Multi-factor authentication (MFA) provides an additional level of security for sign-ins, which uses both a password (which should be strong) and an additional verification method like smart phone or biometric attribute.
The additional verification method is not employed until after the user's password has been verified. With MFA, even if a strong user password is compromised, the attacker does not have your smart phone or your fingerprint to complete the sign-in.
In few cases we need to disable MFA, for Service accounts and Shared Mailbox accounts, used/managed by a group.
Below are steps to enable/disable MFA for selected users.
Go to M365 admin center > Users > Active Users (using the below link)
https://admin.microsoft.com/Adminportal/Home#/users
Click on Multi-factor authentication.
or Go to Azure Portal > AAD > All Users (using the below link)
or Go to Azure Portal > AAD > All Users (using the below link)
Click on Per-user MFA
It will land in a different page routing to the below link.
https://account.activedirectory.windowsazure.com/UserManagement/MultifactorVerification.aspx?BrandContextID=O365
It will land in a different page routing to the below link.
https://account.activedirectory.windowsazure.com/UserManagement/MultifactorVerification.aspx?BrandContextID=O365
Select the user and Click on Disable in the side pane. (If you want to enable, Click on Enable)
Click on Yes
Close the message box.
Verify the MFA Status.
No comments:
Post a Comment