What I just did (and worked) is:Create an exclusive user for this and assign the GLOBAL READER role.Create a group "MFA-disabled" (or the name you want) and assign that user to this group.Go to AzureAD, Security, Conditional Access and create (if it ...