From ca251ac90a29ecfe894e1faa0cff0541686975d1 Mon Sep 17 00:00:00 2001
From: Wey <weyCC81@users.noreply.github.com>
Date: Sat, 18 Jan 2025 01:19:45 +0100
Subject: [PATCH] Ignore excludes for Synchronization Accounts

---
 powershell/public/Test-MtCaGap.ps1 | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/powershell/public/Test-MtCaGap.ps1 b/powershell/public/Test-MtCaGap.ps1
index 247a627f..efc9d241 100644
--- a/powershell/public/Test-MtCaGap.ps1
+++ b/powershell/public/Test-MtCaGap.ps1
@@ -132,7 +132,11 @@ function Test-MtCaGap {
         $_.Conditions.Users.IncludeUsers | ForEach-Object { $includedUsers.Add($_) | Out-Null }
         $_.Conditions.Users.ExcludeGroups | ForEach-Object { $excludedGroups.Add($_) | Out-Null }
         $_.Conditions.Users.IncludeGroups | ForEach-Object { $includedGroups.Add($_) | Out-Null }
-        $_.Conditions.Users.ExcludeRoles | ForEach-Object { $excludedRoles.Add($_) | Out-Null }
+        If ($_ -ne "d29b2b05-8046-44ba-8758-1e26182fcf32") {
+            # Role: 'Directory Synchronization Accounts' excluded
+            # Policy: 'Multifactor authentication for Microsoft partners and vendors'
+            $_.Conditions.Users.ExcludeRoles | ForEach-Object { $excludedRoles.Add($_) | Out-Null }
+        }
         $_.Conditions.Users.IncludeRoles | ForEach-Object { $includedRoles.Add($_) | Out-Null }
         $_.Conditions.Applications.ExcludeApplications | ForEach-Object { $excludedApplications.Add($_) | Out-Null }
         $_.Conditions.Applications.IncludeApplications | ForEach-Object { $includedApplications.Add($_) | Out-Null }