How to disable the two factor authentication from single user.

Ashwin Barfa 26

Hi,
We are using SharePoint. And we would like to disable the two factor authentication for only one or two users.
Thanks in Advance

Robin Ganderton 41 Reputation points

2022-05-12T21:40:41.397+00:00

Has any body got this to work. my MFA is off, on all users, it still requires MFA log in. Is there a fix ?

Brand New O365 user. MFA Shut off. (On all users) yet logging in, with this new user still requires MFA Setup.

suggestions ? comments ?
Heer Gupta | Otobit Private Limited 0 Reputation points

2023-04-04T06:11:57.9266667+00:00

Multi factor authentication is off for the user. The user had 2 factor using authenticator app, and now he lost the phone with that app. He can't login now
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

Accepted answer

Emily Du-MSFT 47,296 Reputation points Microsoft Vendor

2020-09-22T05:56:50.02+00:00

@Ashwin Barfa
Go to Microsoft 365 admin center -> Users -> Active users -> Select the user -> Manage multifactor authentication -> Select the user -> Disable multi-factor authentication.

If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Please sign in to rate this answer.

7 people found this answer helpful.
Ashwin Barfa 26 Reputation points

2020-09-22T14:16:44.7+00:00

Thanks @Emily Du-MSFT ,

As per your Steps we checked Multi-Factor Authentication, and It we already "Disabled".

Actually this is a guest user for which we are facing the issue.
When we are trying to access the SharePoint Site we are getting the below error.

Can you let us know How we can avoid this.

Emily Du-MSFT 47,296 Reputation points Microsoft Vendor

2020-09-24T08:30:29.347+00:00

For a guest user, due to the security consideration of sites, Microsoft does not support disabling multi-factor authentication.

If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

BleuOisou-3552 156 Reputation points

2021-05-25T13:11:19.163+00:00

Thank you for the posting ..., may please let know how to where to locate to :

Microsoft 365 admin center -> Users -> Active users ->... to disable Microsoft 365 personal installing on 3 PCs ... ?

Akhilesh yadav 5 Reputation points

2023-04-03T08:53:59.52+00:00

I tried the steps but its still asking for 2FA while logging, now what should I do?

Alp Peker 0 Reputation points

2023-04-10T16:41:19.8733333+00:00

same,

it was already disabled but still asks for two-step verification for every user.

Leisa Hodgkins 6 Reputation points

2023-05-01T12:56:15.4133333+00:00

I will just note here that I am having the same issues. It says the user is disabled for 2factor, but when you go to sign the person into the Office365 apps (E3 License) it will STILL ask for you to download an app. I also tried enabling and then disabling and still wanting 2FA

teespolyglot 31 Reputation points

2023-05-01T13:30:52.7033333+00:00

As stated in my previous comment, this will be due to security defaults being enabled. The only way to disable 2FA for one user is to disable security defaults for the organisation in Azure Active Directory > Properties, and then re-enable 2FA on all the accounts that still require it, leaving it disabled on the ones that don't .

Leisa Hodgkins 6 Reputation points

2023-05-01T14:33:35.54+00:00

Actually, I just solved my own problem. New user, didn't have MFA enabled. Ienabled it and then disabled it and is now working as it should to allow a few single user sign ons to not use MFA...

MCTR Admin 0 Reputation points

2023-06-14T16:01:34.95+00:00

Doesn't work.

Martin 0 Reputation points

2024-05-30T11:13:47.7066667+00:00

Not working. It requires toggle off Default Security Settings in Azure Center, and Azure Center is NO MORE. So for those who have default security settings by, well, default this solution is unusable. I too have MFA disabled for all users in this dialog yet all users have MFA enforced in reality.

teespolyglot 31 Reputation points

2024-05-30T11:30:29.3533333+00:00

@Martin visit https://entra.microsoft.com/ and on the Overview page, click the Properties tab, and Security Defaults is at the bottom of the page
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

