How to configure an MFA-enabled service account

If your service account is MFA-enabled, you need to use either the Conditional Access or Trusted IP feature in Microsoft 365 to bypass MFA.

Note: To use Conditional Access or Trusted IPs, you need at least a Microsoft Entra ID P1 license.

Steps to configure trusted IPs

1. Log in to the Microsoft Entra admin center using your Global Administrator credentials.
2. Click Microsoft Entra ID under Azure services.
3. Choose Security from the left pane.
4. Click Multifactor authentication under the Manage section in the left pane.
5. Under Configure, choose the Additional cloud-based multifactor authentication settings option.
6. In the pop-up that opens, click Service settings and select Trusted IPs.
7. Select the Skip multi-factor authentication for requests from federated users on my intranet option.
8. In the text box, enter the IP address of the machine in which you have installed RecoveryManager Plus.
9. Click Save.

Steps to configure conditional access

To configure conditional access,

1. Log in to Microsoft Entra admin center using your Global Administrator credentials.
2. Click Microsoft Entra ID under Azure services.
3. Choose Security from the left pane.
4. Click Conditional Access under the Protect section in the left pane.
5. Click Create new policy.
6. Provide a name for the policy.
7. In the Users section, click the Select users and groups option.
8. Select the Exclude tab.
9. Select the Users and groups check box, and choose the RecoveryManager Plus users for whom MFA should not be enforced.
10. Click Select.
11. Under the Access controls section, click Grant.
12. Select the Grant access radio button and the Require multifactor authentication check box.
13. Click Select.
14. Click Create and then Save.

You can now proceed to add your Microsoft 365 tenant to RecoveryManager Plus using the automatic configuration method or the manual method.