Forum Discussion

Tyler Miller's avatar
Tyler Miller
Brass Contributor
Jan 26, 2018

Locking out a users with MFA enabled

Hi, I am very new to MFA with O365. We just implemented MFA for a few users, including myself. I enabled MFA a few days ago, and then yesterday proceeded to change my password. Since my phone does ...
exchange
office 365
Tyler Miller's avatar
Tyler Miller
Brass Contributor
Jan 29, 2018

How do I block their sign in? We usually leave the account open because managers like to get into the email inboxes and take a look, as well as we have a forward in place for the first few weeks. I have typically just changed the user's password, which would kick them out of their devices, but not so with MFA. Cany help on how to block sign in would be great.

Steven Collier's avatar
Steven Collier
MVP
Jan 29, 2018

What type of accounts are these? Are they AD accounts which are synced using AzureAD Connect or cloud only accounts?

 

 

  • Tyler Miller's avatar
    Tyler Miller
    Brass Contributor
    Jan 29, 2018

    Steven,

    These are just Azure/O365 accounts. Nothing is synced back to anything on-prem. All of these are manually entered into O365 in the admin portal.

    • Steven Collier's avatar
      Steven Collier
      MVP
      Jan 29, 2018

      For a cloud only account, find it in the admin portal and change the Sign-In Allowed to blocked. This will prevent the user from logging in (including app passwords) which still maintaining their mailbox, OneDrive etc. Give the manager permissions to the mailbox to access it with their logon details.

       

      • Tyler Miller's avatar
        Tyler Miller
        Brass Contributor
        Jan 29, 2018

        Thanks Steve, that will work!

Resources