question

JasonGodfrey-5248 avatar image
0 Votes"
JasonGodfrey-5248 asked joyceshen-MSFT commented

forcing users to configure MFA even though the setting is disabled

Hello
I have disabled MFA for the user but when they go to open up Outlook it keeps redirecting them to the “my Sign-ins” page asking them to download Microsoft Authenticator and setup the MFA.

The user has Business Standard License and the tenant is using security defaults.

Why is it forcing the user to setup MFA? We don’t want this right now .

The mailbox was just moved from On-prem exchange to office 365 and we are logging in to Outlook Web for the first-time. Is there something in the security defaults somewhere that is forcing this ?

azure-active-directoryoffice-exchange-online-itproazure-ad-multi-factor-authentication
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @JasonGodfrey-5248

Is there any update about your issue?

0 Votes 0 ·

Hi @JasonGodfrey-5248
Do you have any further issue on this topic?
Meanwhile, if there is no issue, please remember to mark helpful reply as answer to close the thread. Your action would be helpful to other users who encounter the same issue and read this thread.
Thanks for your understanding.

0 Votes 0 ·
michev avatar image
1 Vote"
michev answered

Well Security defaults for one enforces MFA registration, for all users, as detailed here: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults#policies-enforced

And you might also have self-service password reset registration enabled (which is now "unified" with the MFA registration flow).

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

joyceshen-MSFT avatar image
1 Vote"
joyceshen-MSFT answered

Hi @JasonGodfrey-5248

Agree with michev's suggestion above, please check the value of Enable Security defaults, toggle it to NO.

Sign in to the Azure portal as a security administrator, Conditional Access administrator, or global administrator.
Browse to Azure Active Directory > Properties.
Select Manage security defaults.
Set the Enable security defaults toggle to No.
Select Save.

Which discussed like this thread as well: MFA Shows Disabled, But Being Used


If an Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.