How to disable MFA for all users in a tenet?

To disable MFA for all users in your tenant, you should ensure that you have turned off the per-user MFA configuration and replaced it with Conditional Access policies if needed. Here are the steps to follow:

1. Disable Per-User MFA:
   • Sign in to the Microsoft Entra admin center as an Authentication Policy Administrator.
   • Navigate to Users > All users and select the Per-user MFA button.
   • Disable MFA for all users who had this option enabled.
2. Use Conditional Access Policies:
   • If you have Conditional Access policies that require MFA, you will need to review and modify those policies to ensure that they do not enforce MFA for users.
   • You can create a Conditional Access policy that allows access without requiring MFA for specific users or groups.
3. Check Security Defaults:
   • If security defaults are enabled, they will enforce MFA for all users. You may need to disable security defaults to prevent MFA prompts.

If MFA prompts have reappeared after following these steps, it could be due to the re-enablement of security defaults or Conditional Access policies that require MFA. Ensure that these settings are reviewed and adjusted accordingly to maintain the desired state.

References:

• Microsoft Entra recommendation: Switch from per-user MFA to Conditional Access MFA
• Configure Microsoft Entra multifactor authentication settings

Hello @97277349,

Thank you for posting your question in the Microsoft Q&A Forum. 

I’d like to clarify a few points and guide you through some checks to help us identify the root cause. 

First, could you confirm whether the MFA prompts reappearing are affecting end users or only admin accounts?  Please note that, according to Microsoft policy, mandatory MFA is enforced for all admin accounts accessing the Microsoft 365 Admin Center and Azure Portal. This cannot be disabled for admins, even if Security Defaults are turned off. 
You can find more details in this official article: Plan for mandatory Microsoft Entra multifactor authentication (MFA) - Microsoft Entra ID | Microsof… 

If the prompts are happening for end users, please try the following steps: 

1/ Review Conditional Access Policies 

• In Microsoft Entra admin center, go to Security > Conditional Access > Policies 
• Check if any policy is enforcing MFA for users. 
• If found, you can either disable the policy or modify it to exclude the affected users/groups. 

2/ Verify Per-User MFA Settings 

• Sign in to Microsoft 365 Admin Center: https://admin.microsoft.com 
• Navigate to: Users > Active Users 
• Select a user and click Manage multifactor authentication
• Ensure the MFA status for users is set to Disabled. 

Please check these settings and confirm back to us whether MFA prompts are only for admins or also for end users. 

Once we have this information, we can advise on the next steps to ensure MFA remains disabled across your tenant (except for mandatory admin MFA, which cannot be turned off). 

I hope the above information is helpful. If you have any additional questions or need further clarification, please feel free to reach out, I’m here to assist you. 

I look forward to your confirmation. 

Best regards,

If the answer is helpful, please click "Accepted" and kindly upvote it. If you have extra questions about this answer, please click "Comment". 

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.