starred/CIPP

Fork 0

mirror of https://github.com/KelvinTegelaar/CIPP.git synced 2026-04-25 08:16:01 +03:00

[GH-ISSUE #289] Feature Request: Exclude Azure AD Sync accounts from the Per-User MFA Standard #151

New issue

Closed

opened 2026-03-02 12:04:18 +03:00 by kerem · 2 comments

kerem commented

2026-03-02 12:04:18 +03:00

Owner

Originally created by @kfear27 on GitHub (Nov 25, 2021).
Original GitHub issue: https://github.com/KelvinTegelaar/CIPP/issues/289

Originally assigned to: @KelvinTegelaar on GitHub.

When applying the standard called 'Enable per-user MFA for all users' this enables MFA for the 'On-Premises Directory Synchronization Service Account'

This in turn breaks the sync as you would need to configure MFA for that account.
For said account this is a system managed account, passwords and configuration are unknown.

From a standard Azure AD subscription you are unable to exclude certain IP addresses from MFA too.

Is there a best practice around this setup which I am unaware of?

Thanks

Originally created by @kfear27 on GitHub (Nov 25, 2021). Original GitHub issue: https://github.com/KelvinTegelaar/CIPP/issues/289 Originally assigned to: @KelvinTegelaar on GitHub. When applying the standard called 'Enable per-user MFA for all users' this enables MFA for the 'On-Premises Directory Synchronization Service Account' This in turn breaks the sync as you would need to configure MFA for that account. For said account this is a system managed account, passwords and configuration are unknown. From a standard Azure AD subscription you are unable to exclude certain IP addresses from MFA too. Is there a best practice around this setup which I am unaware of? Thanks

kerem

2026-03-02 12:04:18 +03:00

closed this issue
added the
enhancement

no-priority
labels

kerem commented

2026-03-02 12:04:20 +03:00

Author

Owner

@github-actions[bot] commented on GitHub (Nov 25, 2021):

Thank you for creating a feature request! feature requests are prioritized by our direct contributors. Your current priority is set to "No Priority". If you are a sponsor you can request an upgrade of priority, If you want this feature to be integrated you can always do this yourself by checking out our contributions guide at https://kelvintegelaar.github.io/CIPP/GettingStarted/Contributions.html. Contributors to the CIPP project reserve the right to close feature requests at will.

If your feature request is not picked up in 2 week by a contributor it will be closed.

If you'd like this feature request to be assigned to you, please comment "I would like to work on this please!".

@github-actions[bot] commented on GitHub (Nov 25, 2021): Thank you for creating a feature request! feature requests are prioritized by our direct contributors. Your current priority is set to "No Priority". If you are a sponsor you can request an upgrade of priority, If you want this feature to be integrated you can always do this yourself by checking out our contributions guide at https://kelvintegelaar.github.io/CIPP/GettingStarted/Contributions.html. Contributors to the CIPP project reserve the right to close feature requests at will. If your feature request is not picked up in 2 week by a contributor it will be closed. If you'd like this feature request to be assigned to you, please comment "I would like to work on this please!".

kerem commented

2026-03-02 12:04:20 +03:00

Author

Owner

@KelvinTegelaar commented on GitHub (Nov 28, 2021):

added in dev, we exclude the accounts starting with Sync_.

@KelvinTegelaar commented on GitHub (Nov 28, 2021): added in dev, we exclude the accounts starting with Sync_.

kerem referenced this issue

2026-03-02 13:55:10 +03:00

[PR #193] [MERGED] Merging Dev to Master. Releasing Gin. #2721

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/CIPP#151

No description provided.

Rows
Columns