SharePoint (2003 thru Online): Enable/Disable Multi-factor authentication (MFA) for selected users in M365/O365

Wednesday, February 9, 2022

Enable/Disable Multi-factor authentication (MFA) for selected users in M365/O365

The most common method of authenticating sign-in thru Passwords became most vulnerable with easy passwords and same passwords for multiple sign-ins to different services.

Multi-factor authentication (MFA) provides an additional level of security for sign-ins, which uses both a password (which should be strong) and an additional verification method like smart phone or biometric attribute.

The additional verification method is not employed until after the user's password has been verified. With MFA, even if a strong user password is compromised, the attacker does not have your smart phone or your fingerprint to complete the sign-in.

In few cases we need to disable MFA, for Service accounts and Shared Mailbox accounts, used/managed by a group.

Below are steps to enable/disable MFA for selected users.

Go to M365 admin center > Users > Active Users (using the below link)
https://admin.microsoft.com/Adminportal/Home#/users

Click on Multi-factor authentication.


or Go to Azure Portal > AAD > All Users 
(using the below link)

Click on Per-user MFA


It will land in a different page routing to the below link.
https://account.activedirectory.windowsazure.com/UserManagement/MultifactorVerification.aspx?BrandContextID=O365
Select the user and Click on Disable in the side pane. (If you want to enable, Click on Enable)
Click on Yes

Close the message box.

Verify the MFA Status.

No comments:

Post a Comment