
Reply
MartinJ
Microsoft
‎07-24-2019 07:55 AM
Microsoft
‎07-24-2019 07:55 AM

Service principals as exception for MFA/end user protection requirements

Greetings dear community,
I have some issues with a partner concerning the enabling of the necessary admin MFA/ EUP policies:
The distributor has a marketplace account that authenticates via Tokens (which, according to the partner, had to be done that way as by the MFA-Guidelines of the Partner Center). Now he is of the opinion that enabling 'end user protection' would override the token-based authentication and thus affecting the functionality of the marketplace. Instead, he has created a custom policy covering all users but the marketplace-account. Will this fulfill the requirements? How should I proceed here?
Thank you sincerely in advance for your answers!
 
Kind regards,
Martin
Labels:
Reply
0 Kudos
2 REPLIES 2
assofohdz
Level 1 Contributor
‎07-25-2019 12:20 AM
Level 1 Contributor
‎07-25-2019 12:20 AM

As I understand it: Excluding accounts will not be in compliance with the Partner Security Requirements. They have to be 'Included' in a policy that has the MFA control enabled.

 

I hope that we can exclude certain Apps though

Reply
0 Kudos
idwilliams
Moderator
‎07-28-2019 09:49 PM
Moderator
In response to assofohdz
‎07-28-2019 09:49 PM

@MartinJ - app only authentication is not impacted by the partner security requirements. So, they only used a client identifier and secret key to request an access token then they can safely enable the baseline policies. @assofohdz is correct that they will not be able to exlcude users. If they have a policy that does this today, then they need to look into modifying it to comply with the requirements.

Reply
0 Kudos
Follow Us
    Share