How can i disable per user MFA

Question

Hello

Please i need your help on this issue.

We are experiencing difficulty in temporarily disabling per user MFA (Multifactor Authentication). 

 

On the Microsoft 365 admin center we have disabled Multifactor Authentication for all users.

But when the users try to sign in it keeps asking them to enter the code from their Microsoft authenticator App even though we have already disabled the multi factor authentication.

 How do we stop the users from getting the message to enter code from multi factor authenticator App.

 

The Security default is also disabled on the tenant. 

Lastly, today logging into the tenant with our Global Admin account we are forced to do MFA by SMS. 

Answer 1

Hi Iniobong Nkanga,

Thank you for posting your query on Microsoft Q&A!

If you have disabled both Per-user MFA and Security Defaults then the source of MFA requirement would most likely be Conditional Access.

If you navigate here do you see any enabled Conditional Access policies - https://portal.azure.com/#view/Microsoft_AAD_ConditionalAccess/ConditionalAccessBlade/~/Policies

Also you can check the sign-in logs for a user who recently was required to perform MFA it should should which Conditional Access policies applied.

One other possible cause is that users are a guest in another tenant, and when accessing apps like Teams or SharePoint they are required to perform MFA due to Conditional Access in the guest tenant.

Do let me know if this helps or if you have any further queries.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Kind Regards,

Donal