This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 75%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERJ%3C/text%3E%3C/svg%3E)
I have disabled MFA for All users, disabled system default for group and yet new users keep getting prompted to have authenticator - we do NOT want this since these are IDs shared with external users with local authentication
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 17%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVJ%3C/text%3E%3C/svg%3E)
Hello Raghu Janardhan,
Thank you for posting your query in Microsoft Q&A.
As per the description, we understand that you have disabled MFA for all users and also disabled Security Defaults to avoid triggering MFA for all users. But, now new users are getting asked to configure MFA.
Please let me understand how did you disable MFA for all users?
Hello Raghu Janardhan,
Did you get a chance to see my previous comment and share us the details on how you disabled MFA for all users. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
Hello Raghu Janardhan,
As per the screenshots provided, we can see you have enabled TAP, Oauth tokens and email OTP for all users in Authentication Methods policy.
We can configure MFA for a user in following ways.
To identify which policy or component is triggering MFA for users, we can check sign-in logs.
Please navigate to Entra ID - Users - Effected user (one of the users who is getting MFA) - Sign-in logs.
Open the sign-in log in which the user is triggered with MFA and go to Authentication details.
Here you can see from where MFA is getting triggered.
In the above screenshot, my user is getting MFA from per-user MFA.
Please let me know if you are able to find the source of MFA.
Hello Raghu Janardhan,
We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
Attached is PDF with images - my apologies for the delay
Are there any updates here? - I have provided images on Private Message platform
Hello Raghu Janardhan,
From 2024, Microsoft enforce mandatory MFA for all Azure sign-in attempts. For more background about this requirement, see the below link of our blog post.
The enforcement of MFA rolls out in two phases:
Phase 1: Starting in October 2024, MFA is required to sign in to the Azure portal, Microsoft Entra admin center, and Microsoft Intune admin center. The enforcement will gradually roll out to all tenants worldwide. Starting in February 2025, MFA enforcement gradually begins for sign in to Microsoft 365 admin center. This phase won't impact other Azure clients such as Azure CLI, Azure PowerShell, Azure mobile app, or IaC tools.
Phase 2: In the summer of 2025, MFA enforcement will gradually begin for Azure CLI, Azure PowerShell, Azure mobile app, and IaC tools. Some customers may use a user account in Microsoft Entra ID as a service account. It's recommended to migrate these user-based service accounts to secure cloud based service accounts with workload identities.
Suggest you refer the below documentation. This document covers which applications and accounts are affected, how enforcement gets rolled out to tenants, and other common questions and answers.
Please let us know if you have further questions.
Thank you.
Hello Raghu Janardhan,
Following up to see if the above answer was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.
Hello Raghu Janardhan,
We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.