Resetting an Office 365 user's MFA details

Multi-factor authentication (MFA) is an authentication method in which a computer user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism.

Over time, a user may lose or replace an authenticator device or perhaps move to a new mobile phone number. This is likely to impact MFA and so prevent access to the user's computer.  A resultant change to MFA details is therefore required if the user is to continue to enjoy access. Individual users may manage their own MFA settings using the online portal at http://aka.ms/MFASetup. However, if this is not completed prior to decommissioning the old device, then administrator assistance will be required to reset the user's MFA details.

This article shows how an administrator can reset a user's MFA details, enabling the user to then set up new MFA details at their next log on.

Prerequisites

To complete this task, you must have appropriate Office 365 administrator permissions.

 

Resetting a user's MFA details

Resetting a user's MFA details requires the user to re-register at next log-on. Proceed as follows.

  1. Go to https://portal.azure.com, and sign into the Microsoft Azure portal using an account with administrative privileges.
  2. From the left-hand menu, click Azure Active Directory and, from the options given, click Users.

A list of All users appears.

  1. Search the list for, and click on, the desired user.

The selected user's Profile page appears.

  1. On the left-hand menu panel, under Manage, click Authentication methods.

An option bar appears at the top of your screen.

  1. Click Require re-register MFA.

Note:
If the user's device has been lost or stolen, then also click Revoke MFA sessions.

This resets the user's MFA details, and they must now re-register their MFA methods upon their next sign-in.