This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
We are beginning to phase out SMS MFA authentication as it is no longer a secure method of MFA. Due to the size of our organization, we need to roll this out to particular groups in phases to ensure our help desk team is not inundated with support calls.
I'd want to import a CSV file with the users UPNs to reset users MFA method using the cmd below so they must re enroll in MFA.
Reset-MsolStrongAuthenticationMethodByUpn
-UserPrincipalName <String>
[-TenantId <Guid>]
Assuming you have a CSV called blabla.csv, with a column UPN to designate the UserPrincipalName, use this:
Import-CSV blabla.csv | % { Reset-MsolStrongAuthenticationMethodByUpn -UserPrincipalName $_.UPN}
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 56.00000000000001%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDG%3C/text%3E%3C/svg%3E)
Hi Michev,
Is disabling legacy mfa for bulk users possible?
Any input would be helpful.
Thanks,
Thank You for posting question!
Please refer below url for details.
Manage methods using PowerShell:
(Bulk) pre-register MFA for users without enable MFA on the account
Pre-register authentication data to Azure AD Users for MFA
Please don’t forget to Accept the answer and up-vote wherever the information provided helps you, this can be beneficial to other community members.
Thank you for your reply but pre registering is not what is needed for this exercise.
All users are already enrolled in MFA and have SMS as their primary method which will be retired. Therefore, I'm looking to RESET users method in BULK to have them re enroll by referencing a CSV file with the Users UPNs
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 12%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECP%3C/text%3E%3C/svg%3E)
Hi @Joe Calabria ,
I do not know if you still need a help to address the necessity of users change there method to Microsoft Authenticator. But, currently Microsoft released a feature called Registration campaign that can easely help you iiiiiiiiiiiiiiiwth that. To do so, access the documentHow to run a registration campaign to set up Microsoft Authenticator - Microsoft Authenticator app