MFA is one of the most practical and effective ways to secure our accounts. However, incompatibility with some access applications or the fact that end users are subject to too much testing makes it difficult for institutions to expand the use of MFA.
At this point, the admins want the MFA registration warning or tests to be eliminated because it receives too many complaints from end-users. But sometimes things turn out to be more complicated than expected.
For example, you noticed that MFA is already turned off for users. You have also checked the security defaults and it is off as well. How do we still encounter the MFA registration screen that you can see below?
Here you need to look at whether the SSPR (Self Service Password Reset) feature is active. In fact, if users enter their information here and register to MFA, they will not receive an MFA test the next time they log in. They only need to register here with some information so that they can reset the password when necessary.
In the Admin Center, follow the Settings>> Organization Settings>> Security and Privacy>> Self Service password reset menus. Here you will see a link that will direct you to the relevant menu in Azure Active Directory.
Mark the Self-service password reset enabled option as None. After this process, users will not encounter the MFA registration screen while logging in.
If you wish, with the Selected option, you can activate the SSPR feature for only users who are not bothered by the MFA registration warning, by gathering them in a group.
