Two weeks ago, Microsoft introduced a great feature for Azure Active Directory administration that force MFA for Office 365 Admins.
The new feature named Baseline protection force Azure Active Directory Administrators to use Multi-Factor Authentication (MFA) every time they log in to the Azure AD portal.
The feature is controlled by another Azure AD tool called Conditional access.
Today, I will show you how to disable Baseline Protection for specific Office 365 administrators and still keep the policy active for all other admins.
To disable MFA for specific Admin, I will log in the Azure AD portal and go to Conditional Access -> Policies and click on Baseline Policy…
Inside the policy, I have the option to Enable the Policy, use it or disable it.
I strongly recommend leaving the policy enabled but use the option to exclude users and groups for users that don’t need the policy.
Below, I will use the exclude option to disable MFA for administrators that need to be excluded from the policy.