If you have multi-factor authentication (MFA) enabled on your nhs.net account via self-enrolment you will need to follow the instructions outlined in this article to disable MFA.
There are two options to disable MFA – please follow the appropriate steps for you:
- Disabling MFA on your own account
- Disabling MFA for another user – to be able to follow these steps you need to be a Local Administrator with the correct privileges
Option 1: Self-Service Disablement of MFA
1) Sign-in to the NHSmail portal using your .net credentials
2) Navigate to your Profile
3) Click on the self-service tab
4) Select ‘Disable Azure MFA’
5) You will the receive a pop-up asking to confirm the disable, select confirm
6) You will see a pop-up notification on the top right of your screen confirming you have successfully disabled MFA.
Option 2: Disabling MFA for another user
You will only be able to complete these steps if you are a Local Administrator, with admin privileges for the organisation the user is part of. Furthermore, as of now only users that self-enrolled for MFA and are in the MFA self-enrolled security group in AD, are able to disable MFA, meaning users which have MFA enforced by a user policy or by LA role membership cannot disable MFA. Because of this these users must be removed from the user policy or have their LA roles removed to disable MFA on their account.
1) Sign-in to the NHSmail portal using your .net credentials
2) Navigate to Admin and User Management
3) Search for the user account in question by entering their nhs.net email address in the search bar. Double click on the user account when it appears
4) The user details window should appear, on the ‘Action’ box select ‘Disable Azure MFA’
5) A green pop up should appear on the top of the window stating MFA will be disabled.
