How to disable the two factor authentication from single user.

Question

Hi,
We are using SharePoint. And we would like to disable the two factor authentication for only one or two users.
Thanks in Advance

Answer 1

@Ashwin Barfa
Go to Microsoft 365 admin center -> Users -> Active users -> Select the user -> Manage multifactor authentication -> Select the user -> Disable multi-factor authentication.

---

If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

For those who are still being requested MFA even after turning it off from the Admin center, this is the solution:

1. Ask your organization Global Admin to go to https://portal.azure.com/
2. Search and go to: Users
3. Click on the User with the MFA issue
4. On the User page, click Authentication methods > Require re-register multifactor authentication

]1

Answer 3

In my experience, the complete answer to this simple question is anything but straightforward. The exact process depends on a host of various factors in your environment, including what policies in place, admin permissions of the user executing the steps, additional Azure subscriptions, whether this is for an internal or external (guest) user, whether this is for a new user or an existing user, (if it an existing user) whether MFA has already been configured on the account, and much more.

The number of variables involved is probably why it is so hard to find a clear AND accurate answer to this seemingly-simple question that works for everyone.

With that said, for smaller organizations using Microsoft 365 Basic or Premium licenses who are trying to disable MFA for a user that has already registered for it, I think this GUI-only, non-PowerShell process might answer the question:

1. Disable Security Defaults for the organization. (If this is enabled, it acts as an “override all” and gives no flexibility to disable individual users, regardless of what you seem to see elsewhere in the admin environment.)
   1. https://portal.azure.com/#blade/Microsoft_AAD_ConditionalAccess/SecurityDefaults
   2. Alternatively, scroll to the bottom of this page and click the “Manage security defaults” link: https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/Properties
2. Ensure that MFA is disabled for the user in question. 
   1. https://account.activedirectory.windowsazure.com/UserManagement/MultifactorVerification.aspx?BrandContextID=O365
   2. Optionally, ensure that MFA is enabled or enforced for all other users. (HIGHLY recommended!)
3. Revoke previous MFA configurations on the user.
   1. https://entra.microsoft.com/#view/Microsoft_AAD_UsersAndTenants/UserManagementMenuBlade/~/AllUsers/menuId/
   2. Select the user from the list
   3. In the “Manage” section of the left menu for the user, select “Authentication methods”
   4. From the toolbar above the resulting pane, click “Revoke multifactor authentication sessions”. You may need to click the ellipsis (three dots) on the toolbar to view that choice.

Again, there are myriads of places to invoke policies and set other MFA-related settings, so this process will definitely not work for everyone's environment, but hopefully it provides some more clarity to someone.

Answer 4

I have the same issue: Despite the MFA is deactivaed in Admin Center for a specific user, when loggin into OWA with the same user, there is still a 2nd factor neccessary.

How to disable that? Thanks for help!

Answer 5

Hi I have a user and in the settings its displayed that the 2FA is disabled but when im trying to sign in its still requesting.
Please help.