Service desk excluded from MFA but registration campaign still interrupts

MSP Toolkit
Minimal guidance for messy support realities.
Submitted by Anonymous (not verified) on

Scenario

Help desk staff are exempt from some MFA policies, but a registration campaign or security prompt still blocks onboarding work.

Recommended Resolution Path

  1. Separate Conditional Access exclusions from registration campaign settings in Entra.
  2. Review which prompt the user is actually seeing before changing more policy.
  3. Test the exemption with a clean browser and a newly created pilot account.
  4. Document the support workflow so emergency access paths are not guesswork.

Technician Notes

Document what changed, what confirmed the fix, and whether the issue points to a broader standards gap worth addressing for the client.

Subjects
Security & Continuity
Conditional Access