This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 82%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBL%3C/text%3E%3C/svg%3E)
Hey, we would like to disable MFA registration for our users but the option is grayed out.
Microsoft Entra > Protection > Identity Protection > Registration Policies for MFA :
This are roles of my user :
What else can I do ?
Why would I disable MFA : It's a great option that everyone should have but real people aren't "ready" to be force to have to download an app on their personal phone. And it's not my job to fight for that.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 96%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFA%3C/text%3E%3C/svg%3E)
Hi @BOVAY Louis ,
Thanks for reaching out to Microsoft Q&A.
We first need to understand why and how your users are being prompted for MFA. The screenshot you provided has the configuration for Identity Protection only, which is basically a feature that will request your users to MFA in case their accounts are at risk.
In order to check how MFA is being triggered, we need to understand how MFA is enabled on the Entra ID tenant which usually occurs in 3 ways:
1 - Security Defaults. This is a feature that Microsoft started to enabled by default to Entra ID tenants that do not have either P1 licenses or a Conditional Access policy configured. You can check and disable Security Defaults using these steps: https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/security-defaults#enabling-security-defaults
2 - Per User MFA. You can see the user MFA status by using the instructions in this document. You can disable it if it's being enforced that way https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates#view-the-status-for-a-user
3 - Using Conditional Access Policies. Check Conditional Access Policies via Microsoft Entra ID / Security / Conditional Access Policy and search for any policy related to MFA.
Let me know if you have further questions.
Thanks,
Fabio
Hello @BOVAY Louis , let us know if you need additional assistance. If the answer was helpful, please accept it and rate it so that others facing a similar issue can easily find a solution.
Hi @BOVAY Louis
I wanted to check in and see if you had any other questions or if you were able to resolve this issue?
If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.
If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.
Thanks,
Fabio
Hi @BOVAY Louis
I wanted to check in and see if you had any other questions or if you were able to resolve this issue?
If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.
If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.