![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 26%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPK%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
Hi @Pramuk, K.C. (SGRE COG DVL SW) · Thank you for reaching out.
When MFA is enabled for a user account, you are required to prove:
- Who you are (using username/password) - Can be automated
- What you own (Mobile/AuthenticatorApp/Haredware token) - Can NOT be automated as it requires manual input.
If you are looking for automating the authentication without disabling MFA for the account, you can:
- Exclude public IP address/Subnet that represents the computer(s) where you want to automate authentication for this accout.
- Use Azure AD Joined/Hybrid Joined/Registered devices, where you need to perform MFA once and MFA information will get stored in PRT, user won't be prompted for MFA afterwards.
If you are using this account for script automation:
- Use application context by using client_credentials flow for authentication.
- Or if you are running the script on Azure VM, consider using Managed Identity for authentication.
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 61%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)