Intro
By default, Microsoft Entra will manage and enforce the multifactor authentication (MFA) methods available in new Microsoft tenants. This usually defaults to Microsoft Authenticator and a handful of other methods. For a number of reasons, though, Entra administrators may need to change or disable the MFA methods available to their users. In this step-by-step tutorial, we'll show you how!
Steps
1 . Start by signing in to the Microsoft Entra admin center at https://entra.microsoft.com
2. From the home page, find the Protection section in the left-hand navigation menu
3. Expand the Protection menu, and click on Authentication methods
4. On the Authentication methods page, you'll see all of the MFA methods available and if they are enabled
5. Click on the name of each method you want to configure. For this example, we'll disable the Passkey (FIDO2) method:
6. Ensure that any users who use Passkeys have additional MFA methods configured (e.g. Microsoft Authenticator, SMS, Email OTP). If not, you should give them advance notice and ask them to configure another method. Otherwise, they may be temporarily locked out you'll need to reset their MFA methods.
7. When ready, click I Acknowledge and click Save
Conclusion
That's it! Managing the authentication methods available for your users is easy in the Microsoft Entra admin center. For all of your Microsoft consulting and licensing needs, contact Cosmistack!
