Method 2: Create Conditional Access Policy
(Recommended for most organizations)
Access Conditional Access
Sign in as a Conditional Access Administrator
Go to: Protection β Conditional Access β New Policy
Configure Policy
Name: E.g., "MFA Exclusions - Trusted Networks"
Assignments:
Users: Include All users
Exclude: Break-glass accounts (critical!)
Target Resources:
Include: All cloud apps
Exclude: Apps not needing MFA (optional)
Access Controls:
Select Grant access β 3rd Party MFA
Deploy
Set to Report-only initially for testing
Click Create
