This has happened a few times now, whereby even though the MFA is disabled on the user accounts, the system still insists that it wants the user to set it up and use it. Why is this happening? You would think that be turning it off for each user would fix the problem. The fix is actually surprisingly simple and involves a simple toggle button. Here is where to find it…..
Firstly, the screen below shows that all users in my ‘test’ domain, talisoft.com, do in fact have their MFA disabled.
The problem is because the new tenant has had the ‘Default Security’ enabled which enforces MFA in the backend despite the settings for individual users. To turn this off and allow you to have a more granular approach firstly navigate to
https://portal.azure.com
This will take you to the main Azure page for your tenant, whereby you need to select the ‘Azure Active Directory’ item as shown below.
Next, select the ‘Properties’ option, also as shown below.
The Properties page will then confirm what we were thinking, as by selecting the ‘Manage Security Defaults’ link at the bottom…….
You will see that the you have the option to turn off the security defaults. Make the change and hit Save.
Once you do this, it will take a few minutes to fully take effect. But you will find that all the granular MFA options that you place on the users will now work correct.
Thank you reading, please remember to subscribe to the YouTube channel for more content.
