MFA User cannot access Mobile Phone e.g. lost phone (work around)

One-time bypass  is the solution:


The one-time bypass feature allows a user to authenticate a single time without performing two-step verification. The bypass is temporary and expires after a specified number of seconds.

In situations where the mobile app or phone is not receiving a notification or phone call, you can allow a one-time bypass so the user can access the desired resource.

Create a one-time bypass

Sign in to the Azure portal as an administrator.
https://portal.azure.com

Browse to Azure Active Directory > MFA Server > One-time bypass.
Select Add.
If necessary, select the replication group for the bypass.
Enter the username as username@domain.com.
Enter the number of seconds that the bypass should last.
Enter the reason for the bypass.
Select Add.

The time limit goes into effect immediately.
The user needs to sign in before the one-time bypass expires.

View the one-time bypass reportSign in to the Azure portal.
Browse to Active Directory > MFA Server > One-time bypass.


IMPORTANT NOTE:
Always use the MFA Phone Auth APP and make sure your have configured a secondary phone number.


Comments

Popular posts from this blog

Skype for Business, Lync and Exchange Web Services (EWS) and different DNS Domains- Exchange crawling e.g. for presence

Lync 2013 Client, Desktop Sharing shows blank screen (Windows 7, Windows 8, Windows 8.1)

File Share Perfomance for Skype for Business (slow conference join, slow address book)