You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-cloud/multi-factor-authentication-enforcement.md
+18-2Lines changed: 18 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -102,7 +102,23 @@ Defender for Cloud's MFA recommendations refer to [Azure RBAC](../role-based-acc
102
102
Defender for Cloud's MFA recommendations currently don't support PIM accounts. You can add these accounts to a CA Policy in the Users/Group section.
103
103
104
104
### Can I exempt or dismiss some of the accounts?
105
-
The capability to exempt some accounts that don’t use MFA isn't currently supported. There are plans to add this capability, and the information can be viewed in our [Important upcoming changes](/azure/defender-for-cloud/upcoming-changes#multiple-changes-to-identity-recommendations) page.
105
+
106
+
The capability to exempt some accounts that don’t use MFA is available on the new recommendations in preview:
107
+
108
+
- Accounts with owner permissions on Azure resources should be MFA enabled
109
+
- Accounts with write permissions on Azure resources should be MFA enabled
110
+
- Accounts with read permissions on Azure resources should be MFA enabled
111
+
112
+
To exempt account(s), follow these steps:
113
+
114
+
1. Select one of the MFA recommendations where you can find unhealthy accounts.
115
+
2. On the accounts tab, select an account you would like to exempt.
116
+
3. Click on the three dots on the right side and select “exempt account”.
117
+
4. A context panel is open where you can select a scope and exemption reason.
118
+
5. All exempted accounts can then be found under “Exempted accounts” per recommendation.
119
+
120
+
> [!TIP]
121
+
> When you exempt an account, it won't be shown as unhealthy and also won't cause a subscription to appear unhealthy.
106
122
107
123
### Are there any limitations to Defender for Cloud's identity and access protections?
108
124
There are some limitations to Defender for Cloud's identity and access protections:
@@ -115,4 +131,4 @@ There are some limitations to Defender for Cloud's identity and access protectio
115
131
## Next steps
116
132
To learn more about recommendations that apply to other Azure resource types, see the following article:
117
133
118
-
- [Protecting your network in Microsoft Defender for Cloud](protect-network-resources.md)
134
+
- [Protecting your network in Microsoft Defender for Cloud](protect-network-resources.md)
0 commit comments