web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Welcome to the Power Platform Communities
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Automate / What's the impact if w...
Power Automate
Suggested Answer

What's the impact if we turn on 2fa on an account used in flows.

(3) ShareShare
ReportReport
Posted on by muhammadhassan 8
Microsoft is enforcing us to enable 2 factor authentication on tenant level. What's the impact if we turn on 2fa on an account used in flows. Will the current connection fail? If it fails, how can we resolve and make sure it works fine in future.
email image.png
Categories:
Using flows
I have the same question (0)
  • Suggested answer
    trice602 Profile Picture
    trice602 16,055 Super User 2026 Season 1 on at
    Hi,
     
    For your service account that is running unattended flows, you will want to apply for your organizations except policy described in the email.  That's because when you run unattended desktop flows, you can't use MFA.  These exceptions are typically always approved by I/T in my experiences.
     
    If you are using CyberArk you may also investigate that process which may help with your MFA policies.
     
    ------------------------------------------------


    If this was helpful, please like and/or mark as a verified answer to help others find this too!


    Always glad to help! 💯💯💯💯💯

    Tom 

    Follow me on LinkedIn - Thomas Rice, PMP | LinkedIn

     

     
  • muhammadhassan Profile Picture
    muhammadhassan 8 on at
    I'm talking about cloud flow not desktop flow.
  • David_MA Profile Picture
    David_MA 14,090 Super User 2026 Season 1 on at
    I would suspect that enabling Multi-Factor Authentication (MFA) on an account that has workflows in Power Automate would potentially disrupt the connection references. When MFA is enabled, it may require re-authentication for the connections used in your workflows, which could cause them to fail until the connections are updated to comply with the new authentication requirements.
  • trice602 Profile Picture
    trice602 16,055 Super User 2026 Season 1 on at
    Hey there!
     
    I am following up on this post what's the impact if we turn on 2fa on an account used in flows. in this category using flows from 08/19/2024.  I know the post is a little older, but it is a common question here so wanted to take a moment and follow-up. I see there have been 3 replies and 3 likes and asking if your question has been answered.  If so, please help the community out by completing one or more of the following actions!  Thanks in advance!
     
    Easy as 1-2-3 ‼️💯⭐😎🆒🙏
     
    1) Mark a reply as a verified answer - this is essential, and it helps others with the same general question find this thread. ✅
    2) You can also mark one of more replies as a verified answer.  Please take a moment and give the author credit for volunteering their time. ✌️
    3) Like one or more replies.  Kudos always greatly appreciated! 👍
     
    Pro tip:  if you found your own solution or workaround, feel free to add a reply to your own post and mark it as the solution too!  The goal is to get this thread marked with a verified answer by anyone that finds one or more replies helpful!
     
    Again, thanks in advance for reading and responding, always glad to help!  Tom 💯💯💯💯💯
  • trice602 Profile Picture
    trice602 16,055 Super User 2026 Season 1 on at
    If I can help with anything else please let me know or tag me in a future post, I enjoy reading and answering questions.  Always glad to help!  Tom 💯💯💯💯💯
  • Brice235i Profile Picture
    Brice235i 651 on at
    This is a significant issue. In our organisation, the security token timeout is set to 90 days. We have thousands of flows with service accounts connected to Azure Portal indirect touchpoints, such as Entra, Azure Key Vault, and anything involving Graph. Every 90 days, the person whose mobile phone is associated with a particular service account will need to refresh the connections. This poses a substantial risk to operations if the service account token is not refreshed in time. Although Microsoft recommends using Service Principals, not all connectors support it, such as SharePoint and Outlook. We are looking at extending security token lifetimes to try to reduce the impact. 
  • Suggested answer
    CU06080751-0 Profile Picture
    CU06080751-0 Microsoft Employee on at

    Short answer: enabling MFA at tenant level will not automatically break your Power Automate flows.

    A few important points to clarify.

    First, Microsoft’s MFA enforcement has a defined scope. It is not applied universally to all connectors or actions. The current enforcement mainly targets Microsoft Entra ID and certain Azure-related scenarios, especially where elevated privileges are involved. In those specific cases, you might see impact if the flow relies on non-interactive authentication patterns.

    However, for most common Power Automate scenarios (SharePoint, Outlook, standard business connectors), this enforcement does not generally introduce disruption.

    Second, MFA is enforced at sign-in time, not per flow run.

    That means MFA is required when:

    • Creating a new connection

    • Reauthenticating an existing connection

    It is not required for every action execution.

    So if you turn on MFA for an account that is already used in flows:

    • Existing connections will continue to work as long as the token remains valid.
    • If the connection needs to be reauthenticated (password reset, policy change, token expiry), you’ll need to sign in once and complete MFA.
    After that, the connection works normally again, it does not prompt for MFA on every run.

    From a design perspective, many connectors now support service principal-owned flows, which is the preferred long-term approach because it removes dependency on a shared user account:

    https://learn.microsoft.com/power-automate/service-principal-support

    Connector support varies, so this depends on what you’re using.

    For connectors that don’t support service principals, using a licensed user account is still supported. With MFA enabled, you just authenticate once during connection setup or reauthentication. It should not require repeated refreshes per action.

     

    One additional point that often gets overlooked: good connection and connection reference hygiene makes a big difference.

    If you:

    • Use solutions
    • Use connection references and limit the amount of connections
    • Avoid embedding separate connections per flow

    Then if a connection ever breaks, you fix it once and all dependent flows recover automatically. That dramatically reduces operational risk.

    Microsoft also provides guidance around shared accounts and associated risks:

    Overall, MFA enforcement can impact certain Entra ID or Azure scenarios, but for the majority of Power Automate use cases, it should not cause broad failures.

  • SS-16030742-0 Profile Picture
    SS-16030742-0 2 on at
    If I setup a connection with owner being the service account (that has MFA enabled), i won't need to do the MFA on every run? Only once during the setup, MFA is required and later the flow and connection will work until the token expires. Correct me if I'm missing out on something. 
    Also what is the time taken for the expiry of the token?

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Users!

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Congratulations to the March Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Automate

#1
Haque Profile Picture

Haque 594

#2
Valantis Profile Picture

Valantis 328

#3
David_MA Profile Picture

David_MA 281 Super User 2026 Season 1

Last 30 days Overall leaderboard

Featured topics

Share your ideas and struggles with building Power Automate flows!
Survey: Power Automate mobile app
How to Ask for Help with Your Power Automate Workflow
Flows are not visible for users who sign in with their personal accounts
Start and wait for an approval action
Restore a deleted flow
List of actions cheat sheet for Power Automate Desktop
Question for everyone : How are you using Create Text GPT in AI Builder?
Welcome to the Power Automate forum!

Product updates

Microsoft Power Platform Community release plans