You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-cloud/multi-factor-authentication-enforcement.md
+19-2Lines changed: 19 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -102,7 +102,24 @@ Defender for Cloud's MFA recommendations refer to [Azure RBAC](../role-based-acc
102
102
Defender for Cloud's MFA recommendations currently don't support PIM accounts. You can add these accounts to a CA Policy in the Users/Group section.
103
103
104
104
### Can I exempt or dismiss some of the accounts?
105
-
The capability to exempt some accounts that don’t use MFA isn't currently supported. There are plans to add this capability, and the information can be viewed in our [Important upcoming changes](/azure/defender-for-cloud/upcoming-changes#multiple-changes-to-identity-recommendations) page.
105
+
106
+
The capability to exempt some accounts that don’t use MFA is available on the new recommendations in preview:
107
+
108
+
- Accounts with owner permissions on Azure resources should be MFA enabled
109
+
- Accounts with write permissions on Azure resources should be MFA enabled
110
+
- Accounts with read permissions on Azure resources should be MFA enabled
111
+
112
+
To exempt account(s), follow these steps:
113
+
114
+
1. Select an MFA recommendation associated with an unhealthy account.
115
+
1. In the Accounts tab, select an account to exempt.
116
+
1. Select the three dots button, then select **Exempt account**.
117
+
1. Select a scope and exemption reason.
118
+
119
+
If you would like to see which accounts are exempt, navigate to **Exempted accounts** for each recommendation.
120
+
121
+
> [!TIP]
122
+
> When you exempt an account, it won't be shown as unhealthy and won't cause a subscription to appear unhealthy.
106
123
107
124
### Are there any limitations to Defender for Cloud's identity and access protections?
108
125
There are some limitations to Defender for Cloud's identity and access protections:
@@ -115,4 +132,4 @@ There are some limitations to Defender for Cloud's identity and access protectio
115
132
## Next steps
116
133
To learn more about recommendations that apply to other Azure resource types, see the following article:
117
134
118
-
- [Protecting your network in Microsoft Defender for Cloud](protect-network-resources.md)
135
+
- [Protecting your network in Microsoft Defender for Cloud](protect-network-resources.md)
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments