Working with Service accounts and Office 365 - Connect IT Community

/* * These styles apply ONLY to the header and footer assets. */ * { padding: 0; margin: 0; box-sizing: border-box; } .super-nav { display: flex; justify-content: flex-end; align-items: center; margin: 0 auto; max-width: 1264px; padding-left: 40px; padding-right: 40px; height: 40px; text-align: right; } .super-nav a { color: #34427c; margin-right: 20px; padding: 10px; text-decoration: none; } .super-nav a:hover, .super-nav a:focus { background-color: #f7f9fa; } .footer { background: #f5f5f6; color: #555a62; font-size: 14px; line-height: 1.5; padding: 0; } .footer-image { background-image: url("/themes/kaseya/assets/images/footerImage.png"); height: 500px; background-repeat: no-repeat; background-size: cover; margin-top: -100px; } .footer-wrap { padding-left: 18px; padding-right: 18px; max-width: 1236px; margin: 0 auto; } .footer-main-content { background-color: #000; padding: 100px 0; } .footer .footer-col-title { color: #ffffff; font-weight: 700; font-size: 13px; padding-bottom: 10px; text-transform: uppercase; } .footer .footer-link { color: #9b9ca0; text-decoration: none; } .footer .footer-link:hover, .footer .footer-link:focus, .footer .footer-link:active { text-decoration: underline; } .footer-main-content .footer-link { padding-top: 10px; } .footer-row { display: flex; flex-wrap: wrap; justify-content: space-between; align-items: center; margin: -3px; } .footer-main-content-row { align-items: flex-start; } .footer-bottom-content { padding: 10px; align-items: center; } .footer-col { padding: 0 3px; display: flex; flex-direction: column; } .footer-col-copyRight { justify-content: flex-start; color: #9b9ca0; flex: 1; display: flex; } .footer-last-col { flex-direction: row; } .footer-last-col .footer-link { padding-right: 10px; text-transform: uppercase; } @media screen and (max-width: 768px) { .super-nav { padding-right: 0; } .footer-image { height: 250px; } .footer-main-content { padding: 40px 0; } .footer .footer-col-title { padding-top: 10px; } .footer-row:not(.footer-main-content-row) { display: block; } .footer-col:not(.footer-main-content-col) { width: 100%; text-align: center; padding: 10px 0; } .footer-main-content-col { width: 50%; } .footer-last-col { flex-direction: column; } .footer-last-col .footer-link { padding-bottom: 10px; } } /*# sourceMappingURL=styles.css.map */ Ask the Community Groups

Working with Service accounts and Office 365 - Connect IT Community | Kaseya

Note: This information requires that you are setting up the Office 365 integration following this article.

If you have a Service account that you want to exclude from 2FA when working with the Office 365 SAML integration you can exclude them using Groups & Policy.

To complete the exclusion you will need to create a unique policy for the Office 365 SAML App.

Steps to create a Policy

First we need to create two Security Groups. If you are already using Directory Sync than you can use existing AD Security Groups. Then we can create the policy. Once we have the policy we can apply the policy to the application.

Step 1 - Create Security Groups
If you are using existing AD Security Groups proceed to Step 2.

Log into your Passly Tenant https://(your company).my.Passly.com
Select Directory Manager.
Select Groups.
Select the Green plus sign in the bottom right corner.
Set the Name of the Group.
Example: Office 365 Users.
Select Add Group.
Select the Group by clicking it's name.
Add all Office 365 Users to this Group by selecting the Green plus sign in the bottom right corner.
Select Add Users.
Select Directory Manager.
Select Groups.
Select the Green plus sign in the bottom right corner.
Set the Name of the Group.
Example: Office 365 Exclusion.
Select Add Group.
Select the Group by clicking it's name.
Add all Office 365 exclusion accounts (service accounts) to this Group by selecting the Green plus sign in the bottom right corner.
Select Add Users.

Once we we have the Groups for inclusion and exclusion of 2FA we can build a unique policy to be applied in the SSO Manager for Office 365.

Step 2- Steps to create a Policy

Log into your Passly Tenant https://(your company).my.passly.com
Select Policy Manager.
Select the Green plus sign in the bottom right corner.
Set the Policy name.

Example Office 365 Policy.
Select the Policy Element. Select the Office 365 Exclusion group.
Set the then action.
Select Add Additional Rule.
Select the Policy Element. Use the Office 365 Users Group.
Set the then action.

Step 3 - Changing the policy for the SSO application in the SSO Manager

Log into your Passly Tenant https://(your company).my.Passly.com
Select SSO Manager.
Select the Office 365 App.
Select Application Configuration.
Choose the new policy from the Authentication Policy drop down.
Select Save Changes.

At this point all users in the Office 365 user group should be prompted for 2FA when accessing Office 365 via SSO or thick clients.
Tip: You can also add elements to the second rule to include trusting devices. This would allow you to not require 2FA on thick clients on every login.

Other Resources

How to Protect Office 365 with Passly

How can I use Passly with Office 365