12 additional answers

teespolyglot 31 Reputation points

2023-02-12T16:30:13.3133333+00:00

This is due to Security defaults being enabled for the tenant. As per Microsoft's own guidelines (here: https://learn.microsoft.com/en-us/microsoft-365/admin/security-and-compliance/set-up-multi-factor-authentication?view=o365-worldwide), administrators should turn off legacy per-user MFA and then switch on Security defaults in the Microsoft Entra admin center (here: https://entra.microsoft.com/)

It seems this overrides the settings in the legacy MFA settings, and it is not possible to disable Security defaults on a per-user basis. It would therefore seem that the only viable way to achieve what you want is to disable security defaults in Microsoft Entra admin center > Azure Active Directory > Properties > Manage security defaults, and then renable MFA for all other users in the legacy Microsoft 365 admin center Multi-factor authentication settings
Please sign in to rate this answer.

6 people found this answer helpful.
CRISTOPHER R 5 Reputation points

2023-03-28T15:12:18.0766667+00:00

Esto me funciono perfecto gracias.

Ettore Casagrande 5 Reputation points

2023-06-07T14:46:18.53+00:00

This is the correct answer. Would be nice if the option still showed up and said something like "This feature is managed by <blah>".

Capacitaciones Procap 5 Reputation points

2023-08-18T21:54:24.5866667+00:00

This is the right one.

Ralph Jansen 10 Reputation points

2024-02-09T14:26:41.2+00:00

This is the correct answer
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.
Monica Meza 30 Reputation points

2023-03-22T22:50:43.76+00:00

Our issue as a business is that 85% of the users are Teams only. And of those 85%, about 95% don't understand MFA and are ALSO being asked to download an app that they don't understand.

The main reason is that the team is mostly technologically illiterate and the only time in their lives that they really use tech beyond visiting a website on their phone is to use Teams for communications.

So, right now, about 80% of our team is unreachable and turning of MFA has been an absolute nightmare.
Please sign in to rate this answer.

6 people found this answer helpful.
Eric Leung 0 Reputation points

2023-03-30T03:40:57.9633333+00:00

There are lots of alternatives to enhance security. MS should at least check and learn from Facebook. At least for giving a option to select. Now that the option is USE it or GO OUT.

Martin Barker 0 Reputation points

2023-07-06T18:54:44.9333333+00:00

So some of this is really bad it does not matter how little the understand you need to teach them Cyber Security is a massive thing and just letting people get away with not securing it is not an options, MS authentication also support YubiKey and such so they just have to plug a USB in to complete authentication instead.
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.
George Chrysovalantis Grammatikos 521 Reputation points MVP

2022-09-16T18:27:15.063+00:00
Hi @Jan Erik Bolz ,

It is important to know that MFA is not recommended to be disabled on user accounts.
In response to your query, you can disable MFA by following the below PowerShell code:

Connect-MsolService

Get the StrongAuthenticationRequirement configured to the user account

(Get-MsolUser -UserPrincipalName account@keyman .com).Strong

Remove StrongAuthenticationRequirements from the user account

$mfa = @()
Set-MsolUser -UserPrincipalName account@keyman .com -StrongAuthenticationRequirements $mfa

Verify MFA has been removed

(Get-MsolUser -UserPrincipalName account@keyman .com).StrongAuthenticationRequirements

$User = Get-MSolUser -UserPrincipalName account@keyman .com
$User.StrongAuthenticationMethods

And you can also try to do this through the Azure Portal and account portal:

https://portal.azure.com/
https://account.activedirectory.windowsazure.com/

I would also suggest to Revoke multifactor authentication sessions and Revoke sessions for the user account.

If the answer is helpful, please click "Accept Answer" and kindly upvote it.
Please sign in to rate this answer.

5 people found this answer helpful.
William Srimuang 0 Reputation points

2024-07-23T13:56:10.1233333+00:00

THANK YOU!!!
6 months of searching to find a one-line answer...

Of course none of the GUI methods worked in any of the various "obsolete" nor new (entra) portals that come up randomly during explorations to find this setting...
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.
Vasil Michev 107.4K Reputation points MVP

2020-09-21T16:14:57.46+00:00

Well, how are you enforcing two-factor authentication for your users?
Please sign in to rate this answer.

4 people found this answer helpful.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

How to disable the two factor authentication from single user.

12 additional answers

Your answer