Prerequisites: Access to Azure Active Directory. Access to edit AD group properties for a user. AD role: Domain Administrator. Azure Active Directory Role Authentication Administrator

This guide covers how to completely disable an end user's MFA. Note that this is not recommended. Generally, we should have approval from information security before disabling a user’s MFA.

Active Directory

Active Directory.

1. Navigate to the user.
2. Open the user in AD.
3. Navigate to Member Of. 
4. Select AADP-P1 (or P2).
5. Select remove.

Azure Active Directory

1. Log into Azure AD.
2. On the left nav pane, select users.
3. Search for user.
4. Select the user.
5. Within the user menu, on the left nav pane select Authentication methods.
6. In the Authentication Contact Info, delete any data.
7. Click Save.

Note: Please allow 5 minutes to one day for MFA to be disabled.