The benefits of MFA (Multi-Factor Authentication) are pretty obvious and this should be enabled everywhere and every time.
However, as an admin, you quite often have to log in as a user in order to troubleshoot yet another issue, and in those cases, MFA can be a right pain in the backside...
Often recommended way to temporarily disable MFA / Second Factor Authentication for a single user is to use Condition Access (Microsoft Entra Admin Centre > Protection > Conditional Access). Unfortunately, this requires a Microsoft Entra Premium license and not all organisations have this.
Another way to temporarily bypass MFA is to use the Temporary Acces Pass:
- First of all, make sure that Temporary Access Pass authentication method is enabled for all (or relevant) users in Microsoft Entra Admin Centre > Identity > Protection > Authentication Methods.
- Navigate to Microsoft Entra Admin Centre > Identity > Users > All Users > [User Name] > Authentication Methods > Add authentication method > Temporary Access Pass > Add.
This will generate a temporary access password.
- Go to www.office.com and try to log in as the end user. You will be prompted to enter the Temporary Access Pass.
Microsoft Office 365