How to disable the two factor authentication from single user.

Ashwin Barfa 26 Reputation points
2020-09-21T15:08:20.723+00:00

Hi,
We are using SharePoint. And we would like to disable the two factor authentication for only one or two users.
Thanks in Advance

Microsoft Office Online Server
Microsoft Office Online Server
Microsoft on-premises server product that runs Office Online. Previously known as Office Web Apps Server.
574 questions
SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
9,400 questions
{count} vote

Accepted answer
  1. Emily Du-MSFT 40,486 Reputation points Microsoft Vendor
    2020-09-22T05:56:50.02+00:00

    @Ashwin Barfa
    Go to Microsoft 365 admin center -> Users -> Active users -> Select the user -> Manage multifactor authentication -> Select the user -> Disable multi-factor authentication.
    26343-1.png
    26365-2.png


    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    6 people found this answer helpful.

11 additional answers

Sort by: Most helpful
  1. teespolyglot 31 Reputation points
    2023-02-12T16:30:13.3133333+00:00

    This is due to Security defaults being enabled for the tenant. As per Microsoft's own guidelines (here: https://learn.microsoft.com/en-us/microsoft-365/admin/security-and-compliance/set-up-multi-factor-authentication?view=o365-worldwide), administrators should turn off legacy per-user MFA and then switch on Security defaults in the Microsoft Entra admin center (here: https://entra.microsoft.com/)

    User's image

    It seems this overrides the settings in the legacy MFA settings, and it is not possible to disable Security defaults on a per-user basis. It would therefore seem that the only viable way to achieve what you want is to disable security defaults in Microsoft Entra admin center > Azure Active Directory > Properties > Manage security defaults, and then renable MFA for all other users in the legacy Microsoft 365 admin center Multi-factor authentication settings

    6 people found this answer helpful.

  2. Monica Meza 30 Reputation points
    2023-03-22T22:50:43.76+00:00

    Our issue as a business is that 85% of the users are Teams only. And of those 85%, about 95% don't understand MFA and are ALSO being asked to download an app that they don't understand.

    The main reason is that the team is mostly technologically illiterate and the only time in their lives that they really use tech beyond visiting a website on their phone is to use Teams for communications.

    So, right now, about 80% of our team is unreachable and turning of MFA has been an absolute nightmare.

    6 people found this answer helpful.

  3. Vasil Michev 92,431 Reputation points MVP
    2020-09-21T16:14:57.46+00:00

    Well, how are you enforcing two-factor authentication for your users?

    4 people found this answer helpful.
    0 comments No comments

  4. George Chrysovalantis Grammatikos 401 Reputation points MVP
    2022-09-16T18:27:15.063+00:00

    Hi @Jan Erik Bolz ,

    It is important to know that MFA is not recommended to be disabled on user accounts.
    In response to your query, you can disable MFA by following the below PowerShell code:

    Connect-MsolService

    • Get the StrongAuthenticationRequirement configured to the user account

    (Get-MsolUser -UserPrincipalName account@keyman .com).Strong

    • Remove StrongAuthenticationRequirements from the user account

    $mfa = @()
    Set-MsolUser -UserPrincipalName account@keyman .com -StrongAuthenticationRequirements $mfa

    • Verify MFA has been removed

    (Get-MsolUser -UserPrincipalName account@keyman .com).StrongAuthenticationRequirements

    $User = Get-MSolUser -UserPrincipalName account@keyman .com
    $User.StrongAuthenticationMethods

    And you can also try to do this through the Azure Portal and account portal:

    https://portal.azure.com/
    https://account.activedirectory.windowsazure.com/

    I would also suggest to Revoke multifactor authentication sessions and Revoke sessions for the user account.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it.

    4 people found this answer helpful.
    0 comments No comments