diff --git a/backend/app/dependencies/auth.py b/backend/app/dependencies/auth.py
index b88ec38..9bb8ac9 100644
--- a/backend/app/dependencies/auth.py
+++ b/backend/app/dependencies/auth.py
@@ -6,6 +6,7 @@ Provides dependency functions for securing REST endpoints with Azure AD token ve
 from typing import Optional
 from fastapi import Header, HTTPException, status
 
+from app.config import settings
 from app.services.auth_service import verify_access_token
 
 
@@ -27,6 +28,10 @@ async def get_current_user(authorization: Optional[str] = Header(None)) -> dict:
     Raises:
         HTTPException: 401 if token is missing or invalid
     """
+    # If auth is disabled, return mock user immediately
+    if settings.DISABLE_AUTH:
+        return {"sub": "dev-user", "name": "Development User", "preferred_username": "dev@localhost"}
+
     if not authorization:
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED,