Share via

Cannot disable per user MFA

IniobongNkanga-8038 966 Reputation points
2024-04-13T13:02:34.2666667+00:00

Hello

Please i need your help on this issue.

We are experiencing difficulty in temporarily disabling per user MFA (Multifactor Authentication). 

On the Microsoft 365 admin center we have disabled Multifactor Authentication for all users.

User's image

But when the users try to sign in it keeps asking them to enter the code from their Microsoft authenticator App even though we have already disabled the multi factor authentication.

How do we stop the users from getting the message to enter code from multi factor authenticator App.

We want them to login without asking for any verification.

Microsoft 365 and Office Install, redeem, activate For business Windows
Microsoft Security Microsoft Entra Microsoft Entra ID
Microsoft Security Microsoft Authenticator
Microsoft Security Microsoft Entra Other
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Babafemi Bulugbe 4,025 Reputation points MVP Volunteer Moderator
    2024-04-13T15:48:58.9866667+00:00

    Hello IniobongNkanga-8038,

    Thank you for posting this in the Microsoft Q&A Community.

    From my understanding, users are still being prompted to go through a multifactor authentication process even when it has been disabled per user.

    One particular setting to look at is the Security default in Entra ID (Azure). For most tenants created after 2019, Microsoft tends to enable Security defaults. This means that all users in the Organization are forced to complete a 2FA process whenever they are trying to authenticate even when you set their MFA to disable in the per-user settings.

    User's image

    To check if this is the case, sign in to the Entra ID portal, check under the properties blade

    User's image

    If this is set to enabled, this will be the reason why the users are still forced to complete the 2FA process.

    Follow the link for more information about security defaults.

    https://learn.microsoft.com/en-us/entra/fundamentals/security-defaults#deployment-considerations

    If security defaults isn't the reason, then you might have set up a conditional access policy that is forcing all users to go through this process.

    Let me know if this helps.

    Babafemi

  2. Akhilesh Vallamkonda 15,320 Reputation points Microsoft External Staff Moderator
    2024-04-16T07:20:14.2566667+00:00

    Hi @IniobongNkanga-8038

    Thank you for reaching out to the community forum!

    I understand that you are facing issue with disabling per user MFA and you have checked the Security default status, and it is disabled on the tenant but you still facing the same issue.

    Could you please check for Conditional Access Policies? sometimes, Conditional Access policies might enforce MFA even if it’s disabled in the admin center. If there you can modify your existing Conditional Access policies or you can delta.

    Reference: https://learn.microsoft.com/en-us/microsoft-365/admin/security-and-compliance/set-up-multi-factor-authentication?view=o365-worldwide#enable-modern-authentication-for-your-organization

    https://answers.microsoft.com/en-us/msoffice/forum/all/how-can-we-disable-multi-factor-authentication-to/703fffbd-b8d4-4ffd-a8db-c053282265ff

    Hope this helps. Do let us know if you any further queries.

    Thanks,

    Akhilesh

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.