How do I disable the requirement to use Microsoft Authenticator in order to sign into my Microsoft Office 365 accounts? - Microsoft Q&A (2024)

2024-03-20T15:16:58.03+00:00

I recently tried to log into my Office 365 Admin account, and it wants me to sign up for a Microsoft Authenticator account and install the app on my phone. I want to disable this. I've searched several forums and found instructions to do this in Microsoft Azure, but I can never find exactly the right setting. Azure tells me Authenticator is disabled, but when I try to sign in, it keeps insisting that I install Authenticator.

I do not want to use Authenticator. How do I disable this?

Sign in to comment

1. 

   Josh Hansen-Sedor 160Reputation points

   2024-03-20T19:09:30.3366667+00:00

   Hi there,

   To disable Microsoft Authenticator please do the following:

   1. Sign in to the Azure portal as a global administrator or security administrator.
   2. Go to Azure Active Directory > Security > MFA.
   3. Under MFA settings, select Additional cloud-based MFA settings.
   4. Under service settings, select Microsoft Authenticator app.
   5. Change the setting to Disabled.

   Additionally you can Log into Microsoft Entra admin, go to Identity > Users > All Users > Per-user MFA > Service Settings

   From there you can uncheck the notifications for mobile app and verification code for app, any other settings you'd like from there. This is for all users, so please be aware and also please note that this severely lowers your security.

   If none of that works, then I'm convinced they enforce it.

   Thanks :)

   See Also

   How to disable MFA for a single user - Microsoft Q&AReset User Multi-Factor Authentication and Recovery CodesHow do I turn off the authenticator requirement on accounts? - Microsoft Q&AHelp And Training Community

   1. 

      Josh Hansen-Sedor 160Reputation points

      2024-03-20T19:02:09.1333333+00:00

      Hi,

      Wasn't able to see answer so wrote again, but see it now and now won't let me delete :)

   2. 

      Chris Dunaway 15Reputation points

      2024-03-20T19:18:49.07+00:00

      Where do I find "Azure Active Directory?" I get a message saying "Azure Active Directory is now Microsoft Entra ID"

   3. 

      Josh Hansen-Sedor 160Reputation points

      2024-03-20T19:33:52.6133333+00:00

      You will need to go to Microsoft Entra ID and follow the second instructions, wasn't aware that it is the same now.

   4. 

      Chris Dunaway 15Reputation points

      2024-03-25T19:16:55.8433333+00:00

      Thanks, I just tried this, and it says MULTI-FACTOR AUTH STATUS is "disabled" for all users. But when I log in, it still wants me to use Authenticator.

   5. 

      Make-A-Wish Belgium Vlaanderen 0Reputation points

      2024-05-27T10:38:57.7166667+00:00

      We're facing the same issue. authenticator stats are disabled but we keep receiving the message that in 14 days, we will be forced to use the authenticator app to login. We're using a central mailbox with 4 staff members. We don't know how we should manage that when the authenticator app will be connected to one of our phones... we don't have the same working hours.

   6. 

      Miłosz Tuszyński 0Reputation points

      2024-06-19T09:06:24.9033333+00:00

      Same issue, i think only possibility to turn of is to turn off for all users in

      Microsoft Entra ID > Properties >

      1. Under "Manage security defaults" settings at the bottom,
      2. At "security default" setting select from Enable to Disable options.

      But i only want to turn off ms authenticator questionairy for few users not for whole company

      See Also

      Permissions Reset 2

   7. 

      Ralf 0Reputation points

      2024-07-25T05:34:12.4433333+00:00

      Hey everyone, who's having this issue? The instruction is right and keep in mind the Azure Active Directory is now Microsoft Entra ID" from there go to the users, and select those users you want to reset their authenticator app from a stolen or broken device where their MS authenticator app is installed. Select the user and from the upper right click manage user settings. Check "Require selected users to provide contact methods again"

      This option will deactivate hardware OATH tokens and delete the following authentication methods from the previous device where it's installed.

      I hope thishelps.

   Sign in to comment

2. 

   Sun Wu 5Reputation points

   2024-06-06T10:18:51.5633333+00:00

   For people who are not ready to use SMS and Auth App. Can temporary turn off the MFA in Entra ID:

   Sign in to the Azure portal as a global administrator or security administrator.

   Try this first,

   1. Go to Microsoft Entra ID > Properties >
   2. Under "Manage security defaults" settings at the bottom,
   3. At "security default" setting select from Enable to Disable options.

   if still not working on above method, then

   1. Go to Microsoft Entra ID > Security > Authentication methods > Settings.
   2. Under "System-preferred multifactor authentication" settings, select from Enable to Disable options.

   Again, MFA is a good security policy for 2024, it is better to turn it on.

   1. 

      0Reputation points

      2024-07-18T22:01:03.4766667+00:00

      Ive done those steps and removed the authenticator issue so I can login now without it.
      Now I want to login on my authenticator app, But that still require me to use authenticator ap? What to do?

   Sign in to comment

3. 

   Ralf 0Reputation points

   2024-07-25T05:34:58.6066667+00:00

   Hey everyone, who's having this issue? The instruction is right and keep in mind the Azure Active Directory is now Microsoft Entra ID" from there go to the users, and select those users you want to reset their authenticator app from a stolen or broken device where their MS authenticator app is installed. Select the user and from the upper right click manage user settings. Check "Require selected users to provide contact methods again"

   This option will deactivate hardware OATH tokens and delete the following authentication methods from the previous device where it's installed.

   I hope thishelps.

   0 commentsNo comments

   Sign in to comment

4. 

   Richard 0Reputation points

   2024-08-01T11:52:18.0966667+00:00

   In Microsoft Entra ID

   Maybe it is under the Registration campaign.

   Go to Protection > Authentication Methods > Manage > Registration Campaign.

   You can click edit Settings and add an excluded user so they do not get the prompt

   1. 

      Richard 0Reputation points

      2024-08-01T11:52:57.7733333+00:00

      The above is still under Microsoft Entra ID

   Sign in to comment

Sign in to answer