Search code examples
azure-active-directorymicrosoft-entra-id

Disable MFA for Microsoft Entra (free account)

We are implementing the auth code flow for a new application. We are using a free account on Azure for Active Directory (now MS Entra) users and app registrations. In our test, the first login was successful but, as last step, it asks for confirmation using Microsoft Authenticator. This is very inconvenient: is a test environment and we need to perform demos in which we show how anyone can easily login. We will give users to people for test and demos and don't need that extra layer of security right now.

Unfortunately, when we look for information on how to disable MFA, we can't find it.

Some sites describe how to do it from Microsoft Entra ID > Users, but we see a different page. This is shown when I pick a user from Microsoft Entra ID > Users: enter image description here

We don't see anything on how to disable MFA for this particular user.

So, we tried to disable for everybody in this directory, so we navigate to Microsoft Entra ID > Security > Multifactor, and see: enter image description here

Yes, we are using a free account and we can't do much from here. In other hand it says "You need a Premium trial to use this feature", but we don't want to use it, that's the point: we want to disable. For sure we will use it in PROD, but not now with a site under construction. Also, we don't want to use a trial that will probably last few weeks.

To add confussion in my case, if we navigate to Microsoft Entra Id > Security > Authentication Methods, it shows MFA is disabled:

enter image description here

Does somebody know how to disable this anoyance?

Solution

  • Security Defaults is a default setting that will require all users to register for MFA: https://learn.microsoft.com/en-us/entra/fundamentals/security-defaults#block-legacy-authentication-protocols

    It does more than just require MFA but disabling Security Defaults does seem to be an option. https://learn.microsoft.com/en-us/entra/fundamentals/security-defaults#enabling-security-defaults

    An app store I am required to submit software to, requires that MFA is disabled on any test accounts we supply them. I created a Microsoft Entra ID free tenant that contains only the test accounts.