Share via
Gurudas 886Reputation points
Hello all,
Hope you are doing great!
I would like to understand process to unblock and reset MFA - Multi Factor Authentication in Azure Active Directory
Example: I have azure ad account John.dave@Company portal .com that require MFA reset and unblock.
Please provide technical KB article to understand this process.
Thank you in advance :)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,813 questions
Sign in to follow
0 commentsNo comments
0{count} votes
Sign in to comment
Accepted answer
AmanpreetSingh-MSFT 56,316Reputation points
2022-03-25T10:47:45.063+00:00 Hi @GurudasSatardekar • Thank you for reaching out.
I have provided the steps below to reset and unblock MFA in Azure Active Directory via Azure Portal and PowerShell.
Using Azure Portal:
- Sign in to the Azure portal with the tenant Global Administrator account.
- Navigate to Azure Active Directory > Users > All users > Choose the user you wish to perform an action on > select Authentication methods > Require Re-register MFA.
- Once this is done, the next time the user signs in, he/she will be requested to set up a new MFA authentication method.
Note: The user's currently registered authentication methods aren't deleted when an admin requires re-registration for MFA. After a user re-registers for MFA, we recommend they review their security info and delete any previously registered authentication methods that are no longer usable.
Using PowerShell:
- Install the MSOnline PowerShell module.
- Run
Connect-MSOLService
and sign in with the Global Administrator account. - Run
Set-MsolUser -UserPrincipalName [email protected] -StrongAuthenticationMethods @()
cmdlet to reset the MFA registration information.
Read More: Manage user authentication methods for Azure AD Multi-Factor Authentication
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Chad Hynes 11Reputation points
2022-07-19T16:02:23.783+00:00 Will the MSOnline approach continue to work after the planned deprecation of that module later this year? If not, what is the "new" way to handle this? Does MS Graph have a similar option?
Jesse Aristy 1Reputation point
2022-07-27T16:10:30.343+00:00 Hello @AmanpreetSingh-MSFT ,
I found this very useful but would like to ask how to do several UPN's at the same time. Currently I have to delete the email and paste a new one and run it everytime I want to use it. How would I go about doing a big group at the same time?
Thanks for your input
AmanpreetSingh-MSFT 56,316Reputation points
2022-07-27T17:42:42.577+00:00 @Jesse Aristy · You can create a .csv file and apply foreach loop to pick UPN from the CSV file one-by-one and run the cmdlet against all the UPNs.
$users = import-csv C:\temp\Admin.csv foreach ($user in $users) { Set-MsolUser -UserPrincipalName $user.upn -StrongAuthenticationMethods @() }
Below is how my Admin.csv file looks:
Sittampalam, Nagu 1Reputation point
2022-11-21T16:16:17.93+00:00 Hello amanpreetsingh-msft
What i sthe command to unlock a mfa user?Aarts, Jan 16Reputation points
2023-08-09T07:44:32.5766667+00:00 @AmanpreetSingh-MSFT I do like you answer but are you aware of a Graph replacement also? MSOL module will be EOL in the near future I believe.
Bhoopendra Vishwakarma 0Reputation points
2024-04-16T14:29:36.2966667+00:00 Firstly, thank you. I'm interested to know if Azure AD offers a solution for end users to reset MFA via self-service, rather than relying on global admins to perform the task on their behalf. Your guidance on this matter would be appreciated. Please advise
Sign in to comment
0 additional answers
Sort by: Most helpful
Sign in to answer