When a user is setting up, or if there is suspicious activity, they can block their account by declining the MFA request.
- When setting up, user may accidentally deny their own set up attempt. This blocks their account and they will no longer be able to set up MFA.
- To find out if they have blocked themselves, go here:
1) Start at Azure Directory and click on Security 2. On the following Menu, select MFA 3. Select Block/Unblock Users
You will now have a list of all user's that have blocked their accounts by denying an MFA log in attempt. We currently have no access to unblock them, and the ticket must be sent to ITaP Collaboration as a work impaired Incident ticket. Placing them on the MFA Exempt list does not override the MFA requirement even as a temporary workaround. As of 5/25/2022 all Specialists should have the ability to unblock customers thanks to a special role IAMO was able to provide us.
You can also just use this link to go directly to the MFA blocked users list: https://portal.azure.com/#blade/Microsoft_AAD_IAM/MultifactorAuthenticationMenuBlade/BlockedUsers/fromProviders/
