Share via


Azure: How to unregister and register ADFS Authentication Provider (MFA)

When Azure subscription is changed,due to a provider change, Azure Multi-Factor Authentication(AKA, MFA) must be unregistered and registered again by following method.

1. Un-register MFA provider, on ADFS Global Authentication Policy, uncheck WindowsAzureMultiFactorAuthentication checkbox.

Go to PowerShell prompt, then run

PS C:\Program Files\Multi-Factor Authentication Server> Unregister-AdfsAuthenticationProvider –Name"WindowsAzureMultiFactorAuthentication"

WARNING: PS0103: The authentication provider was successfully unregistered from the policy store.  Restart the A

D FS Windows Service on each server in the farm.

Restart ADFS services

PS C:\Program Files\Multi-Factor Authentication Server> net stop adfssrv

The Active Directory Federation Services service is stopping.....

The Active Directory Federation Services service was stopped successfully.

PS C:\Program Files\Multi-Factor Authentication Server> net start adfssrv

The Active Directory Federation Services service is starting....

The Active Directory Federation Services service was started successfully.

Go back to ADFS Global Authentication Policy and see if there is no "WindowsAzureMultiFactorAuthentication"

2. Register MFA provider again,

To register again, run following from PowerShell prompt

PS C:\Program Files\Multi-Factor Authentication Server> .\Register-MultiFactorAuthenticationAdfsAdapter.ps1

WARNING: PS0114: The authentication provider was successfully registered with the policy store.  To enable this

provider, you must restart the AD FS Windows Service on each server in the farm.

Restart ADFS services

PS C:\Program Files\Multi-Factor Authentication Server> net stop adfssrv

The Active Directory Federation Services service is stopping.....

The Active Directory Federation Services service was stopped successfully.

PS C:\Program Files\Multi-Factor Authentication Server> net start adfssrv

The Active Directory Federation Services service is starting....

The Active Directory Federation Services service was started successfully.

Go back to ADFS Global Authentication Policy and see if "WindowsAzureMultiFactorAuthentication" is back.