Disable MFA from Read Only Service Accounts

Modified on Tue, 09 Apr 2019 at 05:55 AM

  • Login to the Office 365 admin center; 
  • Go to Users > Active Users;
  • Choose More > Setup Azure multi-factor auth. If you don't see this option, then you are not a global admin and you cannot perform the action.

The More menu on the Active Users page, with Setup Azure multi-factor auth selected.

  • Find the accounts for which you want to disable MFA 

  • Select the check box next to the people for whom you want to disable MFA. 
  • On the right, under quick steps, you'll see Enable and Manage user settings. Choose Disable                             




 Please note that new policy recenlty introduced by Microsoft that requires MFA for all the Global Admin and privileged accounts, including the CoreView Admin Read only could cause issue to the import. 


 To resolve this problem, you need to disable the policy or, alternatively, you can exclude the admin read only accounts from this policy. 



Please refer to this article for additional details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Baseline-security-policy-for-Azure-AD-admin-accounts-in-public/ba-p/245426


Note: In case the policy is enabled, you won't see that the MFA is enabled for the users from the Azure Active Directory Admin center. 


Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us how can we improve this article!

Select atleast one of the reasons

Feedback sent

We apprciate your effort and will try to fix the article