Change the verification number that a text is sent to

Question

I am adding a new computer to our domain. I have setup the user and added the computer. But on first login the user is being asked to supply a code that has been text to a person no longer with the org.

I need to change the number. How and where do I do that.

Answer 1

Hi Fernie,

You can change this in Entra ID:

https://learn.microsoft.com/en-us/entra/identity/authentication/howto-mfa-userdevicesettings#manage-user-authentication-options

Sign in to the Microsoft Entra admin center as at least an Authentication Administrator.

Browse to Identity > Users > All users.

Choose the user you wish to perform an action on and select Authentication methods. At the top of the window, then choose one of the following options for the user:

• Reset password resets the user's password and assigns a temporary password that must be changed on the next sign-in.
• Require re-register MFA deactivates the user's hardware OATH tokens and deletes the following authentication methods from this user: phone numbers, Microsoft Authenticator apps and software OATH tokens. If needed, the user is requested to set up a new MFA authentication method the next time they sign in.
  • Revoke MFA sessions clears the user's remembered MFA sessions and requires them to perform MFA the next time it's required by the policy on the device.

If this is helpful please accept answer.

Answer 2

@Executive Director - Fernie Chamber

Thank you for posting this in Microsoft Q&A.

To perform this, you will have to contact Azure AD administrator in your organization to get MFA reset for your account.

 

If you don’t know who are the admins then you can follow below steps to know who are the admin in your tenant. There is a PowerShell way to find global admin in your Azure AD. However, to use PowerShell as well you will have to authenticate yourself first. For authentication again it will prompt for MFA to be completed.

 

I would suggest you ask one of your colleague to perform below steps and share the global admin details with you so that you can contact admin and get your MFA registerd.

• Open Windows PowerShell as administrator.

• Run command “Install-Module azuread”

• Once installed you can run command “Connect-AzureAD” and enter user credentials once it asks for.

• Once you login, you can run command “Get-AzureADDirectoryRole”.

• From the output you can copy the object ID of Global administrator

• Run command “Get-AzureADDirectoryRoleMember -ObjectId "Paste the object ID of global admin that was copied earlier"

• You will get the list of users with global admin role assigned.

Now you can contact any global admin from the list and ask him to perform below steps to reset your MFA so that you can re-register for authenticator app.

• Admin has to login to Azure portal and access Azure active directory.

• Once done they have to go to users blade on the left.

• Click on Authentication methods and click on “Require re-register multifactor authentication”.

• Now when you try to login to Azure services it will prompt you to register for MFA again.

Let me know if you have any further questions.

 Please "Accept the answer" if the information helped you. This will help us and others in the community as well.