Multi-Factor Authentication (MFA), also known as 2-Step Verification or Two-Factor Authentication (2FA), is an important security layer in Microsoft 365 (Office 365).
However, situations occur when an administrator must change, reset, or disable MFA for a user — for example:
User lost their phone
Authenticator app not working
Phone number changed
New device setup
Temporary MFA disable for troubleshooting
This article provides a step-by-step guide for Microsoft 365 administrators to modify, reset, or remove authenticator settings.
Before proceeding, ensure:
✔ You are logged into Microsoft 365 Admin Center
✔ Your account has Global Admin or Authentication Admin role
Follow these steps:
1️⃣ Open Microsoft 365 Admin Center → https://admin.microsoft.com
2️⃣ Navigate to:
Users → Active Users
3️⃣ Select the User
4️⃣ On right panel → Click Manage multifactor authentication
5️⃣ A new MFA dashboard will open
6️⃣ Select the user checkbox
7️⃣ Click Disable under Quick Steps
8️⃣ Confirm the action
9️⃣ Ask the user to sign-in again (MFA will no longer be required)
? Note: This only works if MFA is configured as Per-User MFA, NOT enforced by security defaults or conditional access.
Use this if a user lost phone or needs to re-register MFA:
1️⃣ Open Azure Active Directory / Entra Admin Center
2️⃣ Go to:
Users → All Users → Select User
3️⃣ Click Authentication Methods
4️⃣ Remove old phone, app enrollment, or methods
5️⃣ Click Require re-register MFA
6️⃣ Save changes
Next login → user will be prompted to set up MFA again successfully.
If MFA is still enforced, check these two places:
1️⃣ Go to
Azure AD → Properties → Manage Security Defaults
2️⃣ Toggle OFF
3️⃣ Save Changes
(For organizations using Entra ID Premium)
1️⃣ Azure AD → Security → Conditional Access
2️⃣ Edit policies enforcing MFA
3️⃣ Exclude user or remove enforcement temporarily
4️⃣ Save changes
⚠️ Disabling org-wide policies affects tenant security — use caution.
Depending on the authentication setup in your tenant, you must choose the correct method:
| Requirement | Best Method |
|---|---|
| Remove MFA completely for one user | Disable Per-User MFA |
| User lost mobile device | Reset MFA / Require re-registration |
| MFA still enforced | Check Security Defaults / Conditional Access |
With these steps, administrators can fully manage Microsoft 365 MFA settings without user interruption.
#Microsoft365 #Office365 #MFA #2FA #MultiFactorAuthentication #AuthenticatorApp #AzureAD #EntraID #MicrosoftAdmin #ITAdmin #SecurityDefaults #ConditionalAccess #AdminGuide #TechSupport #CloudSecurity #IdentityManagement #MicrosoftSecurity #ResetMFA #DisableMFA #UserAuthentication #MicrosoftTutorial #AdminCenter #TechHowTo #AuthenticationSetup #ITSecurity #CyberSecurity #EnterpriseSecurity #SecureLogin #TechTraining #UserManagement #PasswordSecurity #MicrosoftHelp #AccountRecovery #AuthenticatorReset #M365Security #AzureSecurity #SignInSupport #DeviceManagement #CorporateSecurity #SystemAdmin #LoginTroubleshoot #DataProtection #SecurityAdmin #BusinessIT #ITSupport #AccountSecurity #AdminTraining #TechArticle #CloudAdmin #SecureAccess
