is it possible to get Azure AD authentication with Username and Password when we have multifactor authentication enabled

Question

our requirement is to get an authentication Token to request ARM to provide an accessToken for a machine learning endpoint.

Its working fine with service principal account but now we want to do it for each user using their credentials.

So far I have tried with MSAL java SDK code to authenticate user using its credentials for the tenant and the registered client ID. but I get below error :

om.microsoft.aad.msal4j.MsalInteractionRequiredException: AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000003-0000-0000-c000-000000000000'.
Trace ID: c61802d5-9d3e-4f85-a84c-78b8b47a8700
Correlation ID: 54d6c941-c8b1-4730-8cd3-989e3146ea38
Timestamp: 2022-10-09 13:27:01Z

ALso, I have tried with rest API as well, and I get same error :

we have multifactor authentication enabled when we login to our azure account. So, is this error due to this?
And if yes, is there any way of bypassing it through code or MSAL library?

and what would be the best way to authenticate user in this case?

Answer 1

No, you cannot. As clearly stated in the ROPC flow documentation:

If users need to use multi-factor authentication (MFA) to log in to the application, they will be blocked instead.

The only way to bypass MFA requirements is to use legacy auth, which does not support MFA to begin with. For many of the same reasons, using the ROPC flow is highly discouraged.