Share via

How to Disable Authenticator Requirement for Entra Users

Harris, David 50 Reputation points
2025-03-20T14:18:32.6+00:00

I have disabled the first time login password change requirement for a small group of Entra users. Now I need to disable the requirement to set up an Authenticator account; I do not need MFA for these users.

Microsoft Security Microsoft Entra Microsoft Entra ID
0 comments
Accepted answer
  1. Raja Pothuraju 23,465 Reputation points Microsoft External Staff Moderator
    2025-03-25T16:17:54.93+00:00

    Hello @Harris, David,

    Thank you for connecting offline over the team's call.

    As discussed, we observed that your users were being prompted for MFA registration each time they signed in to an application due to Self-Service Password Reset (SSPR) being enabled in your tenant. When SSPR is enabled, users must register at least one authentication method to complete the SSPR registration process.

    Since you wanted to prevent users from being prompted for MFA registration, we have disabled SSPR in your tenant. After making this change, users were no longer prompted to register for MFA when signing in.

    For more details on SSPR and its impact, you can refer to the official Microsoft documentation:

    https://learn.microsoft.com/en-us/entra/identity/authentication/concept-sspr-howitworks

    I hope this information is helpful. Please feel free to reach out if you have any further questions.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Surya Prakash Kotte 3,190 Reputation points Microsoft External Staff Moderator
    2025-03-21T08:01:19.92+00:00

    Hello Harris, David,

    Based on your query, I understand you would like to disable the authenticator for some users.

    Here are some steps you need to follow and check:

    1. First, you need to disable the Security default settings.https://learn.microsoft.com/en-us/entra/fundamentals/security-defaults?WT.mc_id=Portal-Microsoft_AAD_IAM#disabling-security-defaults
    2. Check if any conditional access policies have been enabled for the required users.https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-users-groups#exclude-users
    3. Check the registration campaign settings. If enabled, you need to exclude those users from the registration campaign.How to run a registration campaign to set up Microsoft Authenticator - Microsoft Entra ID | Microsoft Learn
    4. From the modern authentication settings, you have to exclude those users.Microsoft Authenticator authentication method - Microsoft Entra ID | Microsoft Learn

    I hope this information is helpful. Please feel free to reach out if you have any further questions.

    If the answer is helpful, please click "Accept Answer" and kindly "upvote it". If you have extra questions about this answer, please click "Comment"

    1 person found this answer helpful.
    0 comments
  2. Techhelp Volunteer 230 Reputation points
    2025-03-20T16:34:13.73+00:00

    You can refer this article https://learn.microsoft.com/en-us/entra/identity/authentication/howto-mfa-userdevicesettings

    If you have Conditional Access policies in place that enforce MFA, you may need to modify or exclude these users from the policy.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.