Microsoft Azure MFA and SSPR

32billablehours 1 Reputation point
2021-10-25T23:26:31.17+00:00

I am looking to change the Security Questions that we have enabled for users when using MFA. The plan is to delete some of the existing ones and replace them with a much smaller subset of questions.

I am a little worried about the end user experience, what happens once we remove Security Questions and put in new ones, and how can we enforce the users that have Security Questions to reregister using the new questions? Is there a easy work flow for that scenario?

The users would still have an alternate way since they are all required to register at least 2 forms for MFA.

Thanks,

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,100 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. VipulSparsh-MSFT 16,211 Reputation points Microsoft Employee
    2021-11-08T07:35:47.64+00:00

    @32billablehours Thanks for reaching out and apologies for delay.

    If you change the security questions, and if it is a mandatory option (under methods available to users) like 2 methods required and 1 of them is security question then the users will not be able to reset the password and will see this error when they try to reset the password :

    They will again need to register for the new set of security questions at :
    147284-image.png

    -----------------------------------------------------------------------------------------------------------------

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    0 comments No comments