[English] Unblocking Azure MFA for an O365/AAD user
If for some reason, possible due to a submitted Fraud alert or when setting up initial MFA configuration something went wrong and the user got in a blocked/inconsistent MFA state, the user won't be able to login.
There are 2 ways to go, depending on the scenario:
If O365 Global Admin has an AAD Premium license
Go to O365 Portal > Users > Set Multi-factor authentication requirements: Set up > Service Settings > Manage advanced settings and view reports Go to the portal
- From Azure Multi-Factor Authentication portal > User Administration > Block/Unblock Users
- If user is present as blocked: Proceed with unblock
- If user is not present, MFA is enabled and gets CorrelationID when acessing or DISABLING MFA for user: Force a BLOCK to the user and then UNBLOCK him, DISABLE user MFA and re-enable
If customer has a full Azure Subscription with O365 directory integrated
In Azure Portal > Add new MFA Auth Provider and link it to O365 directory (Attention: if you keep this after unblocking the user and use MFA charges might apply)
Go to AAD directories > O365 directory > Configure > Multi-factor authentication > Manage service settings > Service Settings > Manage advanced settings and view reports Go to the portal
- From Azure Multi-Factor Authentication portal > User Administration > Block/Unblock Users
- If user is present and blocked: Proceed with unblock
- If user is not present, MFA is enabled and gets CorrelationID when acessing or DISABLING MFA for user: Force a BLOCK to the user and than UNBLOCK him, DISABLE user MFA and re-enable