Share via

How to disable the two factor authentication from single user.

Ashwin Barfa 26 Reputation points
2020-09-21T15:08:20.723+00:00

Hi,
We are using SharePoint. And we would like to disable the two factor authentication for only one or two users.
Thanks in Advance

Microsoft Office Online Server
Microsoft Office Online Server
Microsoft on-premises server product that runs Office Online. Previously known as Office Web Apps Server.
647 questions
SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
10,810 questions
Accepted answer
  1. Emily Du-MSFT 47,296 Reputation points Microsoft Vendor
    2020-09-22T05:56:50.02+00:00

    @Ashwin Barfa
    Go to Microsoft 365 admin center -> Users -> Active users -> Select the user -> Manage multifactor authentication -> Select the user -> Disable multi-factor authentication.
    26343-1.png
    26365-2.png

    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    7 people found this answer helpful.

12 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ibrahim Butt 6 Reputation points
    2022-10-14T03:27:02.043+00:00

    Login issue to Office 365 due to Microsoft Authenticator App reset after formatting mobile data

    I formatted my mobile phone data due to rom issues and forgot to take a backup of Microsoft Authenticator app data.

    I have a Developer E5 Office 365 subscription on my personal Microsoft account. I created a single admin user for the developer subscription and turned on MFA for passwordless signings.

    Now every time I open any Microsoft URL with the developer subscription admin login it keeps redirecting to the MFA login.

    I can't even access the admin center page to turn off MFA. Seems like I am stuck in an MFA login loop.

    Can anyone please help?
    @Emily Du-MSFT

    0 comments
  2. KickstandsandKeyboardsOnyoutube 0 Reputation points
    2023-03-13T15:02:22.1133333+00:00

    I might post a video on how to do this. But basically Mohammed's method is the correct one.

  3. Abdul Raheman Shaikh 0 Reputation points
    2023-05-04T10:21:15.4833333+00:00

    You can achieve it via a conditional access policy for single user.

    0 comments
  4. Ben Gibson 20 Reputation points
    2024-05-02T20:24:49.3833333+00:00

    In my experience, the complete answer to this simple question is anything but straightforward. The exact process depends on a host of various factors in your environment, including what policies in place, admin permissions of the user executing the steps, additional Azure subscriptions, whether this is for an internal or external (guest) user, whether this is for a new user or an existing user, (if it an existing user) whether MFA has already been configured on the account, and much more.

    The number of variables involved is probably why it is so hard to find a clear AND accurate answer to this seemingly-simple question that works for everyone.

    With that said, for smaller organizations using Microsoft 365 Basic or Premium licenses who are trying to disable MFA for a user that has already registered for it, I think this GUI-only, non-PowerShell process might answer the question:

    1. Disable Security Defaults for the organization. (If this is enabled, it acts as an “override all” and gives no flexibility to disable individual users, regardless of what you seem to see elsewhere in the admin environment.)
      1. https://portal.azure.com/#blade/Microsoft_AAD_ConditionalAccess/SecurityDefaults
      2. Alternatively, scroll to the bottom of this page and click the “Manage security defaults” link: https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/Properties
    2. Ensure that MFA is disabled for the user in question. 
      1. https://account.activedirectory.windowsazure.com/UserManagement/MultifactorVerification.aspx?BrandContextID=O365
      2. Optionally, ensure that MFA is enabled or enforced for all other users. (HIGHLY recommended!)
    3. Revoke previous MFA configurations on the user.
      1. https://entra.microsoft.com/#view/Microsoft_AAD_UsersAndTenants/UserManagementMenuBlade/~/AllUsers/menuId/
      2. Select the user from the list
      3. In the “Manage” section of the left menu for the user, select “Authentication methods”
      4. From the toolbar above the resulting pane, click “Revoke multifactor authentication sessions”. You may need to click the ellipsis (three dots) on the toolbar to view that choice.

    Again, there are myriads of places to invoke policies and set other MFA-related settings, so this process will definitely not work for everyone's environment, but hopefully it provides some more clarity to someone.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.