Share via

MFA Require re-register MFA is greyed out even though PIM role of Auth Admin is active

Moses Binny Natta 26 Reputation points
2022-09-13T12:55:38.17+00:00

MFA "Require re-register multi-factor authenticator" is greyed out even though PIM role of Auth Admin is active
240584-snipmfa.jpeg

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,794 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Moses Binny Natta 26 Reputation points
    2022-09-17T05:00:13.187+00:00

    Thank You @JimmySalian-2011 and @JamesTran-MSFT

    I was able to figure it out. The User had a PIM Admin role assigned and I do not have privileges to reset admin account MFA.

    Thanks&Regards

    1 person found this answer helpful.
  2. JimmySalian-2011 42,116 Reputation points
    2022-09-13T13:28:48.887+00:00

    Hi,

    Please check the roles and permissions for MFA and can you also try with powershell module, sometimes the PIM takes time to come in effect and did you tired logging out and relogin? 

    Reset-MsolStrongAuthenticationMethodByUpn  -UserPrincipalName Mosesbinny@contoso.com

    reset-msolstrongauthenticationmethodbyupn

    ==
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

  3. JamesTran-MSFT 36,626 Reputation points Microsoft Employee
    2022-09-13T18:44:52.077+00:00

    @Moses Binny Natta
    Thank you for your post!

    Please keep in mind that when you activate a role in PIM, the activation might not instantly propagate to all portals that require the privileged role. For more info. Adding onto what was shared by @JimmySalian-2011 , you can also leverage the Microsoft Graph REST API to individually reset/delete user authentication methods.

    Additional Links:
    Troubleshoot portal delay
    Manage auth methods using PowerShell
    Microsoft.Graph.Identity.SignIns - MS Graph PS

    If you have any other questions, please let me know.
    Thank you for your time and patience throughout this issue.

    ----------

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.