MFA with offline mode

We are looking to implement Enterprise edition plugged into Azure AD and Azure MFA for 2FA.

However, there are some use cases for the use of the desktop app for offline mode. These would be cases in which internet is not available.

How do we do Azure AD auth and MFA in these cases? Or we can’t?

Or is there some other option like Master password and local MFA option?

@L_Kentwell Welcome to the forum!

Authentication (including MFA) is for the purpose of authorizing a client app to download a local copy of the encrypted vault. The local vault cache persists until the client app is logged out. While the local vault cache is present, the client can use it in offline mode (in which case adding or modifying vault entries is disabled) or in online mode (in which case changes made to the local vault contents are automatically synced to the cloud).

All of this is to say that, no, there is no MFA mechanism involved when using the Bitwarden app in offline mode. There really wouldn’t be a point in it anyway, because if a malicious actor has access to the device, then they will have the ability to exfiltrate the encrypted local vault cache without ever opening the Bitwarden app (after which they can decrypt the data using the master password alone).