How to let your Microsoft Partner bypass Conditional Access Policies to help you support your Tenant

Background

Microsoft has heard and understands the need for Service Providers to have access to customer tenants to provide support. Because of the DAP to GDAP transition, Microsoft has released the ability to exclude Service Providers from Conditional Access Policies. By following the below process you can ensure that partners like AccessOrange can access your customer's tenant quickly reducing the amount of time it takes to launch a ticket with Microsoft Support if needed.

Process

Step 1 - Navigate to aad.portal.azure.com. From the main screen click on Azure Active Directory>Security.


Step 2 - Assess which conditional access policies are affecting external users from accessing the tenant. When the Conditional Access policy or policies have been identified. We now can create an exclusion.

Step 3 - Create the exclusion. Navigate to Conditional Access.


Step 4 - Choose the Conditional Access Policy.


Step 5 - To exclude the Service provider from the policy we will click on Users> Exclude.


Step 6 - From the Exclude section we will click Guest or External Users and then choose Service provider users. Once done, click Save.

Updated on: 01/10/2024