How to Disable MFA for Azure AD Admins

Two weeks ago, Microsoft introduced a great feature for Azure Active Directory administration that force MFA for Office 365 Admins.

Baseline Protection

The new feature named Baseline protection force Azure Active Directory Administrators to use Multi-Factor Authentication (MFA) every time they log in to the Azure AD portal.

The feature is controlled by another Azure AD tool called Conditional access.

Today, I will show you how to disable Baseline Protection for specific Office 365 administrators and still keep the policy active for all other admins.

Get Started

To disable MFA for specific Admin, I will log in the Azure AD portal and go to Conditional Access -> Policies and click on Baseline Policy…

Inside the policy, I have the option to Enable the Policy, use it or disable it.

I strongly recommend leaving the policy enabled but use the option to exclude users and groups for users that don’t need the policy.

Below, I will use the exclude option to disable MFA for administrators that need to be excluded from the policy.

Leave a Reply