Exclude Partner tenant from Huntress Managed Conditional Access Policies
under review
B
Brian Mock
MSP's manage customer tenants over GDAP and there are some Huntress Managed CA policies that should allow exclusion of our Microsoft Partner tenant. For example, deployment of the "[HUNTRESS] Restrict Azure Portal Management" policy blocks the partner from accessing the Entra Admin center page over GDAP, with error "Your sign-in was successful but you don't have permission to access this resource". This would be solved by excluding the partner tenant ID.
S
Scott Riley
marked this post as
under review
Hi guys - yes, we love this suggestion! It's a reasonably simple lift to add this ability to the standard exclusions for the CA policy.
M
Matthew Coombe
Great suggestion and we have just encountered the same issue. Typically we would use a network exclusion for our own VPN Static IP as a form of network break glass to allow our tech staff to bypass this type of Conditional Access Block rule but only if they have our company VPN active. The other exclusion we have used in the past is to exclude Service Provider Users under External users or guests in the CA policy. It would be great if either of these exclusion options was available in the Managed Conditional Access Policies from Huntress.