Bulk reset MFA method via PowerShell

Joe Calabria 41 Reputation points
2021-01-20T15:32:57.97+00:00

We are beginning to phase out SMS MFA authentication as it is no longer a secure method of MFA. Due to the size of our organization, we need to roll this out to particular groups in phases to ensure our help desk team is not inundated with support calls.

I'd want to import a CSV file with the users UPNs to reset users MFA method using the cmd below so they must re enroll in MFA.

Reset-MsolStrongAuthenticationMethodByUpn
-UserPrincipalName <String>
[-TenantId <Guid>]

Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,416 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,914 questions
0 comments No comments
{count} votes

Accepted answer
  1. Vasil Michev 97,306 Reputation points MVP
    2021-01-20T21:01:38.523+00:00

    Assuming you have a CSV called blabla.csv, with a column UPN to designate the UserPrincipalName, use this:

    Import-CSV blabla.csv | % { Reset-MsolStrongAuthenticationMethodByUpn -UserPrincipalName $_.UPN} 
    
    2 people found this answer helpful.

2 additional answers

Sort by: Most helpful
  1. SUNOJ KUMAR YELURU 13,966 Reputation points MVP
    2021-01-20T15:47:29.7+00:00

    Hi @Joe Calabria

    Thank You for posting question!

    Please refer below url for details.

    Manage methods using PowerShell:

    (Bulk) pre-register MFA for users without enable MFA on the account

    Pre-register authentication data to Azure AD Users for MFA

    Please don’t forget to Accept the answer and up-vote wherever the information provided helps you, this can be beneficial to other community members.


  2. Cristiano Pereira 1 Reputation point
    2022-01-06T18:39:59.227+00:00

    Hi @Joe Calabria ,

    I do not know if you still need a help to address the necessity of users change there method to Microsoft Authenticator. But, currently Microsoft released a feature called Registration campaign that can easely help you iiiiiiiiiiiiiiiwth that. To do so, access the documentHow to run a registration campaign to set up Microsoft Authenticator - Microsoft Authenticator app

    0 comments No comments