MFA Exclusion Request - Helpdesk Process

This Article is to set the procedure and steps to follow for a MFA exclusion request 

• User needs to submit a Zendesk Ticket with the business justification and Manager Level  Approval for the MFA exclusion. This is a requirement before any user can be added to the MFA Exclusion Policy
• Assign the Ticket to Security Team Queue for Analysis and Approval of the MFA Exclusion in writing
• The security team will reassign the ticket to T1 Agents upon approval or denial of the exclusion request. If the request is approved:
• Tier1 Agents will follow the steps outlined below to complete the service request:

Step1: Log in to AD

Step2: Search for the group shown below

Group in AD: 365_MFA_Exclusion

Step 3: click on the members tab and add the user account(s) to be excluded from MFA Policy. 
Step 4: Zendesk ticket will be closed by Tier1

Step 5: Tier1 will escalate any issues pertaining to the MFA exclusion to Tier3 team (infrastructure Queue)

Note: It takes about 15 - 30 minutes for memberships to be updated in Azure Entra ID