How do I bypass a user form using 2-factor auth when using the Azure AD MFA plugin for Microsoft NPS?

Martin, Bryan C 0 Reputation points
2023-03-02T22:08:53.3033333+00:00

Hello,

I'm using the Azure AD Multi Factor plugin for Microsoft NPS, and I cannot get one of my service accounts to log in. It cannot use two-factor and is a service account for our network monitoring software. I set the registry key at HKLM\SOFTWARE\Microsoft\AzureMfa: REQUIRE_USER_MATCH to FALSE. According to the documents, this should allow non-MFA accounts to be able to log in.

This is in the AuthZ logs:
NPS Extension for Azure MFA: CID: 569d38db-2c65-45db-9097-edf39fcb4e64 : Access Rejected for user xxxx with Azure MFA response: InvalidParameter and message: BadRequest. [InvalidTenantWithDomain:],,,2107a615-fa24-4664-b37b-6154859aaa7a

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. JimmySalian-2011 42,496 Reputation points
    2023-03-02T23:04:55.4+00:00

    The best approach I have implemented is Microsoft's way of excluding the users via a Group using Conditional Access policy and you can follow the steps - https://learn.microsoft.com/en-us/azure/active-directory/governance/conditional-access-exclusion

    Hope this helps.

    JS

    ==

    Please accept as answer and do a Thumbs-up to upvote this response if you are satisfied with the community help. Your upvote will be beneficial for the community users facing similar issues.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.