The following link explain how you can disable MFA for a single user: isabling MFA for an Azure AD User
Please don't forget to accept helpful answer
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I have a small client with an on-premise domain. The domain controller has failed and there is no backup. Their workstations are domain joined. They all have Microsoft 365 business premium licenses. The Azure AD Domain is not synced or even aware of the on-premise domain. What is the least disruptive way to move the user workstation to Azure AD management without losing any of their personal files. I moved one of them by creating a local administrator account and then unjoining the workstation from the domain. Logged in as the local user. connected that user to the Azure AD. As it connected, they were prompted to create a windows hello pin but failed to do so because they had MFA enabled and they could not logon or restore the authenticator. They can complete logging in using their azure ad user account and just skip the pin. The move was successful.
two questions
The following link explain how you can disable MFA for a single user: isabling MFA for an Azure AD User
Please don't forget to accept helpful answer
Hi,
If the the on-premise domain is dead, you can disable directory synchronization , in order to be able to manage synchronized accounts in azure AD through azure portal : Disable Azure AD synchronization without losing synchronized accounts
Once the synchronization is disabled , you can go to Azure portal to fix the MFA/authicator setting on impacted user account.
Please don't forget to accept helpful answer