How to disable the two factor authentication from single user.

Ashwin Barfa 26 Reputation points
Sep 21, 2020, 3:08 PM

Hi,
We are using SharePoint. And we would like to disable the two factor authentication for only one or two users.
Thanks in Advance

Microsoft Office Online Server
Microsoft Office Online Server
Microsoft on-premises server product that runs Office Online. Previously known as Office Web Apps Server.
656 questions
SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
10,920 questions
{count} vote

Accepted answer
  1. Emily Du-MSFT 47,926 Reputation points Microsoft Vendor
    Sep 22, 2020, 5:56 AM

    @Ashwin Barfa
    Go to Microsoft 365 admin center -> Users -> Active users -> Select the user -> Manage multifactor authentication -> Select the user -> Disable multi-factor authentication.
    26343-1.png
    26365-2.png


    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    7 people found this answer helpful.

12 additional answers

Sort by: Most helpful
  1. Jan Erik Bolz 6 Reputation points
    Sep 15, 2022, 9:58 AM

    I have the same issue: Despite the MFA is deactivaed in Admin Center for a specific user, when loggin into OWA with the same user, there is still a 2nd factor neccessary.

    How to disable that? Thanks for help!

    1 person found this answer helpful.
    0 comments No comments

  2. Mohammed Bawazir 6 Reputation points
    Dec 30, 2022, 10:54 PM

    For those who are still being requested MFA even after turning it off from the Admin center, this is the solution:

    1. Ask your organization Global Admin to go to https://portal.azure.com/
    2. Search and go to: Users
    3. Click on the User with the MFA issue
    4. On the User page, click Authentication methods > Require re-register multifactor authentication

    ![275127-image.png]1

    1 person found this answer helpful.

  3. Ben Gibson 25 Reputation points
    May 2, 2024, 8:24 PM

    In my experience, the complete answer to this simple question is anything but straightforward. The exact process depends on a host of various factors in your environment, including what policies in place, admin permissions of the user executing the steps, additional Azure subscriptions, whether this is for an internal or external (guest) user, whether this is for a new user or an existing user, (if it an existing user) whether MFA has already been configured on the account, and much more.

    The number of variables involved is probably why it is so hard to find a clear AND accurate answer to this seemingly-simple question that works for everyone.

    With that said, for smaller organizations using Microsoft 365 Basic or Premium licenses who are trying to disable MFA for a user that has already registered for it, I think this GUI-only, non-PowerShell process might answer the question:

    1. Disable Security Defaults for the organization. (If this is enabled, it acts as an “override all” and gives no flexibility to disable individual users, regardless of what you seem to see elsewhere in the admin environment.)
      1. https://portal.azure.com/#blade/Microsoft_AAD_ConditionalAccess/SecurityDefaults
      2. Alternatively, scroll to the bottom of this page and click the “Manage security defaults” link: https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/Properties
    2. Ensure that MFA is disabled for the user in question. 
      1. https://account.activedirectory.windowsazure.com/UserManagement/MultifactorVerification.aspx?BrandContextID=O365
      2. Optionally, ensure that MFA is enabled or enforced for all other users. (HIGHLY recommended!)
    3. Revoke previous MFA configurations on the user.
      1. https://entra.microsoft.com/#view/Microsoft_AAD_UsersAndTenants/UserManagementMenuBlade/~/AllUsers/menuId/
      2. Select the user from the list
      3. In the “Manage” section of the left menu for the user, select “Authentication methods”
      4. From the toolbar above the resulting pane, click “Revoke multifactor authentication sessions”. You may need to click the ellipsis (three dots) on the toolbar to view that choice.

    Again, there are myriads of places to invoke policies and set other MFA-related settings, so this process will definitely not work for everyone's environment, but hopefully it provides some more clarity to someone.

    1 person found this answer helpful.
    0 comments No comments

  4. Melida Kacapor 1 Reputation point
    Sep 15, 2022, 2:21 AM

    Hi I have a user and in the settings its displayed that the 2FA is disabled but when im trying to sign in its still requesting.
    Please help.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.