Feature request: Debug-AzStorageAccountAuth could check the MFA exception requirement to be more thorough #232
Description
I had an issue with configuring SMB for Entra Id Kerberos, and was using Debug-AzStorageAccountAuth to help identify issues. I was getting this error
New-PSDrive : The system cannot contact a domain controller to service the authentication request. Please try again later
when trying to map a drive to the share that was setup correctly as per documentation with one exception: the sub had a Conditional Access Policy that overrode the exception I had placed per documentation to except MFA for this storage account.
Perhaps this is a known loophole where no check is possible through powershell, but if not, I think it fits in the processing this command does, and there is at least one person who has been tripped up by the red herring error message - ME. Regardless, it would make the set of checks more thorough, I think.