cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
bkk
Helper I
Helper I

MFA Authentication or APP Passwords

One of my customer has MFA on all accounts including service accounts and their security team would not exclude service accounts from MFA. I am new to Power Automate. I do have some flows developed that runs on a schedule to connect to SharePoint online data source (lists and/or document libraries). It is using SharePoint HTTP connectors to complete the work. If I set this connector with Service account with MFA enabled

1. Does it cause problems? (will it keep asking for MFA authorization every time the flow runs?)

2. If it does, for Office 365 in turn for SharePoint, using App Passwords a reasonable alternative?

https://docs.microsoft.com/en-us/azure/active-directory/user-help/multi-factor-authentication-end-us...

 

Can anyone shed some light for me?

 

Thanks

 

1 ACCEPTED SOLUTION

Accepted Solutions
eric-cheng
Solution Sage
Solution Sage

Hi @bkk ,

 

There are many factors depending on the policies setup in AAD which we wont know about.

 

It is possible to adjust the token lifetime policy to reduce the times users will need to authenticate.   Please read here for more details.

 

Just back on the topic of MFA conditional policies,  I am sure the security team is aware but it is possible to set MFA exclusions at a granular level e.g. to specific cloud services, from trusted devices, from the corporate network or whitelisted IPs.

 

--------------------------------------------------------------------------
If I have answered your question, please mark my post as a solution
If you have found my response helpful, please give it a thumbs up

View solution in original post

2 REPLIES 2
eric-cheng
Solution Sage
Solution Sage

Hi @bkk ,

 

There are many factors depending on the policies setup in AAD which we wont know about.

 

It is possible to adjust the token lifetime policy to reduce the times users will need to authenticate.   Please read here for more details.

 

Just back on the topic of MFA conditional policies,  I am sure the security team is aware but it is possible to set MFA exclusions at a granular level e.g. to specific cloud services, from trusted devices, from the corporate network or whitelisted IPs.

 

--------------------------------------------------------------------------
If I have answered your question, please mark my post as a solution
If you have found my response helpful, please give it a thumbs up

bkk
Helper I
Helper I

Thanks Eric. Appreciate the information. Security is aware of the granular permissions and/or White listing of IP.  Security in this company (due to the business being in highly regulated industry), white listing huge blocks of IP is being ruled out. Granular permissions is something we are looking at.  This is a customer of mine, so I am trying to provide all options available and they can choose the best that fits them. I appreciate you providing a link that provides more details as well. Thanks for your time and help.

 

Helpful resources

Announcements
MPA Virtual Workshop Carousel 768x460.png

Register for a Free Workshop

Learn to digitize and optimize business processes and connect all your applications to share data in real time.

PWREduCon768x460.png

Join us at PWR EduCon - A Power Platform Conference

Learn from the top Power BI, Power Apps, Power Automate & Power Virtual Agents experts!

Power automate tips 768x460 v2.png

Restore a Deleted Flow

Did you know that you could restore a deleted flow? Check out this helpful article.

Users online (3,370)