Saturday, 13 Jul 2024
Technology

How to Disable Multi-Factor Authentication for a User in Azure

how to disable mfa for a user in azure

Azure AD MFA is not enabled by default for AAD and Microsoft 365 users, but it can be enabled if an admin chooses to enable Security Defaults on Azure AD. In some cases, being able to toggle MFA on or off for a specific user can be helpful. For example, in a development or test environment when working with sample code from Microsoft that doesn’t account for MFA.

Disabling Security Defaults on Azure AD

To disable MFA for a particular user, you need to disable Security Defaults on Azure AD. Here are the steps:

  1. Go to the AAD Admin Center.
  2. Drill down to Azure Active Directory… Manage… Properties… Manage Security defaults.
  3. Select “No” to “Enable Security Defaults”, then save.

Disabling Multi-Factor Authentication for a User

Once Security Defaults are disabled, you can disable MFA for a specific user. Follow these steps:

  1. Go to Azure Active Directory… Manage… Users.
  2. Click on the ellipsis (…) and then the “Multi-Factor Authentication” link (if the link is greyed-out, Security Defaults are still enabled).
  3. On the “Multi-Factor Authentication” page, select the user(s) and click on “Disable” under “quick steps” if MFA is currently enabled for them.
  4. Confirm by clicking “Yes”. To re-enable MFA for that user, select them again and click “Enable”. Note that you may have to go through MFA setup for that user after enabling.
Tham Khảo Thêm:  The Top 10 Dark Web Telegram Chat Groups and Channels

Frequently Asked Questions

Q: Are there any licensing/billing issues when disabling Security Defaults?

A: Yes, there may be licensing/billing issues when disabling Security Defaults. It’s important to note that Security Defaults are the official way to enable MFA without a costly Premium (P1 or P2) AAD subscription.

Q: Should I always use Microsoft’s Security Defaults?

A: I personally recommend always using Microsoft’s Security Defaults unless special circumstances exist. MFA has proven itself as one of the most effective means of foiling system incursions, and anyone who fails to deploy it wherever they can is taking unnecessary risks.

Conclusion

Disabling Multi-Factor Authentication for a user in Azure involves first disabling Security Defaults on Azure AD and then disabling MFA for the specific user(s). By following these steps, you can easily toggle MFA on or off as needed.

For more information on Azure Active Directory Security Defaults and enabling per-user Multi-Factor Authentication, please visit the Eireview website.