使用者手機故障 無法關閉二次驗證

Question

Answer 1

Hi @惠卿 吳

Thank you for contacting Microsoft Q&A Support. 

Based on your description, I understand that you're experiencing an issue where users are still being prompted for multi-factor authentication (MFA) even after it has been disabled. 

To resolve this, please follow the steps below. I’ve also included a picture guide to make the process easier. Additionally, you can refer to the official documentation linked at the end of this message. 

1. Sign in to the Microsoft Entra Admin Center: Entra.microsoft.com using an account with admin privileges. 
2. Navigate to Identity (1) → Overview (2). 
3. Select the Properties (3) 
4. Roll down and choose Manage security defaults (4). 
5. In the panel that appears, set Enable Security Defaults (5) to Disabled. 
6. Under Reason for disabling (6), select the option that best fits your organization’s needs. 
7. Click Save (7) to apply the changes. 

For more information, the reason of this issue is:  _Security Defaults is a built-in set of identity security mechanisms that Microsoft enables by default for tenants to protect against common identity-related attacks. One of its features is mandatory MFA for all users, especially admins so even if you disable MFA for individual users or through Conditional Access policies, Microsoft Entra ID (formerly Azure AD) may still enforce MFA if Security Defaults are enable_d. 

So, as long as Security Defaults are enabled, users will still be prompted for MFA—even if you’ve disabled it elsewhere.  

Link document: 在 Microsoft Entra ID 中提供預設層級的安全性 - Microsoft Entra | Microsoft Learn

---

If this response was helpful, kindly click "Accept Answer" and consider giving it an upvote. 

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.