Hello @Closweetness
Thank you for reaching out to us.
The MFA can be enabled through 4 places below so you might have enabled MFA through any one of the options below please go through them in order to better understand the configuration process.
- Using conditional Access: If you have used this option to enable MFA, make sure you have not included all users.
- Per user MFA: If you want to enable MFA only for your account, you should consider using this option.
- Security defaults: If you don’t want to enable MFA for all users, make sure it is not enabled.
- Identity protections: If you have used this option to enable MFA, make sure you have not included all users.
Using Conditional Access: if you have enabled "The Microsoft Authenticator: through MFA by creating the Conditional Access policy then you can go to the same Conditional Access policy where you will be able to remove the users or groups that you don't want to enable Microsoft Authenticator please follow the steps below in order undo the changes or to properly configure the MFA for a set of users.
- select Azure Active Directory, then choose Security from the menu on the left-hand side.
- Select Conditional Access, and then choose + New Policy if you want to create a new policy or select the existing policy and modify it.
- Remove the users that you don't want to enable MFA by going to the Users and groups section.
Please go to the below article where you will be able to find more information for configuring the conditions for multi-factor authentication https://learn.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-azure-mfa#create-a-conditional-access-policy
Per-User MFA: If you have enabled MFA on per user basis then you need to go to the Azure Active Directory - > All Users - > Multi-Factor Authentication and then select the users for which you want to enable or disable MFA. Please go through this link in order to find more information about configuring MFA Per-User https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates
Identity Protection: By Enabling MFA through this option you get the option to select all users in order to enable it please go to Azure Active Directory -> Security - > Identity Protection and then go to Sign-in risk policy enable the MFA. And then go to MFA Registration policy in order to select users. For more information on configuring MFA through Identity protection, you can go through this link https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-policies
Security Defaults: This option will enable MFA on all the users in order to enable it you need to go to Azure Active directory-> properties and then select Manage security default and select Yes in order to enable it please go through this link for more information about security defaults https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults
In case you have any questions on the same, you can surely let us know and we will be happy to help you further. If this post provides you the answer you were looking for, do accept it as an answer in the interest of community members with similar queries. If this does not answer, please ask further in the comments and we will happy to address your concerns.
Thank you.