The benefits of MFA (Multi-Factor Authentication) are pretty obvious and this should be enabled everywhere and every time.

However, as an admin, you sometimes have to log in as a user to troubleshoot certain issues, and in those cases, if the user is not around, MFA can be causing certain issues.

Often recommended way to temporarily disable MFA / Second Factor Authentication for a single user is to use Condition Access (Microsoft Entra Admin Centre > Protection > Conditional Access). Unfortunately, this requires a Microsoft Entra Premium license and not all organisations have this.

Another way to temporarily bypass MFA is to use the Temporary Acces Pass:

• First of all, make sure that Temporary Access Pass authentication method is enabled for all (or relevant) users in Microsoft Entra Admin Centre > Identity > Protection > Authentication Methods.
  
• Navigate to Microsoft Entra Admin Centre > Identity > Users > All Users > [User Name] > Authentication Methods > Add authentication method > Temporary Access Pass > Add.
  This will generate a temporary access password.
  
• Go to www.office.com and try to log in as the end user. You will be prompted to enter the Temporary Access Pass.
  

 

October 2023
Microsoft Office 365
Exchange Online