Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
Disabling Microsoft Authenticator for test accounts in Microsoft Entra ID
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 19%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJL%3C/text%3E%3C/svg%3E)
Jakub Śliwiński
0
Reputation points
In Azure, I have provisioned a couple test accounts in Microsoft Entra ID to test some RBAC features. When I'm trying to log on these test accounts for the first time, I'm always getting asked to set up the Microsoft Authenticator app for them. But since these are just temporary test accounts, I don't think this should be necessary. Is there any way to turn this off for them?
Microsoft Security | Microsoft Entra | Microsoft Entra ID
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 92%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Sridevi Machavarapu 30,450 Reputation points Microsoft External Staff Moderator2026-05-20T22:48:16.0866667+00:00 Hello Jakub Śliwiński,
Yes, this can be turned off for test accounts.
The prompt is typically caused by either:
- Security Defaults being enabled, or
- A Conditional Access / Authentication Methods policy requiring MFA registration.
You can check this in:
Microsoft Entra admin center → Identity → Overview → Properties → Manage security defaults
If Security Defaults are enabled, all users will be asked to register Microsoft Authenticator.
If you are using Conditional Access, the recommended approach is to place your test accounts in a separate group and exclude that group from:
- MFA policies
- Authentication methods policies
- Registration campaigns
You should also review:
Protection → Authentication methods → Registration campaign
as this setting can specifically prompt users to set up Microsoft Authenticator during sign-in.
Sign in to comment
1 answer
Sort by: Most helpful
-
AI answer
2026-05-20T22:28:46.38+00:00 Disable Microsoft Authenticator (MFA) only for the specific test accounts by using Conditional Access, instead of turning it off tenant-wide.
From the context:
- User-based authentication scenarios that cannot work with MFA are handled by disabling MFA only for the test accounts and only in test environments.
- Disabling security defaults or MFA globally is explicitly discouraged because it affects all users.
Actionable approach:
- Keep tenant-wide MFA/security defaults enabled for normal users.
- Create or adjust a Conditional Access policy in Microsoft Entra ID that excludes the specific test accounts (or a dedicated test group) from MFA requirements in the test environment.
- Use these test accounts for RBAC testing; they will no longer be forced to register Microsoft Authenticator when signing in.
This way, only the designated test accounts bypass MFA/Authenticator, while security remains enforced for all production users.
References:
AI-generated content may be incorrect. Read our transparency notes for more information.