Disable MFA for tenant

Question

Disable MFA for tenant

Anonymous

Hello everyone!

Is there a way to completly disable MFA for the whole tenant. I am also happy if there is a way to disable it on a user base.

Since Azure AD is called Microsoft Entra I cannot find a way to disable MFA there.

We are still in the migration process and MFA is not practical then. Once the migration is completed we will enable MFA again.

Thanks in advance.

Gerald

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

Answer accepted by question author

5 additional answers

Answer 1

Dear Gerard,

Good day! Thank you for posting to Microsoft Community. We are happy to help you.

Based on your description, I understand that you have a query "Disable MFA for tenant".

Have you tried disabling the MFA for all organization by disabling the security defaults? Sign in to the Microsoft Entra admin center > Browse to Microsoft Entra ID (Azure AD) > Properties > Select Manage security defaults > Set Security defaults to disabled > Select Save. Refer to Providing a default level of security in Azure Active Directory - Microsoft Entra | Microsoft Learn.

Please note that disabling MFA for the whole tenant is not recommended for security reasons. It is better to disable it on a user basis if it is not practical for your organization at the moment.

To disable MFA for a user, Sign in to the Azure portal with your admin credentials > Go to Azure Active Directory > Select Users > Select the user you want to disable MFA for > Select Authentication methods > Under MFA, select Disable > Select Save.

We look forward to hearing from you; Please note that our initial response does not always resolve the issue right away. However, with your help and more detailed information, we can work together to find a solution. Thank you for your help.

Sincerely

De Paul | Microsoft Community Moderator

Answer 2

You can Turn off Security defaults.

Sign in to the Microsoft 365 admin center with global admin credentials.
In the left nav choose Show All and under Admin centers, choose Azure Active Directory.
In the Azure Active Directory admin center choose Azure Active Directory > Properties.
At the bottom of the page, choose Manage Security defaults.
Choose No to disable security defaults, and then choose Save.

See https://dori-uw-1.kuma-moon.com/en-us/microsoft-365/admin/security-and-compliance/set-up-multi-factor-authentication?view=o365-worldwide#turn-security-defaults-on-or-off

Answer 3

Thank you very much!

It works this way to disable MFA for the whole tenant.

To disable MFA for a user, Sign in to the Azure portal with your admin credentials > Go to Azure Active Directory > Select Users > Select the user you want to disable MFA for > Select Authentication methods > Under MFA, select Disable > Select Save.

I also tried to disable it on a user basis. But the way you discribed it does not work anymore. Azure AD is now Entra - although there is still "Authentication methods" availible under the selected user, you do can not disable MFA there anymore. - maybe I just don't see it.

Answer 4

Anonymous

Very simple and helpful article.

Thanks.

Answer 5

Related to this setting, if I change the global configuration so that MFA is off for all users will the reset MFA for all logged on/active users ? I understand I will need to go in and turn MFA on manually per user if I change this setting but I wanted to know if I then have to re-enroll all users that need MFA.

I have a specific need where I have a 'kiosk' machine with limited access which multiple people will use and I don't want to have multiple logons for it.

Share via

Disable MFA for tenant

5 additional answers