question

HKG-7714 avatar image
0 Votes"
HKG-7714 asked amanpreetsingh-msft answered

MFA registration question

I use conditional access to trigger MFA for our Office 365 applications. I need some help with dealing this situation. Some users for some reason are unable to use their registered MFA method due to relocation\lost phone and etc. If I want them to add a new verification method, I thought I can disable MFA for their account by removing them from the conditional access rule and allow them to access the MFA registration portal. What I see is user indeed doesn't need to verify with MFA when access the applications, however, they are still being prompted for MFA when they try to access the MFA area. So this is kind of catch 22. I know I can require them to re-register MFA from the AAD portal. I wonder if this is only way to do that. Users will need to register all their MFA methods rather than just adding a new one.

Thanks

azure-ad-multi-factor-authentication
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered

Hi @HKG-7714 • Thank you for reaching out.

Yes, you are right. Users who are unable to use their registered MFA method, won't be able to add another MFA method without re-registering for MFA. You can require them to re-register MFA from the AAD portal or by using below PowerShell cmdlet (for bulk operation):

 Connect-MsolService 
 Set-MsolUser -UserPrincipalName username@your-tenant.onmicrosoft.com -StrongAuthenticationMethods @()

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.