The Problem: MFA is disabled, but your Users are still being forced to enable it.


What gives? Though you may have disabled Microsoft 365 MFA, or not even have installed it in the first place, Microsoft is still making you go through the MFA cycle.

Despite the popularity of Microsoft 365 and the apps it offers, it isn’t always the most user friendly program. We spend A LOT of time working with both Google Workspace and Microsoft 365, and see the challenges from both suites.

Conditional Access is the answer!


Sign-in logs can be a great resource for determining what might force the MFA prompt. In Microsoft, there are some “hidden” types of Conditional Access. Confusingly enough, MFA can be explicitly enforced even though it’s explicitly disabled!

This might result from the “Microsoft App Access Panel” application. The culprit is often that “Enable Azure Active Directory” self-service password reset (SSPR) has been enabled – you’ll need to disable this, and your Users should soon be able to log in as you’d expect based on the settings in your admin.microsoft.com control panel.