Microsoft Preferred Settings
In order for the technical team at Quandri to setup MFA, some requirements are needed within your Microsoft settings. The bot can only authenticate through a one-time passcode. The bot is unable to verify via phone or email.
Once the instructions below are followed by your IT team, the bot can be configured with MFA. This does require a code change from our technical team and may take several days to configure. Please give us as much notice as possible, along with a window of time to test out the new configuration.
First, a Microsoft group needs to be created with the bots added to it. This group then can be excluded from the Microsoft Authenticator Registration Campaign:
Microsoft article - How to run a registration campaign to set up Microsoft Authenticator - Microsoft Entra ID | Microsoft Learn
- Sign in to the Microsoft Entra admin center as Authentication Policy Administrator or Global Administrator.
- Browse to Protection > Authentication methods > Registration campaign and click Edit.
Exclude the bot group from the Microsoft authenticator and then enable the “Third-Party software OATH tokens” for the Bot group:
Microsoft article - Manage authentication methods - Microsoft Entra ID | Microsoft Learn
To manage the Authentication methods policy, sign in to the Microsoft Entra admin center as at least an Authentication Policy Administrator and browse to Protection > Authentication methods > Policies.
Can’t resolve your issues via our Knowledge Hub? Email us at support@quandri.io with your query.