I'm trying to set up a new surface for an employee and when I go to Azure join the device with his account it want's me to enter 2fa info like a phone number. I have no active CA policies, Security Defaults are off, and not legacy MFA or per user MFA is on for this user. How do I turn this off temporarily so I can get his machine set up and ready for him and then later turn MFA back on?