How to Change or Remove Microsoft 365 Multi-Factor Authentication (MFA) / Authenticator Settings for Any User from Admin Center

📅 27 Nov 2025 📂 General 👁 146 views

Multi-Factor Authentication (MFA), also known as 2-Step Verification or Two-Factor Authentication (2FA), is an important security layer in Microsoft 365 (Office 365).
However, situations occur when an administrator must change, reset, or disable MFA for a user — for example:

User lost their phone
Authenticator app not working
Phone number changed
New device setup
Temporary MFA disable for troubleshooting

This article provides a step-by-step guide for Microsoft 365 administrators to modify, reset, or remove authenticator settings.

? Prerequisites

Before proceeding, ensure:

✔ You are logged into Microsoft 365 Admin Center
✔ Your account has Global Admin or Authentication Admin role

? Part 1 — How to Disable MFA for a Specific User (Per-User MFA)

Follow these steps:

1️⃣ Open Microsoft 365 Admin Center → https://admin.microsoft.com
2️⃣ Navigate to:
Users → Active Users
3️⃣ Select the User
4️⃣ On right panel → Click Manage multifactor authentication
5️⃣ A new MFA dashboard will open
6️⃣ Select the user checkbox
7️⃣ Click Disable under Quick Steps
8️⃣ Confirm the action
9️⃣ Ask the user to sign-in again (MFA will no longer be required)

? Note: This only works if MFA is configured as Per-User MFA, NOT enforced by security defaults or conditional access.

? Part 2 — Reset MFA/Authenticator for a User (Without Disabling MFA)

Use this if a user lost phone or needs to re-register MFA:

1️⃣ Open Azure Active Directory / Entra Admin Center
2️⃣ Go to:
Users → All Users → Select User
3️⃣ Click Authentication Methods
4️⃣ Remove old phone, app enrollment, or methods
5️⃣ Click Require re-register MFA
6️⃣ Save changes

Next login → user will be prompted to set up MFA again successfully.

? Part 3 — Remove Organization-Wide MFA Enforcement

If MFA is still enforced, check these two places:

A) Disable Security Defaults

1️⃣ Go to
Azure AD → Properties → Manage Security Defaults
2️⃣ Toggle OFF
3️⃣ Save Changes

B) Check Conditional Access Policies

(For organizations using Entra ID Premium)

1️⃣ Azure AD → Security → Conditional Access
2️⃣ Edit policies enforcing MFA
3️⃣ Exclude user or remove enforcement temporarily
4️⃣ Save changes

⚠️ Disabling org-wide policies affects tenant security — use caution.

? Conclusion

Depending on the authentication setup in your tenant, you must choose the correct method:

Requirement Best Method
Remove MFA completely for one user Disable Per-User MFA
User lost mobile device Reset MFA / Require re-registration
MFA still enforced Check Security Defaults / Conditional Access

Requirement	Best Method
Remove MFA completely for one user	Disable Per-User MFA
User lost mobile device	Reset MFA / Require re-registration
MFA still enforced	Check Security Defaults / Conditional Access

With these steps, administrators can fully manage Microsoft 365 MFA settings without user interruption.

#Microsoft365 #Office365 #MFA #2FA #MultiFactorAuthentication #AuthenticatorApp #AzureAD #EntraID #MicrosoftAdmin #ITAdmin #SecurityDefaults #ConditionalAccess #AdminGuide #TechSupport #CloudSecurity #IdentityManagement #MicrosoftSecurity #ResetMFA #DisableMFA #UserAuthentication #MicrosoftTutorial #AdminCenter #TechHowTo #AuthenticationSetup #ITSecurity #CyberSecurity #EnterpriseSecurity #SecureLogin #TechTraining #UserManagement #PasswordSecurity #MicrosoftHelp #AccountRecovery #AuthenticatorReset #M365Security #AzureSecurity #SignInSupport #DeviceManagement #CorporateSecurity #SystemAdmin #LoginTroubleshoot #DataProtection #SecurityAdmin #BusinessIT #ITSupport #AccountSecurity #AdminTraining #TechArticle #CloudAdmin #SecureAccess

Microsoft 365 Office 365 Multi Factor Authentication MFA 2FA Authenticator app Disable MFA Remove MFA Reset MFA Microsoft Authenticator Admin Center Azure AD Entra ID Conditional Access Security Defaults User Authentication Lost phone Rec

← Back to Home