How to Disable Two-Factor Authentication (2FA/MFA) for a Single Microsoft 365 User Print

  • 0

Purpose:
This guide explains how to disable Multi-Factor Authentication (MFA), also known as Two-Factor Authentication (2FA), for one specific user in Microsoft 365.


Step 1 – Identify How MFA is Being Applied

MFA in Microsoft 365 can be enforced in three different ways:

  1. Per-user MFA – Manually enabled for specific accounts.

  2. Conditional Access policies – Require MFA based on certain conditions.

  3. Security Defaults – Forces MFA for all users by default.

You must disable MFA from the correct place, depending on how it’s enabled.


Step 2 – Check & Disable Per-User MFA (Microsoft 365 Admin Center)

  1. Sign in to the Microsoft 365 Admin Center as a global administrator.

  2. Go to:
    Users → Active users

  3. Click the Multi-factor authentication link at the top.
    (This opens the MFA management page.)

  4. Locate the user in the list.

  5. Under Multi-Factor Auth status, set it to Disabled.

  6. Click Disable and confirm.

  7. Ask the user to sign out and sign back in.


Step 3 – Check & Update Conditional Access (Azure Active Directory)

If MFA is still being requested, it may be enforced through Conditional Access.

  1. Sign in to the Azure Portal.

  2. Navigate to:
    Azure Active Directory → Security → Conditional Access → Policies

  3. Review policies that require MFA.

  4. If a policy applies to the user, edit the policy and exclude the user.

  5. Save changes.


Step 4 – Check Security Defaults

If Security Defaults are enabled, MFA will be forced for all users.

  1. In the Azure Portal, go to:
    Azure Active Directory → Properties

  2. Click Manage Security defaults at the bottom.

  3. If it’s set to Enabled, switch it to Disabled.

  4. Save changes.


Important Notes

  • Disabling MFA significantly reduces account security.

  • Always confirm with the user why MFA is being removed.

  • Consider re-enabling MFA once the issue is resolved.


Quick Checklist

  • Check per-user MFA settings.

  • Review Conditional Access policies.

  • Verify if Security Defaults are enabled.

  • Ask the user to re-login after changes.


 


Was this answer helpful?

« Back