Entra ID Identity protection MFA is grayed out

BOVAY Louis 35 Reputation points
2023-10-16T08:05:19.54+00:00

Hey, we would like to disable MFA registration for our users but the option is grayed out.

Microsoft Entra > Protection > Identity Protection > Registration Policies for MFA :

User's image

This are roles of my user :

User's image

User's image

What else can I do ?

Why would I disable MFA : It's a great option that everyone should have but real people aren't "ready" to be force to have to download an app on their personal phone. And it's not my job to fight for that.

Microsoft Intune Security
Microsoft Intune Security
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
443 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Fabio Andrade 1,665 Reputation points Microsoft Employee
    2023-10-16T18:55:33.0433333+00:00

    Hi @BOVAY Louis ,

    Thanks for reaching out to Microsoft Q&A.

    We first need to understand why and how your users are being prompted for MFA. The screenshot you provided has the configuration for Identity Protection only, which is basically a feature that will request your users to MFA in case their accounts are at risk.

    In order to check how MFA is being triggered, we need to understand how MFA is enabled on the Entra ID tenant which usually occurs in 3 ways:

    1 - Security Defaults. This is a feature that Microsoft started to enabled by default to Entra ID tenants that do not have either P1 licenses or a Conditional Access policy configured. You can check and disable Security Defaults using these steps: https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/security-defaults#enabling-security-defaults

    2 - Per User MFA. You can see the user MFA status by using the instructions in this document. You can disable it if it's being enforced that way https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates#view-the-status-for-a-user

    3 - Using Conditional Access Policies. Check Conditional Access Policies via Microsoft Entra ID / Security / Conditional Access Policy and search for any policy related to MFA.

    Let me know if you have further questions.

    Thanks,

    Fabio

    1 person found this answer helpful.

  2. Fabio Andrade 1,665 Reputation points Microsoft Employee
    2023-10-19T21:21:27.7866667+00:00

    Hi @BOVAY Louis

    I wanted to check in and see if you had any other questions or if you were able to resolve this issue?

    If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.


    If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.

    Thanks,

    Fabio

    0 comments No comments

  3. Fabio Andrade 1,665 Reputation points Microsoft Employee
    2023-10-26T20:43:25.6866667+00:00

    Hi @BOVAY Louis

    I wanted to check in and see if you had any other questions or if you were able to resolve this issue?

    If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.


    If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.