powershell connect to azureAD and MSonline automatically and bypassing MFA


in our organisation MFA is enabled on all the accounts.
is there a way that you can logon automatically to AzureAD and msonline without disabling the MFA for the admin account or creating a service account where the MFA option is disabled


Your question says, "Is there a way to not disable MFA on the admin account or to not disable MFA on a service account. I think you were trying to ask is there a way to create a service account that MFA would not be needed. The answer to that question is:

az ad sp create-for-rbac --name="{SOMENAMEHERE}" --role="Contributor" --scopes="/subscriptions/{YOUR SUBSCRIPTION ID HERE}" --years=2 

You have to capture the output of this command to because it is the only time you will see the secret.



Let me know if this helps.

sorry that I was not clear in my question
I use my admin account with MFA enabled (at this point no way to get around this)
since I’m automating tasks like off and onboarding it would really help if there is a way to logon without having to go through the complete identification process including MFA. especially because I need to logon to azureAD and Msonline




Yes, the answer is to create a service principle account in Azure AD.

The command above is one way to do that, you can also google how to do it in PowerShell.

Or you can do it through the portal.