Forum Discussion

Copper Contributor

Dec 22, 2025

In "Per-user multifactor authentication" I disabled MFA for one user; All got disabled

Hi, I'm the 365 admin for our org. Today I had a user that got a new phone and became stuck in a MS Authenticator app loop. (The app required MFA to login to the app, but they can't login to the a...

Authentication

Authenticator app

microsoft 365 admin center

Kidd_Ip

MVP

Dec 23, 2025

The behavior you encountered is a recognized limitation of the legacy Per-user MFA management page in Microsoft 365. Although the interface allows you to select an individual account, the “Disable MFA” action may inadvertently affect all users in the tenant. This occurs because per-user MFA is an older mechanism that does not consistently function as expected. Microsoft now advises administrators to manage multifactor authentication through Conditional Access policies, which provide more reliable, granular, and supported controls than the per-user portal.

ScottoMR

Copper Contributor

Dec 25, 2025

Thanks for the reply, and fair enough. But in that case it's odd that the legacy page is 1) still accessible via the admin console, and 2) buggy in production.

I'll use the other mechanism going forward, though.