question

LeoJohnson-5897 avatar image
0 Votes"
LeoJohnson-5897 asked JamesTran-MSFT edited

Protecting Service Accounts with Conditional Access

Hi y'all,

At the moment we are trying to enhance the security of our service accounts with Conditional Access.

We only allow the service accounts be used from trusted locations.

All our accounts work fine, except the Azure Automations and Dynamics service accounts.

Why does this not work and what can we do to better protect these accounts?

Leo Johnson

azure-ad-conditional-accessmem-intune-conditional-access
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

What exactly is not working? What do the CA logs say in Azure? How have you configured CA?

Also, where exactly are you using these accounts? Are they actually running services on Windows systems?

0 Votes 0 ·

1 Answer

JarvisSun-MSFT avatar image
0 Votes"
JarvisSun-MSFT answered JamesTran-MSFT commented

@LeoJohnson-5897 Thanks for posting in our Q&A.
For our question, I did some research and found some explanation as below.

Conditional Access policies apply to all user accounts. This includes user accounts that are used as service accounts. Often, a service account that runs unattended can't satisfy the requirements of a Conditional Access policy. For example, multi-factor authentication might be required.
If your organization has these accounts in use in scripts or code, consider replacing them with managed identities. As a temporary workaround, you can exclude these specific accounts from the baseline policy.
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/faqs#does-a-conditional-access-policy-apply-to-service-accounts

Hope it can help.




If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@LeoJohnson-5897 How are things going on? We are waiting to see if our problem still exist. If there is anything update, please feel free to let us know.

0 Votes 0 ·

@LeoJohnson-5897
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?

If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.


Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

0 Votes 0 ·