Purpose:
This guide explains how to disable Multi-Factor Authentication (MFA), also known as Two-Factor Authentication (2FA), for one specific user in Microsoft 365.
Step 1 – Identify How MFA is Being Applied
MFA in Microsoft 365 can be enforced in three different ways:
-
Per-user MFA – Manually enabled for specific accounts.
-
Conditional Access policies – Require MFA based on certain conditions.
-
Security Defaults – Forces MFA for all users by default.
You must disable MFA from the correct place, depending on how it’s enabled.
Step 2 – Check & Disable Per-User MFA (Microsoft 365 Admin Center)
-
Sign in to the Microsoft 365 Admin Center as a global administrator.
-
Go to:
Users → Active users -
Click the Multi-factor authentication link at the top.
(This opens the MFA management page.) -
Locate the user in the list.
-
Under Multi-Factor Auth status, set it to Disabled.
-
Click Disable and confirm.
-
Ask the user to sign out and sign back in.
Step 3 – Check & Update Conditional Access (Azure Active Directory)
If MFA is still being requested, it may be enforced through Conditional Access.
-
Sign in to the Azure Portal.
-
Navigate to:
Azure Active Directory → Security → Conditional Access → Policies -
Review policies that require MFA.
-
If a policy applies to the user, edit the policy and exclude the user.
-
Save changes.
Step 4 – Check Security Defaults
If Security Defaults are enabled, MFA will be forced for all users.
-
In the Azure Portal, go to:
Azure Active Directory → Properties -
Click Manage Security defaults at the bottom.
-
If it’s set to Enabled, switch it to Disabled.
-
Save changes.
Important Notes
-
Disabling MFA significantly reduces account security.
-
Always confirm with the user why MFA is being removed.
-
Consider re-enabling MFA once the issue is resolved.
Quick Checklist
-
Check per-user MFA settings.
-
Review Conditional Access policies.
-
Verify if Security Defaults are enabled.
-
Ask the user to re-login after changes.