O365 Require Users to Provide Contact Methods Again
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Users in Azure Ad have two distinct sets of contact information:
- Public contour contact information, which is managed in the user profile and visible to members of your organization. For users synced from on-premises Active Directory, this information is managed in on-premises Windows Server Agile Directory Domain Services.
- Hallmark methods, which are e'er kept individual and only used for authentication, including multi-cistron authentication (MFA). Administrators tin can manage these methods in a user's hallmark method bract and users can manage their methods in Security Info page of MyAccount.
When managing Azure AD Multi-Factor Authentication methods for your users, Authentication administrators can:
- Add authentication methods for a specific user, including phone numbers used for MFA.
- Reset a user's countersign.
- Crave a user to re-register for MFA.
- Revoke existing MFA sessions.
- Delete a user's existing app passwords
Add authentication methods for a user
You tin add together authentication methods for a user via the Azure portal or Microsoft Graph.
Notation
For security reasons, public user contact information fields should non exist used to perform MFA. Instead, users should populate their authentication method numbers to exist used for MFA.
To add authentication methods for a user via the Azure portal:
- Sign into the Azure portal.
- Browse to Azure Active Directory > Users > All users.
- Choose the user for whom you lot wish to add an authentication method and select Authentication methods.
- At the acme of the window, select + Add authentication method.
- Select a method (telephone number or email). Email may be used for cocky-countersign reset but not authentication. When adding a phone number, select a phone blazon and enter phone number with valid format (e.grand. +i 4255551234).
- Select Add together.
Annotation
The preview experience allows administrators to add any available hallmark methods for users, while the original experience only allows updating of telephone and alternate phone methods.
Manage methods using PowerShell:
Install the Microsoft.Graph.Identity.Signins PowerShell module using the following commands.
Install-module Microsoft.Graph.Identity.Signins Connect-MgGraph -Scopes UserAuthenticationMethod.ReadWrite.All Select-MgProfile -Name beta List phone based authentication methods for a specific user.
Get-MgUserAuthenticationPhoneMethod -UserId balas@contoso.com Create a mobile telephone authentication method for a specific user.
New-MgUserAuthenticationPhoneMethod -UserId balas@contoso.com -phoneType "mobile" -phoneNumber "+1 7748933135" Remove a specific telephone method for a user
Remove-MgUserAuthenticationPhoneMethod -UserId balas@contoso.com -PhoneAuthenticationMethodId 3179e48a-750b-4051-897c-87b9720928f7 Authentication methods can also be managed using Microsoft Graph APIs, more than information can be found in the document Azure AD authentication methods API overview
Manage user hallmark options
If y'all're assigned the Authentication Administrator role, you can require users to reset their password, re-register for MFA, or revoke existing MFA sessions from their user object. To manage user settings, complete the following steps:
-
Sign in to the Azure portal.
-
On the left, select Azure Agile Directory > Users > All users.
-
Choose the user y'all wish to perform an action on and select Hallmark methods. At the height of the window, then choose ane of the following options for the user:
-
Reset Countersign resets the user'due south password and assigns a temporary countersign that must exist changed on the side by side sign-in.
-
Require Re-register MFA makes information technology and so that when the user signs in adjacent time, they're requested to set up a new MFA authentication method.
Notation
The user's currently registered hallmark methods aren't deleted when an admin requires re-registration for MFA. Later a user re-registers for MFA, we recommend they review their security info and delete any previously registered authentication methods that are no longer usable.
-
Revoke MFA Sessions clears the user's remembered MFA sessions and requires them to perform MFA the side by side time it's required by the policy on the device.
-
Delete users' existing app passwords
For users that have divers app passwords, administrators can as well choose to delete these passwords, causing legacy hallmark to fail in those applications. These actions may be necessary if you need to provide assistance to a user, or need to reset their hallmark methods. Non-browser apps that were associated with these app passwords will stop working until a new app password is created.
To delete a user's app passwords, complete the following steps:
- Sign in to the Azure portal.
- On the left-hand side, select Azure Active Directory > Users > All users.
- Select Multi-Factor Hallmark. You may need to scroll to the right to see this menu option. Select the example screenshot below to see the full Azure portal window and menu location:
- Check the box next to the user or users that you wish to manage. A list of quick stride options appears on the right.
- Select Manage user settings, then check the box for Delete all existing app passwords generated by the selected users, as shown in the following example:
- Select save, then close.
Adjacent steps
This article showed y'all how to configure private user settings. To configure overall Azure Advertisement Multi-Factor Authentication service settings, see Configure Azure Advert Multi-Cistron Authentication settings.
If your users need help, see the User guide for Azure Advertising Multi-Factor Hallmark.
Feedback
Submit and view feedback for
Source: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userdevicesettings
0 Response to "O365 Require Users to Provide Contact Methods Again"
Post a Comment