![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Microsoft 365 and Office | Subscription, account, billing | For business | Other
Microsoft 365 features that help users manage their subscriptions, account settings, and billing information.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 21%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVN%3C/text%3E%3C/svg%3E)
Hi Anonymous,
Welcome to the Microsoft Q&A forum.
Thank you for the thorough cleanup you have already performed and for bringing this to my attention. Based on the details you shared, a former employee continues to receive Microsoft Authenticator verification prompts for your shared company account even after you removed their users, devices, and authentication methods in the admin portal.
This situation typically occurs because tenant wide protections still require multifactor for all users, which can continue to surface prompts to any Authenticator app that previously held the account. Furthermore, a per user multifactor setting or existing refresh tokens may keep triggering notifications until registrations are reset and sessions are revoked. Consequently, you might not see an active method in the portal, yet prompts can still appear on the former employee’s device.
To address this in a way that suits your situation, please consider the following steps below:
1/ Review Security Defaults in Microsoft Entra
- Sign in to the Microsoft Entra admin center with an administrator account.
- Go to Overview, open Properties, and select Manage security defaults.
- Check the status:
- If Security defaults is enabled, the service enforces multifactor for all users, including shared and older accounts. This means prompts are sent during sign in and may appear on any Authenticator app that previously added the account until registrations are cleared and sessions are refreshed.
- If Security defaults is disabled, users can sign in with only a password, which reduces protection. I do not recommend leaving it disabled for normal operations.
For your reference: Configure Security Defaults for Microsoft Entra ID - Microsoft Entra | Microsoft Learn
2/ Verify and adjust per user MFA for the shared account and any related legacy users
- Open the Microsoft 365 admin center and go to Users, then Active users.
- Select Multifactor authentication to open the per user MFA page.
- Search for the shared account and any old user objects that were ever tied to it.
- Review the State column:
- If it shows Enabled or Enforced for the shared account, change it to Disabled specifically for this account to stop prompts while you reset its methods.
- If it shows Enabled or Enforced for the shared account, change it to Disabled specifically for this account to stop prompts while you reset its methods.
I hope this information is helpful. Please follow these steps and let me know if it works for you. If you have any updates regarding the issue, please feel free to share them with me.
Thank you for your patience and your understanding. I look forward to continuing the conversation.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment”.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.