Although using the LCS database movement API from Azure DevOps pipelines to perform database imports, exports, asset library access etc, worked like a charm using the authentication mechanism as explained here:
https://learn.microsoft.com/en-us/dynamics365/fin-ops-core/dev-itpro/database/api/dbmovement-api-authentication
But when MFA wants to be used by CA policy for that service account, this authentication fails. I know that this article describes that it will not work with MFA enabled accounts.
Our idea was to exclude "Dynamics Lifecycle Services" enterprise app (ID 913c6de4-2a4a-4a61-a9ce-945d2b2ce2e0) from that CA policy, but unfortunately, this app cannot be excluded as it cannot be found in that selction list. Neither by name, nor by ID, nor by Object ID.
Enable the API with services account which have MFA enabled will increase security, so it should be a possibility to be taken.