Thursday, September 21, 2023

Users Prompted for MFA even when disabled in Office 365

This has happened a few times now, whereby even though the MFA is disabled on the user accounts, the system still insists that it wants the user to set it up and use it. Why is this happening? You would think that be turning it off for each user would fix the problem. The fix is actually surprisingly simple and involves a simple toggle button. Here is where to find it…..

Firstly, the screen below shows that all users in my ‘test’ domain,, do in fact have their MFA disabled.

The problem is because the new tenant has had the ‘Default Security’ enabled which enforces MFA in the backend despite the settings for individual users. To turn this off and allow you to have a more granular approach firstly navigate to

This will take you to the main Azure page for your tenant, whereby you need to select the ‘Azure Active Directory’ item as shown below.

Next, select the ‘Properties’ option, also as shown below.

The Properties page will then confirm what we were thinking, as by selecting the ‘Manage Security Defaults’ link at the bottom…….

You will see that the you have the option to turn off the security defaults. Make the change and hit Save.

Once you do this, it will take a few minutes to fully take effect. But you will find that all the granular MFA options that you place on the users will now work correct.

Thank you reading, please remember to subscribe to the YouTube channel for more content.

Mark Rochester
Mark Rochester
Mark currently works in the cloud space assisting large companies to migrate from either on premises to the cloud, or cloud to cloud. His experience with Enterprise migrations spans more than 25 years which basically makes him old. However, with all the oldness creeping up he still finds technology massively exciting. Please reach out for a chat anytime you would like. :-)

Related Articles

Stop Microsoft Teams Sprawl

Anybody that has come into an organization and looked at the Teams Admin Center, had a heart attack because there are so many Teams...

Microsoft 365 Workload Activity Report

Well that's a pretty boring title and an even more boring name for a script. However the output is definitely not boring as it...

Migrate GoDaddy M365 Email to a Full M365 Tenant

We do come across this scenario whereby the GoDaddy M365 Email option has been selected when you register your domain and you end up...

Stay Connected

- Advertisement -

Latest Articles