Share via

How to log in as the user in Microsoft 365

Anonymous
2024-05-21T18:25:22+00:00

Hi all. Security Defaults are being enforced by Microsoft for an organization I manage, but in the past we've had it that we have exceptionally complex and long passwords, so felt good about security on that level. The reason being, my admin team and I need to sometimes log in as the user, be it on the computer itself, or maybe to their webmail if we're monitoring something such as suspicious BEC attempts and such. It's a real pain to coordinate 2FA with device codes etc., particularly if we're working afterhours or in situations where the employee leaves the company and nobody told the IT team (haha, yes, it still happens!). I understand as the Global Admin I can go in after and change up the 2FA to re-register the previous phone, but the point is, I'm just wondering if there is way to use 2FA but have the 2nd auth type be one I have access to, and one the user has access to.

Like can we each add 2FA for the account to our own MS Auth app for example. Or perhaps when I am trying to log in, I'll use a secondary email address, but if the user logs in, they can choose to use their app.

Thank you!

Microsoft 365 and Office | Subscription, account, billing | For business | Other

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-05-21T20:58:37+00:00

    Dear Colin - Valley IT,

    Good day! Thank you for posting to Microsoft Community.

    Typically, to log in as a user in Microsoft 365, you will need to have the user's login credentials. If Security Defaults are being enforced, then the user will need to use two-factor authentication (2FA) to log in and user must cooperate with you to have access for the mailbox. However, as a Global Admin, you can assign a full access delegate permission to your account from the admin center which doesn't require you to use user's credential and two-factor authentication (2FA) to access their mailboxes. This permission will allow you owner level access, so that you can easily open the mailboxes without needing the user’s password or MFA token. To do this, kindly go to Exchange admin center (https://admin.exchange.microsoft.com/) --> Recipient -->Mailboxes --> Select the user account you want to open or access -->Delegation -->under Read and mange (Full access) option, click on Edit -->Add members -->Select your account -->Confirm. You can refer to the screenshot. Also refer to Manage permissions for recipients in Exchange Online | Microsoft Learn

    Once you have assigned Full access delegation to your account, kindly Sign in to your account -->click on your profile picture -->Click Open another mailbox -->Type the email address of the other mailbox that you want to open, and then click Open. Then, it will open in a separate window, allowing access to the other mailbox.

    This will allow you to access as owner without having the credential or 2FA of the user account.

    I hope this will help. If you have other questions or I have got you wrong, please feel free to let me know.

    Thank you for your precious time. Have a nice day.

    Sincerely,

    Libeamlak | Microsoft Community Moderator

    1 person found this answer helpful.
    0 comments