Hi y'all,
At the moment, we are in a very heated discussion with our Managed Service Provider.
They are setting up Conditional Access for us, but they are using a user group in Azure AD.
So we asked: Why not on All Users, and working with exclusions?
Our MSP told us working with groups instead of the All Users groups bring more flexibility.
But in our opinion working with a separate user group brings more administration and more risk of forgetting enforcing Conditional Access.
Could someone end this discussion and give us some advice?