The following forum(s) are migrating to a new home on Microsoft Q&A (Preview): Azure Multi-Factor Authentication!

Ask new questions on Microsoft Q&A (Preview).
Interact with existing posts until December 13, 2019, after which content will be closed to all new and existing posts.

Learn More

 none
Bypass MFA authentication skip this step button not appearing RRS feed

  • Question

  • I have 2 service accounts where when I logged into owa, the first account would get an option to register for the MFA but at the bottom "Skip this setup" option would come up where as
    for the second account when logged in the "Skip this Setup " option wouldn't come up.

    Can anybody point out why is this happening as both the accounts are same.
    Thanks,
    Ravi

    Friday, October 18, 2019 12:12 PM

All replies

  • Even if MFA is enabled for user account, there is a Grace period in days for the user to complete the setup.

    The users can choose to skip the MFA setup and they will be able to login normally, until the grace period runs out. Post grace period, the user will be forced to setup MFA and then only they will be able to login to the services.

    Some blogs and articles refer to a 3 days grace period.

    I could find this article which talks about a 14 days grace period when a policy is set:

    Administrators can set a policy that requires users to set up their accounts for additional security verification. This policy allows users to skip multi-factor authentication registration for up to 14 days. The 14-day grace period is not configurable.

    Ref: https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/flows#multi-factor-authentication-registration

    This behavior is confirmed to be due to the Grace Period. But the duration of this grace period is something you can try out with couple of test accounts and confirm. 

    Hope this helps.

    • Proposed as answer by Ben.Paul Saturday, October 19, 2019 8:55 AM
    Saturday, October 19, 2019 8:54 AM
  • Thanks Ben,

    What i am trying to achieve is the skip step button should appear so it can be skipped

    we have certain set of service accounts (example : 10 accounts), we have created a Security group and added all the 10 accounts to it, for this security group we need to exempt them from MFA request.
    Skip step is the option i am looking for to get it back for all 10 accounts or for a security group .

    Please find the details below :

    Tuesday, October 22, 2019 8:31 AM