Forum Discussion
MFA + Powershell + Non-Admin accounts
We are trying to access Outlook on the Web, enforce MFA on all accounts, and have no access to cellphones (and behind an IVR for landlines). We have Business Essentials licenses and do not have Azure conditional access licenses.
We can access our email through other tools using app passwords, but those do not work for Outlook on the Web. I have tried to connect the machines via Powershell + MSOnline module without success, which I believe is related to these being non-admin accounts.
What options do I have for accessing Outlook on the Web?
Not sure what exactly you are trying to achieve here. OWA supports MFA, as it's a web based application that directly leverages the Azure AD experience. You do NOT need app passwords for OWA. Conditional access is also not needed, as long as you have enforced MFA for the user.
- Brian SpittleCopper ContributorWe don't have access to the authenticator, voice, or text at this location.
So why are you enforcing MFA then?
- PBeiler1Steel Contributor
You could SKIP MFA when coming from this site (certain IP addresses). That would give MFA protection when used outside of the site.
- Brian SpittleCopper Contributor
Paul, that would require a P1 or P3 license for Azure, correct? Is there an alternative for conditional access?
- PBeiler1Steel Contributor
I don't know the answer. Go here, start digging. https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication-how-it-works
I have E1 and E3 licenses with EMS, so my groundwork was already set.