Microsoft Microsoft Business/Work Account Mandatory 2FA (Two-Step Verification) Release Scheme

Microsoft 微软商业Business/工作账户 强制2FA(二步验证)解除方案


Received notice from Microsoft a few weeks ago that a secure default will be enabled for Business Global in the first few days, i.e. Force Global 2FA.

2FA, that is, two-step verification, two-factor verification, generally SMS verification code, email verification code, password device (such as Google and Microsoft)

But this thing will only disgust itself in most cases. This article describes how to close it.

Reference documents and related websites

2-Step Verification FAQ for work or school accounts


Portal AZURE

Secure defaults in Azure AD

close guide

Note that personal accounts (login to the domain name can be closed directly. Work and school, that is, For Business can only be turned off by administrators

Preliminary settings

What needs to be done is to first disable the security defaults in the AZ console, you need to log in with the administrator email

  1. Sign in to the Azure portal as a Security Admin, Conditional Access Admin, or Global Admin.
  2. Browse to Azure Active Directory > Properties.
  3. Select Manage Security Defaults.
  4. Set the Enable Safe Defaults toggle to No.
  5. Select Save.

Then go to MS ADMIN control panel, find users -> open user details -> account (bottom) -> multi-factor authentication (manage multi-factor authentication) to see if they are all disabled. (you can try to enable and disable)

Second order settings

[If you have the following phenomenon, it is very likely that your security defaults have not been closed successfully]

Then go to [This page must have 2FA to enter]

Delete the login method.

After logging in, it will show

Don’t lose access to your account!

To ensure that you can reset your password, we need to collect certain information in order to be able to verify your identity. We will not use this information to spam you – just to keep your account more secure. You must set at least 1 of the following options.

Authentication phone is not configured. Set it up now

Authentication email is not configured. Set it up now

But you can just “look good” and skip this setting. (But only temporarily skip 14 days)

tertiary settings

Other security verification

You will also need to respond with the registered device when logging in with a password. This will make it more difficult for hackers to log in with just a stolen password. Watch the video to learn how to protect your account

What is your preferred option? We will use this verification option by default.

How would you like to respond? Please set one or more options. to know more information

For account security, only your phone number will be used. Standard phone and text message charges will apply.

Trusted ip [this is a whitelist]

Skip multi-factor authentication for requests from federated users on my intranet

Skip multi-factor authentication for requests from the following IP address subnet ranges

Authentication options

Methods available to users:

call phone

Text message to phone

Notifications via mobile app

Captcha provided by mobile app or hardware badge

Remember multi-factor authentication on trusted devices

Allow users to remember multi-factor authentication on devices they trust (1 – 365 days)

The number of days users can trust the device

Starting September 30, 2022, the combined registration experience for multi-factor authentication and SSPR will be enabled for all tenants.

Users can use the preview feature of My Apps

Users can sign up for the experience with the combined security information

Admin can access “My Staff”

This article is reprinted from
This site is for inclusion only, and the copyright belongs to the original author.