Skip to Main Content
Liongard Library

Welcome to Liongard Library, where Lions share! This is a community-led space where Liongard users can come to teach and learn from one another.
Share custom Metrics, get inspired and see what’s trending in the Pride.

Pride Etiquette:
➕ Have great custom Metrics? Add them as entries!
🌟 Want to use a Metric? Copy the query and
follow this doc.
👍 Tried a Metric from the Library? Like it!
📣 Have a question or feedback on a Metric? Add a comment!
🔎 Not sure where to start? Learn about Metrics and how to write them.
💬 Need help writing a metric or want to help support others? Join the conversation in our Liongard Lounge #metrics slack channel.

🥴 See something off? Open a support chat to let us know.

Created by Samuel Pierce
Created on Jan 13, 2022

Azure Active Directory: Excluded Users from MFA enforcement Policy

You will need to customize the displayName in the query to the string you use to describe your MFA policy. For example if your policy name is Required MFA DUO then your metric would look like this instead Users[?contains(~.Policies.ConditionalAccess[?displayName ==`Required MFA DUO`].conditions.users.excludeUsers[], id) ].displayName


Users[?contains(~.Policies.ConditionalAccess[?displayName ==`Exchange Online Requires Compliant Device`].conditions.users.excludeUsers[], id) ].displayName

  • Attach files
  • Aaron
    Oct 6, 2022

    is it possible to do the lookup the other way? I.E, list a CAP that has excluded users in it, then do the lookup for the excluded users displayName?