nmiller61
asked on
Can you disable Microsoft Azure Multi Factor Authentication for a specific URL?
Our company is using Microsoft Azure for our employees. We have a web application that uses Azure to authenticate our users. Just recently Multi Factor Authentication was enabled through Azure for our users. As a result this makes the users have to put in a password and then get a text message or phone call to authenticate them for this web application. My question, is there a way to exclude Multi Factor Authentication for a specific url?
If it is intranet, the Trusted IPs feature of Azure Multi-Factor Authentication is used by administrators of a managed or federated tenant. The feature bypasses two-step verification for users who sign in from the company intranet.
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings#trusted-ips
The remember Multi-Factor Authentication feature for devices and browsers that are trusted by the user is a free feature for all Multi-Factor Authentication users. Users can bypass subsequent verifications for a specified number of days, after they've successfully signed-in to a device by using Multi-Factor Authentication. The feature enhances usability by minimizing the number of times a user has to perform two-step verification on the same device.
After you enable the remember Multi-Factor Authentication feature, users can mark a device as trusted when they sign in by selecting Don't ask again.
Important to note - If an account or device is compromised, remembering Multi-Factor Authentication for trusted devices can affect security. If a corporate account becomes compromised or a trusted device is lost or stolen, you should restore Multi-Factor Authentication on all devices.
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings#trusted-ips
The remember Multi-Factor Authentication feature for devices and browsers that are trusted by the user is a free feature for all Multi-Factor Authentication users. Users can bypass subsequent verifications for a specified number of days, after they've successfully signed-in to a device by using Multi-Factor Authentication. The feature enhances usability by minimizing the number of times a user has to perform two-step verification on the same device.
After you enable the remember Multi-Factor Authentication feature, users can mark a device as trusted when they sign in by selecting Don't ask again.
Important to note - If an account or device is compromised, remembering Multi-Factor Authentication for trusted devices can affect security. If a corporate account becomes compromised or a trusted device is lost or stolen, you should restore Multi-Factor Authentication on all devices.
Like already mentioned by LearnCTX, a conditional access policy. However, I think you should be reviewing whether you want to truly exclude that application from MFA. Think of the reason you want to do so, but also think of the ramifications and risks (btan touches very well on this point).
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/app-based-mfa
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/plan-conditional-access