Forum Discussion
Exclude MFA requirement temporarily
When we configure a replacement device, we disable MFA for the user temporarily so that we can work on the device/account. We add the user to an AAD group which is excluded in the MFA conditional ac...
Have you tried using TAP instead? https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-temporary-access-pass
- This - Thanks for the tip! It requires 2 steps - to enable TAP on the 365 admin side for users, but also to push a policy to all the devices allowing web sign in. Once deployed, it seems to be exactly what we need to avoid disabling MFA for the users. It also will prevent us from having to change the user's password to work on their computer, so an added time save!
