Pico
Joined: 18 Jan 2004
Posts: 250
Location: HostMachine.net
|
Posted: 19.3.2024, 12:58 Post subject: O365 MFA multifactor authentication and security defaults |
|
|
When you buy O365 subscription, standard for example, you get Security Defaults enabled by default. This means MFA authentication is also Enabled for all users, despite showing it being Disabled when you look at MFA settings page. This is one of many discrepancies of Microsoft's O365 admin interfaces.
Many users want MFA being disabled for ease of use, especially if fluctuation of users is higher and they do not have internal IT caretaker. Anyways, if you want to turn MFA to Disabled, you need to progress two steps:
1. Disable Security Defaults
They are kinda hard to find under Microsoft Entra ID --> Properties: https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/Properties
Then check if MFA is disabled under System preffered Milti-factor authentication here: https://portal.azure.com/#view/Microsoft_AAD_IAM/AuthenticationMethodsMenuBlade/~/AuthMethodsSettings
But keep in mind that by doing step (1) you are disabling MFA only for new users, while all older ones will still remember old settings, which ends up MFA being still Enabled. So you must
2. Reset MFA settings
for all existing users under another weird hidden place, Microsoft Entra ID --> Users --> Per user MFA:
https://account.activedirectory.windowsazure.com/UserManagement/MultifactorVerification.aspx?culture=en-SI&BrandContextID=O365
There you select one or more users, then select quick action Manage user settings and select 3rd checkbox Restore multi-factor authentication on all remembered devices |
|