25,134 questions
Correct. Revoking MFA sessions will simply require them to do MFA again on apps that require it
https://learn.microsoft.com/en-us/entra/identity/authentication/howto-mfa-userdevicesettings
What is the difference between revoking a user session and revoking user MFA session in Entra ID
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 62%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVS%3C/text%3E%3C/svg%3E)
Vuy Si
31
Reputation points
Hi,
I'm trying to understand the difference between revoke sessions option in a user overview page and revoke mfa authentication sessions option under authentication methods.
From testing, revoke sessions will sign a user out from all devices and require them to sign back in to resume access.
I assume revoke mfa authentication sessions will require them to provide mfa the next time they try to sign in to an app that needs mfa even if they have previously provided it.
Is this correct?
Microsoft Security | Microsoft Entra | Microsoft Entra ID
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 45%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAV%3C/text%3E%3C/svg%3E)
Akhilesh Vallamkonda 15,320 Reputation points Microsoft External Staff Moderator2024-08-06T15:45:36.1833333+00:00 Hi @Vuy Si
Following up to see if the below suggestion was helpful. And, if you have any further query do let us know. -
Akhilesh Vallamkonda 15,320 Reputation points Microsoft External Staff Moderator
2024-08-08T05:23:31.9433333+00:00 Hi @Vuy Si
Following up to see if the below suggestion was helpful. And, if you have any further query do let us know. -
Sign in to comment
Accepted answer
-
Andy David - MVP 157.8K Reputation points MVP Volunteer Moderator2024-08-05T16:28:48.1066667+00:00 -
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 95%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAH%3C/text%3E%3C/svg%3E)
Alena Halenwood 5 Reputation points2024-10-29T19:58:57.8+00:00 If you hit "revoke sessions" for a user, I understand that it requires them to sign back in. But at this next sign-in, will it also prompt them for MFA? i.e. does "revoke sessions" effectively include "revoke MFA sessions" or would the user only need to provide a password?
Sign in to comment -
1 additional answer
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 6%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMG%3C/text%3E%3C/svg%3E)
Matteo Giordani 0 Reputation points2024-11-21T08:36:24.7033333+00:00 Hi,
this clarification was very helpful.
I have a question, I need to revoke MFA session for all tenant users massively, I tried searching but I can't find a powershell command to be able to do it in one go for all users, to avoid having to do it by hand one by one, can someone help me to understand what powershell command I should use?