“Your administrator requires you to add additional security info to help you recover your account” when logging into Office 365

You’ll receive this message if MFA is enabled for the user. MFA is great but if you don’t want it enabled for any reason, here’s how to disable it.

MFA May be Enabled per User

MFA may be enabled per user. Log into Office 365 admin center -> users -> active users -> click Multi-factor authentication (that option will only display if no users are selected which is counter-intuitive).

MFA May be Enforced for All Users via a Conditional Access Baseline Policy

Conditional Access Baseline Policies are being retired but I’ve still found them active on some tenants.

You disable them by logging into 365 admin center -> Azure Active Directory -> All Services -> Enterprise applications -> Conditional Access Policies. Disable the “Baseline policy: Require MFA for admins (Preview)” policy.

MFA May be Enforced for All Users via Azure Security Defaults

MFA may be enforced for all users via Azure security defaults which replace the Conditional Access Baseline Policies.

The Security Defaults option can be found by logging into Office 365 admin center -> Azure Active Directory > Manage –> Properties > Manage Security Defaults (it’s not in the Conditional Access area). Then clicking No for the “Enable Security defaults” button the right side.

Leave a Reply

Your email address will not be published. Required fields are marked *