Need help in diable mfa for admin user in azure portal

Question

Hi ,

We want to disable MFA for one of the user in azure, but some how we don't have enough permissions, can you please help us with this a priority .

Thanks,

Bhanukiran

Answer 1

Hello Bhanukiran,

Disabling MFA for an admin account is generally not recommended because it lowers the security of the tenant. However, if it is required, you can review the following settings in Microsoft Entra ID, since MFA can be enforced in different ways.

To disable MFA for a user in Microsoft Entra ID, the account making the change must have the required permissions. This usually requires one of these roles: Global Administrator, Privileged Authentication Administrator, or Authentication Policy Administrator. If your account does not have one of these roles, you may see a permission error.

After you have the required role, please check where MFA is being enforced.

Security Defaults:

In the Microsoft Entra admin center, go to Entra ID → Overview → Properties → Manage security defaults. If Security defaults are enabled, set them to Disable and save the change.

Conditional Access policies

Go to Entra ID → Conditional Access → Policies. If any active policy requires MFA, open the policy and add the affected user under Exclude, then save.

Per-user MFA

Go to Users → Per-user MFA, locate the user, and if the status shows Enabled or Enforced, select the user and choose Disable.

Also, please confirm if you have the Global Administrator role and whether the affected admin account is the only Global Administrator in the tenant. This will help us guide you further.

Please check Private messages tab and click the consent link to assist you further.