Unable to disable MFA for Office 365 account

Question

Unable to disable MFA for Office 365 account

日立　太郎 0

Hello,

I am trying to disable Multi-Factor Authentication (MFA) for my Office 365 account, but I am unable to do so. Here are the details:

I checked in the Microsoft Entra (Azure AD) portal under Per-user MFA, but the option to disable MFA is not available.

I also verified Conditional Access Policies, but I am unsure if any policy is enforcing MFA.

When I try to disable MFA via PowerShell using Set-MsolUser -UserPrincipalName user@example.com -StrongAuthenticationRequirements @(), I receive [].

Could someone guide me on how to properly disable MFA or identify what is enforcing it?

Thank you!

1 answer

Your answer

Answer 1

Obinna Ejidike 740

Thanks for using QandA platform.

MFA in Microsoft 365 can be enabled through several different mechanisms, not just one. Before attempting to disable it, it's essential to understand where it might be enforced. This includes Per-user MFA, Conditional Access Policies, Security Defaults, and Authentication Methods Policies. I recommend reviewing each of these areas as outlined below to identify the enforcement source before applying changes.

When you run:

Set-MsolUser -UserPrincipalName user@example.com -StrongAuthenticationRequirements @()

And receive [] as output, that means no per-user MFA requirement is set. So the MFA is likely enforced by either Conditional Access or Security Defaults.

Check Conditional Access Policies: https://learn.microsoft.com/en-us/entra/identity/conditional-access/overview

Check Security Defaults: https://learn.microsoft.com/en-us/entra/fundamentals/security-defaults

Additionally, you can check the Authentication Methods Policy:https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-methods

You can mark it 'Accept Answer' and 'Upvote' if this helped you

Regards,

Obinna

日立　太郎 0 Reputation points

2025-04-09T03:09:39.16+00:00
Hello @Obinna Ejidike ,

I have reviewed all possible MFA enforcement mechanisms, but I am still unable to disable it.

My goal:

I want to log in to Office 365 using only my username and password, without being prompted for additional authentication (such as phone number verification).

Current issue:

When I enter my username and password, I receive the message:

"Your organization needs more information to keep your account secure."

Then, I am required to enter a phone number to receive a code before I can log in.

What I have checked:

Per-user MFA: Not enabled (PowerShell command Set-MsolUser -UserPrincipalName user@example.com -StrongAuthenticationRequirements @() returns []).

Conditional Access Policies: No policies enforcing MFA.

Security Defaults: Disabled.

Authentication Methods Policy: No settings enforcing MFA.

Despite these checks, I am still required to provide a phone number and verify with a code before I can log in.

Could you please advise on what might be enforcing this requirement and how I can disable it?

Thank you.
Obinna Ejidike 740 Reputation points

2025-04-09T13:34:32.5766667+00:00

Thanks for the detailed context. You've done a thorough job ruling out the most common MFA enforcement points. However, the persistent prompt suggests that Microsoft Entra ID still requires strong authentication via another mechanism.

Even with no MFA policies, Microsoft Entra can enforce Security Info Registration (not MFA, but registration of phone/email). This often triggers the “Your organization needs more information to keep your account secure” message.

Can you check Microsoft Entra admin center > Authentication methods > Registration campaign and see if it's enabled, and set it to "None" for the target users or groups.

If this does not fix issue, my additional recommendation would be to raise a Microsoft ticket so the team can check from the backend as well to help resolve issue.

Regards,

Obinna.

Share via

Unable to disable MFA for Office 365 account

1 answer

Your answer