How to disable the two factor authentication from single user.

Ashwin Barfa 26

Hi,
We are using SharePoint. And we would like to disable the two factor authentication for only one or two users.
Thanks in Advance

Robin Ganderton 41 Reputation points

2022-05-12T21:40:41.397+00:00

Has any body got this to work. my MFA is off, on all users, it still requires MFA log in. Is there a fix ?

Brand New O365 user. MFA Shut off. (On all users) yet logging in, with this new user still requires MFA Setup.

suggestions ? comments ?
Heer Gupta | Otobit Private Limited 0 Reputation points

2023-04-04T06:11:57.9266667+00:00

Multi factor authentication is off for the user. The user had 2 factor using authenticator app, and now he lost the phone with that app. He can't login now
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

Accepted answer

Emily Du-MSFT 43,661 Reputation points Microsoft Vendor

2020-09-22T05:56:50.02+00:00

@Ashwin Barfa
Go to Microsoft 365 admin center -> Users -> Active users -> Select the user -> Manage multifactor authentication -> Select the user -> Disable multi-factor authentication.

If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Please sign in to rate this answer.

7 people found this answer helpful.
Ashwin Barfa 26 Reputation points

2020-09-22T14:16:44.7+00:00

Thanks @Emily Du-MSFT ,

As per your Steps we checked Multi-Factor Authentication, and It we already "Disabled".

Actually this is a guest user for which we are facing the issue.
When we are trying to access the SharePoint Site we are getting the below error.

Can you let us know How we can avoid this.

Emily Du-MSFT 43,661 Reputation points Microsoft Vendor

2020-09-24T08:30:29.347+00:00

For a guest user, due to the security consideration of sites, Microsoft does not support disabling multi-factor authentication.

If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

BleuOisou-3552 156 Reputation points

2021-05-25T13:11:19.163+00:00

Thank you for the posting ..., may please let know how to where to locate to :

Microsoft 365 admin center -> Users -> Active users ->... to disable Microsoft 365 personal installing on 3 PCs ... ?

Akhilesh yadav 5 Reputation points

2023-04-03T08:53:59.52+00:00

I tried the steps but its still asking for 2FA while logging, now what should I do?

Alp Peker 0 Reputation points

2023-04-10T16:41:19.8733333+00:00

same,

it was already disabled but still asks for two-step verification for every user.

Leisa Hodgkins 6 Reputation points

2023-05-01T12:56:15.4133333+00:00

I will just note here that I am having the same issues. It says the user is disabled for 2factor, but when you go to sign the person into the Office365 apps (E3 License) it will STILL ask for you to download an app. I also tried enabling and then disabling and still wanting 2FA

teespolyglot 31 Reputation points

2023-05-01T13:30:52.7033333+00:00

As stated in my previous comment, this will be due to security defaults being enabled. The only way to disable 2FA for one user is to disable security defaults for the organisation in Azure Active Directory > Properties, and then re-enable 2FA on all the accounts that still require it, leaving it disabled on the ones that don't .

Leisa Hodgkins 6 Reputation points

2023-05-01T14:33:35.54+00:00

Actually, I just solved my own problem. New user, didn't have MFA enabled. Ienabled it and then disabled it and is now working as it should to allow a few single user sign ons to not use MFA...

MCTR Admin 0 Reputation points

2023-06-14T16:01:34.95+00:00

Doesn't work.

Martin 0 Reputation points

2024-05-30T11:13:47.7066667+00:00

Not working. It requires toggle off Default Security Settings in Azure Center, and Azure Center is NO MORE. So for those who have default security settings by, well, default this solution is unusable. I too have MFA disabled for all users in this dialog yet all users have MFA enforced in reality.

teespolyglot 31 Reputation points

2024-05-30T11:30:29.3533333+00:00

@Martin visit https://entra.microsoft.com/ and on the Overview page, click the Properties tab, and Security Defaults is at the bottom of the page
Sign in to comment

12 additional answers

Mohammed Bawazir 1 Reputation point

2022-12-30T22:54:05.027+00:00
For those who are still being requested MFA even after turning it off from the Admin center, this is the solution:

Ask your organization Global Admin to go to https://portal.azure.com/

Search and go to: Users

Click on the User with the MFA issue

On the User page, click Authentication methods > Require re-register multifactor authentication

]1
Please sign in to rate this answer.
Timo 0 Reputation points

2023-01-30T07:53:49.89+00:00

This doesn't work for me. I also found this: https://video2.skills-academy.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy. But every setting is grayed out.
Sign in to comment
KickstandsandKeyboardsOnyoutube 0 Reputation points

2023-03-13T15:02:22.1133333+00:00

I might post a video on how to do this. But basically Mohammed's method is the correct one.
Please sign in to rate this answer.
David Spigelman 0 Reputation points

2023-05-09T12:32:17.2066667+00:00

His method is fine, IF your problem is that the user lost his MFA token(s) and needs to recover. But it doesn't work for situations in which you just need it disabled.
Sign in to comment
Abdul Raheman Shaikh 0 Reputation points

2023-05-04T10:21:15.4833333+00:00

You can achieve it via a conditional access policy for single user.
Please sign in to rate this answer.

0 comments No comments
Sign in to comment
Ben Gibson 10 Reputation points

2024-05-02T20:24:49.3833333+00:00
In my experience, the complete answer to this simple question is anything but straightforward. The exact process depends on a host of various factors in your environment, including what policies in place, admin permissions of the user executing the steps, additional Azure subscriptions, whether this is for an internal or external (guest) user, whether this is for a new user or an existing user, (if it an existing user) whether MFA has already been configured on the account, and much more.

The number of variables involved is probably why it is so hard to find a clear AND accurate answer to this seemingly-simple question that works for everyone.

With that said, for smaller organizations using Microsoft 365 Basic or Premium licenses who are trying to disable MFA for a user that has already registered for it, I think this GUI-only, non-PowerShell process might answer the question:

Disable Security Defaults for the organization. (If this is enabled, it acts as an “override all” and gives no flexibility to disable individual users, regardless of what you seem to see elsewhere in the admin environment.)

https://portal.azure.com/#blade/Microsoft_AAD_ConditionalAccess/SecurityDefaults

Alternatively, scroll to the bottom of this page and click the “Manage security defaults” link: https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/Properties

Ensure that MFA is disabled for the user in question.

https://account.activedirectory.windowsazure.com/UserManagement/MultifactorVerification.aspx?BrandContextID=O365

Optionally, ensure that MFA is enabled or enforced for all other users. (HIGHLY recommended!)

Revoke previous MFA configurations on the user.

https://entra.microsoft.com/#view/Microsoft_AAD_UsersAndTenants/UserManagementMenuBlade/~/AllUsers/menuId/

Select the user from the list

In the “Manage” section of the left menu for the user, select “Authentication methods”

From the toolbar above the resulting pane, click “Revoke multifactor authentication sessions”. You may need to click the ellipsis (three dots) on the toolbar to view that choice.

Again, there are myriads of places to invoke policies and set other MFA-related settings, so this process will definitely not work for everyone's environment, but hopefully it provides some more clarity to someone.
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Share via

How to disable the two factor authentication from single user.

12 additional answers