Background
It's a common scenario: one of your organization's users gets a new cell phone and needs to be able to setup multi-factor authentication again. Thankfully, it's an easy fix, but Microsoft documentation doesn't lay it out the clearest. So, we've boiled it down for you here! Keep reading to follow along with the steps and require a user to re-register multifactor authentication in Microsoft Entra.
Steps
Before proceeding, make sure you have sufficient access to manage users and their authentication methods.
There are two places you can reset MFA: using the Azure Portal, or using the Microsoft Entra admin center. They're both very similar, but we'll lay them out seperately:
Using the Azure Portal:
1. Open the Microsoft Azure Portal
2. Navigate to Microsoft Entra ID
3. In the left sidebar, navigate to Manage > Users
4. Find the user you need to reset MFA for and click on their name
5. In the left sidebar, navigate to Manage > Authentication methods
6. At the top of the page, click "Require re-register multifactor authentication". You may also wish to click "Revoke multifactor authentication sessions" if a device was stolen or you otherwise have security concerns.
Using the Microsoft Entra admin center:
1. Open the Entra admin center
2. In the left sidebar, navigate to Identity > Users > All Users
3. Find the user you need to reset MFA for and click on their name
4. In the left sidebar, navigate to Manage > Authentication methods
5. At the top of the page, click "Require re-register multifactor authentication". You may also wish to click "Revoke multifactor authentication sessions" if a device was stolen or you otherwise have security concerns.
Conclusion
That's it! The user will now be prompted to re-enroll in multifactor authentication the next time they sign in!
