# User Authorized to Bypass MFA Identifies when a user is exempt from using Multi-Factor Authentication (MFA) because of the configuration/settings of a newly assigned policy. Duo users who have been assigned Bypass status or placed in a Bypass Group will also fail this check. These failures can highlight unintended consequences of a particular policy, or may indicate anomalous admin behavior if there is no legitimate reason for the change. Although there might be valid reasons for certain users to bypass MFA, these configurations should be used sparingly to minimize security risks because they make the impacted accounts much easier to compromise. Leaving Duo users in Bypass for extended periods is highly discouraged as they are never required to use additional authentication methods at log in and will skip all policies meant to govern access, including Trusted Endpoint. #### **Recommended Actions** Contact the admin who made the change to validate that this action was legitimate. Review that this change is appropriate for a given user's situation and if relevant, confirm that the admin has a plan in place to update the user accordingly as soon as possible. If there are many users failing this check, review internal operating procedures that allow for this change and consider configuring role based access within your systems to limit who can make these changes if possible. If not, consider modifying related organizational processes to prevent these events from happening regularly. #### Compatibility [Duo](/integrations/duo-security-integration.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.oort.io/understanding-check-failures/oort-insights/identity-posture-management-insights/user-authorized-to-bypass-mfa.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.