I've been struggling to find a way to fully disable Microsoft Multi-Factor Authentication (MFA) for anyone who isn't an admin. It's been quite frustrating! I've checked the various settings—everything seems to be disabled on my end—but some users still get prompted for a phone number while others are only shown a setup button. I have some screenshots that I'll share in the comments. Any help to resolve this would be greatly appreciated!
4 Answers
If you're dealing with this for a small org, I'd recommend looking into your password reset settings too. Sometimes, the skip options on account setups are tied to those settings. Just a thought!
Yeah, making your own user groups instead of relying on the default ones often helps with MFA settings. The default groups can create all sorts of issues, so building a custom group called "Users" might just do the trick!
Interesting! I wasn't aware that could change anything. I’ll try that.
Why are you trying to turn off MFA? It's a key part of security. If it's a matter of convenience in the office, consider using Conditional Access to set IP-based restrictions instead. This way, you can have less hassle without compromising security.
Exactly! There's often a way to work with security measures rather than disabling them entirely.
It sounds like you might want to check if security defaults are enabled in your environment. If they are, that could be enforcing MFA regardless of your settings. You can find more about it in Microsoft docs, but generally, security defaults can make it hard to configure things the way you want.
Yeah, make sure you look into your sign-in logs too! They can show you what's actually applying and might clarify why some users are prompted differently.
That could be it! It's worth checking to see what the prompts actually relate to.