Azure AD App Proxy - Login with MFA Code Only
Please add an access option which requires username and Azure Multi-Factor Authentication only.
This should not authenticate users to any other part of the platform. It should behave like a page which does not require authentication - except for requiring the user to pass a MFA check.
The reason for this is we wish to present an internal password change page to the Internet. We want users to provide MFA credentials before they access the page, but they won't be able to pass the primary password login because it is expired.
Azure AD Application Proxy doesn't perform any separate authentication - the preauthentication will be determined by what you have configured and what is available through AAD. Moving this to the MFA team to consider.