How to Disable Multi-Factor Authentication (MFA) in Office 365 using PowerShell?
Read time: 4 minutes
Earlier, while using Office 365, there was no need to enable MFA (Multi-factor authentication). During that period, the need for it was much lower, due to less number of attacks and brute force attempts at Office 365. But in the current scenario, more and more organizations have moved to the cloud, which leads to enabling the MFA as the number of attacks on accounts is rising.
You have been aware of the traditional authentication method using usernames and passwords, but MFA (multi-factor authentication) combines three factors: something you know, something you have, and something you are. This security code adds a layer of security to protect the online account.
How does MFA function?
Earlier, we used to secure our account using a username and password as it was sufficient to create a secure environment. But now, as the attacks are targeted directly to cloud, so the security solutions that come with MFA add the multi-layered security.
There are three factors of authentication:
- Username & password
- A physical device, Mobile no. or email id that can receive a login code
- Biometrics, like fingerprint scanning
- Multi-factor authentication (MFA) is a great way to strengthen security effectively without any expenses.
- Significant in terms of reducing the fear of identity theft in businesses.
- There is no threat of password leaks, as no one can unlock your profile just by using the password.
- Even if you are using any third-party tools and applications like anti-virus and firewalls to secure your account, then you must know the MFA used to protect them against any cyber-attack.
- For Office 365 MFA, you do not need to pay for any additional license.
By default, MFA is enabled for all new Azure tenants. And when you are disabling MFA from your Microsoft 365 users, you first need to disable the Microsoft 365 Security Defaults.
- Sign into your Azure Portal using your global admin account for the tenant.
- Here, go to the properties in Azure Active Directory.
- Now click Manage Security Defaults.
- Here you can see a switch Enable security defaults (Yes/No) will appear.
- To disable, change its value to No with one specific reason.
From now, there will be no reminders for users about setting Multi-Factor Authentication when logging in. And You can disable MFA through the Microsoft 365 Admin Center web interface or PowerShell.
To disable MFA, connect to Azure AD with PowerShell and then run the command to disable MFA for a single user or all users.
Now, we will look at how to disable MFA in Microsoft 365 for single users-
1. Connect to the Msol-Service in PowerShell:
In case if you are already installed with Msolservice, then run the following command-
2. Now disable MFA for a single Office 365 user.
Above highlighted under a double inverted comma, you can enter the address where you want to disable MFA.
Here We will see how to Disable MFA for all Office 365 users.
- Sign into your Office 365 admin center.
- Here, select Users and then Active users at the left pane.
- Now go to More and select multi-factor authentication setup.
- Here, you can select the User check box.
- Finally, select the Disable option.
If you are willing to disable the MFA, I will suggest not doing so. But if you have decided, I recommend you back up your entire data on your local system to avoid the risk of unwanted threats like ransomware attacks on the data. You can either choose to go for backup of the whole data manually you can go for an automated solution to save time. And the best to suggest in tool is always the Kernel Office 365 Backup & Restore tool, which backup and keeps your data intact in its original format.
Conclusion
I hope through this article, you have learned to disable MFA Office 365 for a single user or all using PowerShell. But I will always suggest using MFA to enjoy your extra secure Office 365 platform. For more such informative blogs, keep in touch!
