How to Disable Microsoft 365 Security Defaults to Stop Enforcing MFA Print

Overview

Security defaults in Microsoft Entra ID automatically enforce multi-factor authentication (MFA) for users and administrators. This guide explains how to disable security defaults in the Entra admin center if MFA enforcement needs to be removed from the tenant.

Prerequisites

• A Global Administrator or Conditional Access Administrator account
• Access to the Microsoft Entra admin center at entra.microsoft.com
• A replacement security approach planned (Conditional Access or per-user MFA) before disabling security defaults

Step 1 - Sign In to the Entra Admin Center

1. Go to entra.microsoft.com
2. Sign in with a Global Administrator or Conditional Access Administrator account

Step 2 - Navigate to Security Defaults

1. In the left navigation, expand Identity
2. Click Overview
3. Click Properties
4. Scroll to the bottom of the Properties page and click Manage security defaults

Step 3 - Disable Security Defaults

1. Click the Security defaults dropdown and select Disabled
2. Select a reason for disabling security defaults when prompted
3. Click Save
4. When the confirmation prompt appears, click Disable to confirm

Step 4 - Verify Security Defaults Are Disabled

1. Return to Identity > Overview > Properties
2. Scroll down to the Security defaults section - you should see the warning message "Your organization is not protected by security defaults"
3. Test sign-in with a non-admin user account to confirm MFA prompts have stopped

If Users Are Still Being Prompted for MFA

MFA prompts can be caused by more than just security defaults. If prompts continue after disabling, check the following:

• Conditional Access policies: go to Entra admin center > Protection > Conditional Access > Policies and look for any policies requiring MFA
• Per-user MFA (legacy): go to Entra admin center > Users > All users > Multi-factor authentication