Bypass MFA On Password Change

Chris Smith 0 Reputation points
2023-11-03T15:13:33.46+00:00

I've configured MFA for my environment by manually enforcing it at the user level and via Conditional Access. I've also added the IP range to exclude MFA for my campus, which is working. However, users are still getting prompted for MFA when they change their passwords. The issue is in our environment, users are not allowed to have cell phones while working, so they can't use MFA. We also require password changes every 90 days. Is there any way to not get prompted for MFA on a password change without disabling it completely?

Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
7,077 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Andy David - MVP 149.1K Reputation points MVP
    2023-11-03T15:28:29.51+00:00

    SSPR requires some sort of authentication method. It could be password and phone. though not recommended not to use true MFA:

    https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-methods

    https://learn.microsoft.com/en-us/entra/identity/authentication/howto-sspr-deployment

    User's image

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.