cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
bkk
Helper I
Helper I

MFA Authentication or APP Passwords

One of my customer has MFA on all accounts including service accounts and their security team would not exclude service accounts from MFA. I am new to Power Automate. I do have some flows developed that runs on a schedule to connect to SharePoint online data source (lists and/or document libraries). It is using SharePoint HTTP connectors to complete the work. If I set this connector with Service account with MFA enabled

1. Does it cause problems? (will it keep asking for MFA authorization every time the flow runs?)

2. If it does, for Office 365 in turn for SharePoint, using App Passwords a reasonable alternative?

https://docs.microsoft.com/en-us/azure/active-directory/user-help/multi-factor-authentication-end-us...

 

Can anyone shed some light for me?

 

Thanks

 

1 ACCEPTED SOLUTION

Accepted Solutions
eric-cheng
Solution Sage
Solution Sage

Hi @bkk ,

 

There are many factors depending on the policies setup in AAD which we wont know about.

 

It is possible to adjust the token lifetime policy to reduce the times users will need to authenticate.   Please read here for more details.

 

Just back on the topic of MFA conditional policies,  I am sure the security team is aware but it is possible to set MFA exclusions at a granular level e.g. to specific cloud services, from trusted devices, from the corporate network or whitelisted IPs.

 

--------------------------------------------------------------------------
If I have answered your question, please mark my post as a solution
If you have found my response helpful, please give it a thumbs up

View solution in original post

2 REPLIES 2
eric-cheng
Solution Sage
Solution Sage

Hi @bkk ,

 

There are many factors depending on the policies setup in AAD which we wont know about.

 

It is possible to adjust the token lifetime policy to reduce the times users will need to authenticate.   Please read here for more details.

 

Just back on the topic of MFA conditional policies,  I am sure the security team is aware but it is possible to set MFA exclusions at a granular level e.g. to specific cloud services, from trusted devices, from the corporate network or whitelisted IPs.

 

--------------------------------------------------------------------------
If I have answered your question, please mark my post as a solution
If you have found my response helpful, please give it a thumbs up

View solution in original post

bkk
Helper I
Helper I

Thanks Eric. Appreciate the information. Security is aware of the granular permissions and/or White listing of IP.  Security in this company (due to the business being in highly regulated industry), white listing huge blocks of IP is being ruled out. Granular permissions is something we are looking at.  This is a customer of mine, so I am trying to provide all options available and they can choose the best that fits them. I appreciate you providing a link that provides more details as well. Thanks for your time and help.

 

Helpful resources

Announcements
MPA_User Group Leader_768x460.jpg

Manage your user group events

Check out the News & Announcements to learn more.

V3_PVA CAmpaign Carousel.png

Community Challenge - Giveaways!

Participate in the Power Virtual Agents Community Challenge

Carousel 2021 Release Wave 2 Plan 768x460.jpg

2021 Release Wave 2 Plan

Power Platform release plan for the 2021 release wave 2 describes all new features releasing from October 2021 through March 2022.

PowerPlatform 768x460.png

Microsoft Learn

Check out our new Discover Your Career Path blog post series and get all the details.

Users online (1,850)