Disable MFA through mobile phones

Artur Miranda 1 Reputation point
2022-09-15T09:58:32.653+00:00

We don't use personal phones for company use. We don't assign mobile phones. We don't want to use this MFA. How to disable it, users can't login to teams without it?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,790 questions
{count} votes

3 answers

Sort by: Most helpful
  1. Vukasin Terzic 351 Reputation points MVP
    2022-09-15T10:47:13.22+00:00

    Hello,

    If I understand correctly, your users don't have company-owned phones, and you can't force them to use their personal phones for MFA verification. Is this correct?

    In that case, there is no supported way to use MFA without a cell phone. The future that is currently in the preview is to use an OATH hardware token instead of a cell phone method. You can read more about that here:

    https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-oath-tokens#oath-hardware-tokens-preview

    If you don't want to consider using OATH tokens then you can disable MFA by going to Azure AD -> Users - Multi-Factor Authentication and setting MFA to disabled. You will also need to check Conditional Access Policies and Security Defaults (https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults) just to make sure that MFA is not required.

    MFA will still be required for Admin users and they will need to use a cell phone with an Authenticator App, or to receive atext message or a call.

    Please let me know if this answered your question or if you have more questions. If this helped please make this reply a Selected Answer.

    Thank you,

    Vukasin

    0 comments No comments

  2. Artur Miranda 1 Reputation point
    2022-09-15T10:53:09.913+00:00

    Create a new AD Securiity Policy, disable Security Default ad the enable the new without MFA
    Dashboard-> enterprise Applications -> Conditional Access

    0 comments No comments

  3. Sandeep G-MSFT 19,106 Reputation points Microsoft Employee
    2022-10-03T05:07:45.493+00:00

    @Artur Miranda

    Thank you for posting you question in Microsoft Q&A.

    To disable MFA you will have to first check how is MFA enabled for users.
    MFA can be enabled in multiple ways.

    1. Per user MFA: MFA is enabled directly on the user level. Azure triggers MFA for users while accessing any of the Azure resources/services.
      You can refer below article to know more about per user MFA,
      https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates
      1. Conditional access policies: With this option MFA is configured for users with specific conditions defined in the policy. To disable this, you can either disable entire CA policy or you have to change the grant control in CA policy to some other option

    246864-image.png

    1. Security defaults: MFA can also be triggered for users if security defaults is enabled on tenant level.
      To know more about security default and to disable security defaults you can refer below article,
      https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.