One-time bypass only applies to MFA server installs, not Azure MFA. You can configure it here: https://portal.azure.com/#blade/Microsoft_AAD_IAM/MultifactorAuthenticationMenuBlade/OneTimeBypass/fromProviders/
Azure MFA One-time Bypass
I have a question which I haven't been able to find an answer for. Hopefully someone can point me in the right direction…
We use the Microsoft Remote Desktop Gateway to provide remote workers with RDP access to our servers. The Remote Desktop Gateway is configured to use the Azure NPS Extension which forces users to provide a second factor of authentication. Users are enrolled in Azure MFA which is used to provide the second factor of authentication.
I’m interested to know if there exists a one-time Bypass option for Azure MFA? On first look, in Azure I can see there appears to be exactly this https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings#one-time-bypass …but I believe this is limited to Azure MFA Server and not Azure cloud.
Thins link is to an old article but reinforces what I’ve found: https://social.msdn.microsoft.com/Forums/azure/en-US/c26d093b-8260-4219-83b6-2d986857f286/onetime-bypass-feature-mfa-on-cloud?forum=windowsazureactiveauthentication
My user story is…
A remote worker is enrolled in Azure MFA and uses the Microsoft authenticator app to authenticate RDP connections to the Remote Desktop Gateway.
The remote worker misplaces their mobile device, and therefore cannot provide the second factor to authenticate.
The remote worker cannot connect.
The remote worker requires immediate access.
On other remove access solutions that I have used there has been the option to provide a one time logon method which bypasses the second factor. Can this be done?
Thanks in advance!
3 additional answers
Sort by: Most helpful
-
Dan Rocky Aigens 1 Reputation point
2020-02-11T09:19:50.617+00:00 this link describes how to activate one-time by pass specifically from Azure MFA
https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings
-
Russell 1 Reputation point
2020-04-26T22:10:08.003+00:00 Just to make this extra clear the correct answer is No there is not, you cannot do this with Azure MFA and the Azure NPS Extension as bypass is only for MFA Server.
There does need to be some way of setting up the NPS extension to have a local AD group with Bypass users or something for this scenario as Cisco Duo makes this much easier...
-
Demetri 1 Reputation point Microsoft Employee
2021-08-23T20:31:18.647+00:00 There is a newer feature called Temporary Access Pass (TAP) which is available as well: https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-temporary-access-pass.
While it is not an exact 1-to-1 of one-time bypass it offers similar functionality but more secure as it requires that the user utilizes a temporary passcode to get past MFA.