I have a question which I haven't been able to find an answer for. Hopefully someone can point me in the right direction…
We use the Microsoft Remote Desktop Gateway to provide remote workers with RDP access to our servers. The Remote Desktop Gateway is configured to use the Azure NPS Extension which forces users to provide a second factor of authentication. Users are enrolled in Azure MFA which is used to provide the second factor of authentication.
I’m interested to know if there exists a one-time Bypass option for Azure MFA? On first look, in Azure I can see there appears to be exactly this https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings#one-time-bypass …but I believe this is limited to Azure MFA Server and not Azure cloud.
Thins link is to an old article but reinforces what I’ve found: https://social.msdn.microsoft.com/Forums/azure/en-US/c26d093b-8260-4219-83b6-2d986857f286/onetime-bypass-feature-mfa-on-cloud?forum=windowsazureactiveauthentication
My user story is…
A remote worker is enrolled in Azure MFA and uses the Microsoft authenticator app to authenticate RDP connections to the Remote Desktop Gateway.
The remote worker misplaces their mobile device, and therefore cannot provide the second factor to authenticate.
The remote worker cannot connect.
The remote worker requires immediate access.
On other remove access solutions that I have used there has been the option to provide a one time logon method which bypasses the second factor. Can this be done?
Thanks in advance!