How to Disable Multi Factor Authentication (MFA) in Office 365?

Multi Factor Authentication (MFA) in Microsoft 365 (Office 365) is an authentication method that requires more than one factor to be used to authenticate a user. MFA provides additional security when performing user authentication. In this article, we’ll take a look at how to disable MFA in Microsoft 365 for all users or single one.

MFA in Microsoft 365 is based on the Azure Multi-Factor Authentication service. In addition to the password, Microsoft 365 users are encouraged to use one of the following MFA verification methods:

  • Confirmation with one-time password via SMS message;
  • Confirmation of one-time password by phone call;
  • Using the Microsoft Authenticator mobile app (available in Google Play for Android and in App Store for iOS devices). In the Microsoft Authenticator app, you can use a one-time password (6 digits) for sign-in confirmation.

You can disable MFA for a user through the Microsoft 365 Admin Center web interface or by using PowerShell.

Hint. Microsoft 365 Security Defaults must be disabled for your tenant.

  1. Go to Microsoft 365 Admin Center ( and sign-in under an account with tenant Global administrator permissions;
  2. Go to Users > Active Users;
  3. Click on Multi-factor authentication;
    disable mfa office 365
  4. A page will appear with a list of users in your Microsoft 365 tenant and the MFA status for each of them;
  5. To disable MFA for a user, click on it;
    office 365 disable mfa
  6. Several buttons will appear in the right column (Quick Steps) which allow to enable, disable MFA, or configure user settings;
  7. Click on Disable and confirm to disable MFA for the user.
    turn off mfa office 365

On the Service Settings tab, you can configure additional MFA options. Here you can:

  • Add a list of trusted IP subnets, which users don’t need to use MFA;
  • Enable/disable certain MFA methods.

office 365 disable two factor authentication

You can enable or disable MFA for a Microsoft 365 (Office 365) user using PowerShell. To accomplish this task, you need to use the MSOnline PowerShell module.

Check if the MSOnline module is installed on your computer:

Get-Module -Name MSOnline

disable two factor authentication office 365

If the module is missing, install it:

Install-Module MSOnline

Connect to your Microsoft 365 tenant:

$MSOCred = Get-Credential

Connect-MsolService -Credential $MSOCred

Hint. The Get-MsolUser cmdlet is used in the MSOnline module to get the user account detail.

To check if MFA is enabled or disabled for a specific user, run the commands:

$user=Get-MsolUser –UserPrincipalName

$user| select DisplayName,UserPrincipalName,@{N="MFA Status"; E={ if( $_.StrongAuthenticationMethods.IsDefault -eq $true) {($_.StrongAuthenticationMethods | Where IsDefault -eq $True).MethodType} else { "Disabled"}}}

office 365 turn off two factor authentication

In this example, MFA is enabled for the user through the Microsoft Authenticator mobile app (PhoneAppNotification).

Hint. One of four MFA methods can be enabled for the user:

  • PhoneAppOTP

  • PhoneAppNotification

  • OneWaySMS

  • TwoWayVoiceMobile

To display the MFA status for all Microsoft 365 tenant users, run:

$users= Get-MsolUser -all
$users| select DisplayName,UserPrincipalName,@{N="MFA Status"; E={ if( $_.StrongAuthenticationMethods.IsDefault -eq $true) {($_.StrongAuthenticationMethods | Where IsDefault -eq $True).MethodType} else { "Disabled"}}}|Format-Table

disable 2 factor authentication office 365

To disable MFA for a specific user, run the command:

Get-MsolUser -UserPrincipalName| Set-MsolUser -StrongAuthenticationRequirements @()
I enjoy technology and developing websites. Since 2012 I'm running a few of my own websites, and share useful content on gadgets, PC administration and website promotion.

One comment

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.