How do I bypass MFA for the email parser user?
OAuth 2.0 does not work with MFA when the application type is a background service with no manual interaction. MFA is built for manual user interaction to provide MFA code and authenticate.
For the users who are concerned about bypassing the MFA for the email parser user, they can simply do it by IP Address. Only requests coming from the BMS servers with OAuth token requests can bypass MFA, and this will remove the concerns. This can be done as follows:
- Log into Microsoft admin portal (https://admin.microsoft.com/adminportal/home/).
- Click Users > Active Users.
- Next, click Multi-Factor Authentication.
- Select the user whose MFA is enabled and then click service settings. You will be taken to a different page.
- Under Trusted IPs, click in the text box and type the IP address or range of addresses that you want to exclude from MFA based on the BMS server used.
- US BMS (bms.kaseya.com) IP Address: 220.127.116.11/32
- UK BMS (bmsemea.kaseya.com) IP Address: 18.104.22.168 and 22.214.171.124
- APAC BMS (bmsapac.kaseya.com) IP Address: 126.96.36.199/32
- Vorex ( vorexlogin.com ) Server IP Address: 188.8.131.52/32
- This way you will be able to set up the email parser for the O365 account which is enabled with the MFA.
- Click Save.