How to Enable or Disable MFA in Office 365 (Complete Step-by-Step Guide)

How to Enable or Disable MFA in Office 365

Security is one of the most important reasons for managing email and cloud data. If you’re an admin, understanding how to enable or disable MFA in Office 365 is critical to protecting user accounts from unauthorized access.

Multi-Factor Authentication (MFA) allows an extra layer of security beyond passwords. Even if a password is compromised, attackers cannot access the account without the two-step verification method.

In this guide, we’ll explain:

  • How to enable/disable MFA in Office 365 (Microsoft 365)
  • How to enable/disable MFA in Office 365 (Microsoft 365)  for a user
  • How to enable/disable MFA in Office 365 (Microsoft 365) Admin Center
  • Best practices for managing MFA securely

What is MFA in Office 365?

MFA (Multi-Factor Authentication) allows users to verify their account login using two or more authentication methods, such as:

  • Account Password for login
  • One-time passcode (OTP) 
  • Authenticator app
  • Biometric verification etc.

In Microsoft 365 (formerly known as Office 365), MFA is managed through the admin center and identity platform.

How to Enable or Disable MFA in Office 365

If you’re looking for how to enable/disable MFA in Office 365, follow the steps below.

Step 1: Log in to office 365 Admin Center

Go to: https://admin.microsoft.com

Sign in to your Global Admin account.

Step 2: Open Active Users

  • Navigate to Users Section in Microsoft admin center
  • Click Active Users

Step 3: Open Multi-Factor Authentication Page

  • Click Multi-factor authentication (top menu)

From here, you can enable or disable MFA for selected users.

How to Enable/Disable MFA in Office 365 for a User

If you want to manage MFA for a single user employee account, follow these steps:

Enable MFA for a User Account

  1. Go to the Office 365 Admin Center
  2. Click Users > Active Users
  3. Click Multi-Factor Authentication option
  4. Select the user account 
  5. Click Enable
  6. Confirm the action

The user will be prompted to configure MFA during their next sign-in.

Disable MFA for a User

If you need to temporarily turn it off the two step verification:

  1. Go to Users > Active Users
  2. Click Multi-Factor Authentication
  3. Select the user
  4. Click Disable
  5. Confirm

⚠️ Disabling MFA reduces account security, so only do this for troubleshooting or temporary situations.

How to Enable/Disable MFA in Office 365 Admin Center (All Users)

If you’re searching for how to enable/disable MFA in Office 365 Admin Center for multiple or all users, here’s how:

Enable MFA for All Users

  1. Open Admin Center 
  2. Go to Users > Active Users
  3. Click Multi-Factor Authentication
  4. Select all users (or multiple users)
  5. Click Enable
  6. Confirm

Disable MFA for All Users

  1. Go to Multi-Factor Authentication
  2. Select all users
  3. Click Disable
  4. Confirm

Advanced Method: Using Identity Policies (Recommended)

Instead of enabling MFA manually per user, Microsoft recommends using identity policies inside Microsoft Entra ID.

Steps:

  1. Go to https://entra.microsoft.com
  2. Navigate to Protection > Conditional Access
  3. Click New Policy
  4. Select All Users
  5. Under Grant Controls → Select Require Multi-Factor Authentication
  6. Enable the policy

This approach gives better control and is more secure for organizations.

Why You Should Enable MFA in Office 365

Here’s why enabling MFA is important:

  • Prevents phishing attacks
  • Protects admin accounts
  • Secures remote access
  • Reduces risk of data breaches
  • Meets compliance requirements

Cyberattacks often target email accounts first. Without MFA, a single stolen password can compromise your entire organization.

When Should You Disable MFA?

Disabling MFA may be required in cases such as:

  • User device lost or replaced
  • Troubleshooting login issues
  • Temporary migration process
  • Account recovery

Always re-enable MFA as soon as possible.

Best Practices for Managing MFA

✔ Enable MFA for all admins first
✔ Use app-based authentication instead of SMS
✔ Set up emergency break-glass accounts
✔ Monitor sign-in activity regularly
✔ Use Conditional Access policies for automation

Final Thoughts:

Understanding how to enable or disable MFA in Office 365 is essential for maintaining a secure cloud environment. Whether you need to manage MFA for a single user or configure it for your entire organization through the Office 365 Admin Center, the process is straightforward when done correctly.

Additionally, to safeguard your business data from accidental deletion, ransomware, or retention policy gaps, you can back up your data using the SkyMigrate Office 365 Backup Solution for complete and secure protection.

For stronger protection, always prefer Conditional Access policies inside Microsoft Entra ID rather than manual per-user settings.

Securing your organization starts with identity protection — and MFA is the first step toward a safer Office 365 environment.

Rahul Singh

Rahul has spent years working directly with businesses as they navigate the complexities of cloud migration. He’s been in the trenches during critical cutover windows—troubleshooting unexpected issues and helping teams avoid the pitfalls that turn straightforward migrations into costly delays. His writing draws from real deployments, where planning meets reality and small misconfigurations can mean downtime. Through SkyMigrate, he shares practical insights and lessons learned so teams can approach their migrations with clearer expectations and fewer surprises.

Scroll to Top