How to configure an MFA-enabled service account

If your service account is MFA-enabled, you need to use either the Conditional Access or Trusted IP feature in Microsoft 365 to bypass MFA. Once you have configured one of these features, proceed to configure the service account in M365 Manager Plus.

Note: To use Conditional Access or Trusted IPs, you need an Entra ID P1 license.

Steps to configure Trusted IPs

• Log in to the Microsoft Entra Admin Center using your Global Administrator credentials.
• Navigate to Protection > Conditional Access > Named locations and select Configure multifactor authentication trusted IPs.
• In the new window that opens, click the Service settings tab.
• Select the Skip multi-factor authentication for requests from federated users on my intranet option.
• In the text box, enter the IP address of the machine in which you have installed M365 Manager Plus.
• Click Save.

Steps to configure Conditional Access

In this section, you will learn how to create a policy to enforce MFA and exclude M365 Manager Plus users so they do not have to undergo multiple authentication.

• Log in to the Microsoft Entra Admin Center using your Global Administrator credentials.
• Navigate to Protection > Conditional Access and click Create New Policy.
• Provide a name for the policy.
• Under Assignments, choose Users or workload identities.
• Click the Users and groups option.
• Select the Exclude tab.
• Select the Users and groups check box, and choose the M365 Manager Plus users for whom MFA should not be enforced.
• Click Select.
• Under the Access controls section, click Grant.
• Select the Grant access radio button and the Require multi-factor authentication check box.
• Click Select.
• Click Create.