Use Case

This article will cover how to get into a user's MFA authentication settings so that you can remove, add, or modify existing authentication methods they have tied to their account.
Situations where you MAY need to use this:

• A user has gotten a new cellphone
• A user has gotten a new cellphone number
• A user has gotten a new office number
• To revoke existing MFA sessions
• To require a user to re-register for MFA
• User registered with the wrong phone number
• Or any number of issues with their initial device registration...

Identity Verification

• Should go without saying at this point but PPS ID verification is required before making ANY changes to a user's MFA authentication methods.

Accessing MFA Authentication Methods

• To Access a User's authentication settings,
  • Please visit the Azure Portal, your OUadmin credentials (or some other admin credentials) will be required.
  • Click "View" under Manage Azure Active Directory
  • Left side of screen, click on "Users"
  • Or you can just open this link in a new tab.
• Search the username/alias in the "Search Users" field, and click on the account when you find it
  NOTE: AzureAD is a bit more flexible than other ADs we use, so you may be able to just search the name.
• Under the "Manage" heading in the left side-bar, click on Authentication Methods
• A user can DIRECTLY access these settings themselves, assuming they can log in, via this page: https://mysignins.microsoft.com/security-info

Modifying MFA Authentication Methods

Once you're on a user's authentitication methods page, there's a couple different things you can do.

• Add authentication Method
• Reset Password <DO NOT DO THIS>
• Require re-register for MFA
• Revoke MFA Sessions
• Remove Authentication Methods
• Modify Authentication Methods

...to be continued