You’ll receive this message if MFA is enabled for the user. MFA is great but if you don’t want it enabled for any reason, here’s how to disable it.
MFA May be Enabled per User
MFA may be enabled per user. Log into Office 365 admin center -> users -> active users -> click Multi-factor authentication (that option will only display if no users are selected which is counter-intuitive).
MFA May be Enforced for All Users via a Conditional Access Baseline Policy
Conditional Access Baseline Policies are being retired but I’ve still found them active on some tenants.
You disable them by logging into 365 admin center -> Azure Active Directory -> All Services -> Enterprise applications -> Conditional Access Policies. Disable the “Baseline policy: Require MFA for admins (Preview)” policy.
MFA May be Enforced for All Users via Azure Security Defaults
MFA may be enforced for all users via Azure security defaults which replace the Conditional Access Baseline Policies.
The Security Defaults option can be found by logging into Office 365 admin center -> Azure Active Directory > Manage –> Properties > Manage Security Defaults (it’s not in the Conditional Access area). Then clicking No for the “Enable Security defaults” button the right side.
Jason works as a project specialist at an IT MSP in Erie, Pennsylvania, USA. He’s an IT/security professional with 19 years experience.