Enable per user MFA bypass for Azure MFA (Cloud) make this both temporary and permenant based on settings
Currently per user bypass is not capable in Azure MFA (Cloud only) this can be done using the Azure MFA on premise server. This functionality make Azure MFA more usable for a end user community that often loses or forget cell phones and need temporary bypass. Also using Azure MFA with NPS/Radius there is no way to allow services accounts that do network equipment monitoring to avoid Azure MFA if we want to enable MFA to access critical network infrastructure or VPN using radius this would help this scenario too
We are currently working on a method to allow users to sign in while their authentication methods are temporarily unavailable.
I cam across this which works for bypassing MFA temporarily.
Any progress ?
Knut Grønn commented
NPS with MFA extension
REQUIRE_USER_MATCH = False
Dan Packwood commented
Any update on this one guys? We're almost 8 months on since the last response.
Martijn Hogendoorn commented
Please add an option for whitelisting Calling Station Identifier .
IP Whitelist wil not work for us as every logon will come through a Citrix ADC
yes, we need it too
How soon can be we get an update on this ?
is there any news on this topic yet?
Looking to implement MFA via conditional access for all our users but really need this feature (i suspect that every day someone will forget their phone). Been a while since last update, anything further ?
Thanks in advance
Chris Conlon commented
Please enable this feature. The workaround is not acceptable in all situations.
Tyson Schumacher commented
The alternative of using groups/conditional access temporarily is risky and time consuming. Having this feature set similar to MFA Server for a admin-selectable timeout makes a lot of sense. Thanks for listening.
John Pimentel commented
I am interested in any progress on this topic, and more so the controls and processes that would be required to keep the sign in secure in the absence of MFA.
When can we expect this method to be implemented?
Thomas Biebl commented
Should be extended to NPS Plug-in Too!!!!
Rikard Strand commented
Anyone from Microsoft that can comment on this thread ?
Chris Blackburn commented
Some good stuff on the horizon for authentication - excited!
Parker Jardine commented
Wow, looking at this now. No bypass? This makes it pretty hard to support our end users.
Jason Douglas commented
Using the MFA NPS extension should not block out people who do not have MFA enabled.
Rob de Zwaan commented
We would like this option as this means we could provide safety via MFA. But allow our support partners to gain access without having to install / reset MFA on their phones everytime there is an off-hours support request.
Mirza Dedic commented
We definitely need an option like this, users forget their phones and we need a quick way to bypass for a set amount of time. Removing a user from the conditional access and then remembering to add them back is a security risk.