You may not know this, but if you don’t Disable Per User MFA for your users before you start enforcing it with Conditional Access, it wreaks havoc with your policies. I found this out the hard way. I had to disable MFA for a group of users who were in a session that would make using MFA rather cumbersome. 

What Happens when you have both Per User MFA and Conditional Access for MFA  

Microsoft recommends that you completely disable Per User MFA. If you don’t use Per User MFA but it still enabled on some accounts, it takes precedence over conditional access. This is why some of your users get exempted from a conditional access policy for MFA and some do not. It makes it difficult to troubleshoot MFA issues. I know! 

Why Disable Per User MFA With MS Graph 

There are a couple of reasons why you would want to do this. One, you have users logging in from a single location that is trusted and secure. There is no need to have them constantly verifying their identity when all they are trying to do is work. Two, you have a temporary need, and it makes sense for your users to not have to use MFA for the work they are doing (i.e. software training). 

I will discuss two ways you can fix this issue.  

Note: the Ways I am about to describe require you to have at least the Authentication Policy Administrator Role to administer MFA Status. 

Disable Per User MFA Through the Portal 

This way is simple. I would use it if you only had a few users to do. Go to the portal and in the Per User MFA section, check the user and then click disable MFA above: 

Disable Per User MFA Using Microsoft Graph 

This is the better way to go to disable per user MFA if you have several users. First you need to export users to a csv using the portal. From that CSV file, you need to take the Object ID column and put it in it’s own CSV with the Column heading ObjectID. Make sure the CSV file is named ObjectID.csv and it resides in the same folder as the script. 

Here is the script: 

# This Requires the PIM of "Authentication Policy Administrator". If you get a 403 error this is why. 

 
Connect-MgGraph -Scopes "User.Read.All", "Policy.ReadWrite.AuthenticationMethod" 



#Path to UPN File # 

 

$CSVPathUPN = ".\ObjectID.csv" 

 

##Run Script## 



##Try import UPN CSV file## 

 
Write-Host Importing CSV 
 

try { 

    $MFAUsers = import-csv $CSVPathUPN -ErrorAction stop 

} 

catch { 

    throw "Error importing CSV: $($_.Exception.Message)" 

    break 

} 

 

foreach ($MFAUser in $MFAUsers) { 

 

# Fill in user ID 

$userid = $MFAUser.ObjectID 

 

# MFA status 

$body = @{"perUserMfaState" = "disabled" } 

 

# Invoke the request to update MFA status 

Invoke-MgGraphRequest -Method PATCH -Uri "/beta/users/$userid/authentication/requirements" -Body $body 


} 
 

Write-Host All Users Per User MFA set to Disabled  

Microsoft is now making it virtually impossible Set Up Windows 11 Without Microsoft Account. It is frustrating to say the least. You know they are only doing it so they can collect even more information about you.

Windows has become more of a marketing machine than an Operating System. I miss the good old days when you could just set up a computer, install software and start working. This can still be done on Windows, but it is getting more difficult, and you need to know a little technical stuff to do it. Fortunately, you are here for a Quick Tip so I will give it to you.

Setting Up Windows 11 Without Microsoft Account

At “Let’s add your Microsoft Account” screen, asking to sign in:

Press Shift F10 (If you’re on a laptop that has Action Keys mode or something similar, you may need to Function Shift F10).

The command prompt appears.

Type into the command line.

ncpa.cpl

The Network connections screen appears.

Right click the Ethernet and or Wi-Fi whichever is connected.

Click Disable.

Close Network Connections.

Type into command line.

oobe\bypassnro

The computer will restart.

At “Let’s connect you to a network”, it should show it is Not connected

Then click I don’t have internet.

Microsoft will protest but check “Continue with limited setup”.

Enter the username you want to create and click next to continue Windows setup normally.

After setup, and you get to the desktop, there will be no internet.

Right click the world icon in bottom right taskbar.

Network and Internet Settings

Advanced Network Settings

Under Network adapters, for any that has a button labeled Enable, click Enable. They should all say Disable (Meaning they are Enabled, and you can Disable it)

Close Network & Internet settings

Proceed with configuration

Here is a great video to walk you through it if you are a more visual learner….

Why Set Up Windows 11 Without Microsoft Account?

This is a great question! As I mentioned before you just want to set up the computer and start working. You have no need to be constantly bombarded with advertisements and news about this and that. I am sure you have enough distractions and the las thing you need is to constantly slag off at work, that’s what solitaire is for! LOL

Or if you want, you could always go and try Linux……

So you are running a version of Outlook that does not store signatures in the cloud. Your company also does not use a cloud signature service like Code Two. You are moving to the New Outlook. How do you get your signature in the New Outlook. There are basically two ways to do this and I will show you both.

What has Microsoft Done?

Microsoft has decided that they want a more uniform experience across devices. So a better way to do this than by storing everything in the cloud (They are not there 100% but I guess they are trying). So, a lot of features that you had stored locally on the machine you were using will now be available to all devices that you have configured. Basically if you AD is Hybrid and you like to pull user info from your Domain controllers and store them locally and automatically, you won’t be able to do this anymore.

You Are Using a Really Old Version of Outlook – Signature in the New Outlook

In this case to get your signature in the New Outlook, when you go to File / Options / Mail / Signature you see only one option for for storing your signature. That is locally. There is no cloud option (You will see later in this article that there is an option where to store your signature). Your signature settings probably look like this:

The pretty signature that you so painfully created is stored here:

C:\Users\<your user name>\AppData\Roaming\Microsoft\Signatures

Simply put, if you Hit Win-R, then in the search box type %AppData%, it will take you to your profile. Navigate to Microsoft\Signatures and you will see your signature as an HTML file. read the following steps to get it into the cloud.

Getting Signature in the New Outlook

Note: You can use these steps on Outlook on the web too.

• Please take the HTML file that has opened in your default browser and select all (Ctrl-A) .
• Then copy it to your clipboard (Ctrl-C). Open Outlook and while in your inbox, go to “View”.

• At the top of the window and select “View Settings”.
• Type “email signature” into the search box you see at the top left and then click “+ New signature”.

• Give the signature a name in the “Email Signature” text box.
• Click in the text box below and press Ctrl-v to paste the signature you copied from step #2

• Click Save and you are all done!

Your Version of Outlook is Newer – Signature in the New Outlook

In this case your version of Outlook is at least 2019. you will see a Signature Settings Windows similar to this:

In this case you have a drop-down box for local and cloud signatures. This is Microsoft’s way to get you to move from local signatures to cloud ones. It is a hybrid way of storing signatures. But the new Outlook closes this loop hole and there is no option to do this. But I digress…..

In this case you take the content from “Signatures on this device” and copy it to the cloud signature (as noted by your Microsoft account in the drop down box). Paste it into the content text box and click save.

The New Outlook Way

Unfortunately there is no direct way. If you are lucky enough to be using an older version of Outlook before you switch, you can use one of the two methods above to get you signature into the cloud. If not you have to create it from scratch.