SOLVED

Unblock MFA

%3CLINGO-SUB%20id%3D%22lingo-sub-408018%22%20slang%3D%22en-US%22%3EUnblock%20MFA%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-408018%22%20slang%3D%22en-US%22%3E%3CP%3ELooking%20to%20user%20Powershell%20to%20unblock%20a%20user%20within%20Azure%20MFA%20if%20they%20get%20blocked.%20I%20can%20Enable%2C%20Enforce%2C%20and%20Disable%20via%20Powershell%20but%20I%20am%20not%20finding%20those%20commands%20for%20PowerShell.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-408018%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-408583%22%20slang%3D%22en-US%22%3ERe%3A%20Unblock%20MFA%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-408583%22%20slang%3D%22en-US%22%3E%3CP%3ECan%20you%20clarify%20what%20exactly%20mean%20by%20unblock%3F%20There%20is%20no%20block%20feature%20in%20Azure%20MFA%2C%20there%20is%20one%20when%20using%20MFA%20Server.%20And%20no%2C%20there%20isn't%20a%20way%20to%20configure%20it%20via%20PowerShell.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20other%20thing%20that%20comes%20in%20mind%20is%20identities%20blocked%20by%20the%20Azure%20Identity%20Protection%3F%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-409455%22%20slang%3D%22en-US%22%3ERe%3A%20Unblock%20MFA%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-409455%22%20slang%3D%22en-US%22%3E%3CP%3ESure%2C%20We%20are%20having%20users%20get%20blocked%20when%20they%20accidentally%20press%20Deny%20from%20the%20Microsoft%20Authenticator%26nbsp%3BApp.%3C%2FP%3E%3CP%3ETo%20unblock%20them%20we%20have%20to%20open%20Azure%20Active%20Directory%20Admin%20Center%20or%20(%3CA%20href%3D%22https%3A%2F%2Faad.portal.azure.com%2F%23blade%2FMicrosoft_AAD_IAM%2FMultifactorAuthenticationMenuBlade%2FOverview%2FfromProviders%2F%2FhasMFALicense%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Faad.portal.azure.com%2F%23blade%2FMicrosoft_AAD_IAM%2FMultifactorAuthenticationMenuBlade%2FOverview%2FfromProviders%2F%2FhasMFALicense%2F%3C%2FA%3E)%20open%20MFA%20%2F%20Under%20Settings%20open%20Block%2FUnblock%20users%2C%20then%20unblock%20that%20account.%3C%2FP%3E%3CP%3EWe%20have%20a%20Hybrid%20domain%20and%20normally%20we%20can%20enable%2C%20Enforce%2C%20Disable%20from%20%3CA%20href%3D%22https%3A%2F%2Faccount.activedirectory.windowsazure.com%2FUserManagement%2FMultifactorVerification.aspx%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Faccount.activedirectory.windowsazure.com%2FUserManagement%2FMultifactorVerification.aspx%26nbsp%3B%3C%2FA%3EBut%20Unblock%20%2F%20Block%20is%20NOT%20an%20option%20there.%3C%2FP%3E%3CP%3EI%20have%20a%20Powershell%20Script%20to%20Enable%2C%20Enforce%2C%20Disable%2C%20but%20I%20do%20not%20see%20anything%20on%20unblocking%20a%20user.%3C%2FP%3E%3CP%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-414815%22%20slang%3D%22en-US%22%3ERe%3A%20Unblock%20MFA%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-414815%22%20slang%3D%22en-US%22%3E%3CP%3EInteresting%2C%20I've%20never%20seen%20deny%20result%20in%20a%20block%20when%20using%20Azure%20MFA.%20I%20just%20did%20a%20quick%20test%20with%20my%20account%20and%20it%20doesn't%20result%20in%20blocking.%20Perhaps%20I'm%20missing%20something...%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIn%20any%20case%2C%20the%20unblock%20action%20can%20only%20be%20done%20via%20the%20portal%20UI%20afaik.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-416640%22%20slang%3D%22en-US%22%3ERe%3A%20Unblock%20MFA%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-416640%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%2C%20Frustrating%2C%20But%20thanks...%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-752753%22%20slang%3D%22en-US%22%3ERe%3A%20Unblock%20MFA%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-752753%22%20slang%3D%22en-US%22%3E%3CP%3EWhen%20any%20MFA%20enabled%20Microsoft%20or%20Office%20365%20user%20has%20tried%20login%20in%20with%20incorrect%20password%20then%20the%20user%20account%20gets%20blocked%20and%20can%20be%20unblocked%20using%20below%20URL.%3C%2FP%3E%3CP%3EEven%20if%20you%20have%20basic%20free%20subscription%20a%20Global%20Admin%20can%20Login%20here%20an%20unblock%20the%20user%20account.%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Faad.portal.azure.com%2F%23blade%2FMicrosoft_AAD_IAM%2FMultifactorAuthenticationMenuBlade%2FBlockedUsers%2FfromProviders%2F%2FhasMFALicense%2Ftrue%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Faad.portal.azure.com%2F%23blade%2FMicrosoft_AAD_IAM%2FMultifactorAuthenticationMenuBlade%2FBlockedUsers%2FfromProviders%2F%2FhasMFALicense%2Ftrue%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMore%20details%3A-%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fblogs.technet.microsoft.com%2Ftfg%2F2015%2F12%2F02%2Fenglish-unblocking-azure-mfa-for-an-o365aad-user%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fblogs.technet.microsoft.com%2Ftfg%2F2015%2F12%2F02%2Fenglish-unblocking-azure-mfa-for-an-o365aad-user%2F%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHope%20that%20answers%20the%20question%20however%20any%20unanswered%20queries%20about%20MFA%20or%20Office%20365%20are%20welcome.%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F316079%22%20target%3D%22_blank%22%3E%40TDoss%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
TDoss
New Contributor

Looking to user Powershell to unblock a user within Azure MFA if they get blocked. I can Enable, Enforce, and Disable via Powershell but I am not finding those commands for PowerShell.

5 Replies

Can you clarify what exactly mean by unblock? There is no block feature in Azure MFA, there is one when using MFA Server. And no, there isn't a way to configure it via PowerShell.

 

The other thing that comes in mind is identities blocked by the Azure Identity Protection?

 

Sure, We are having users get blocked when they accidentally press Deny from the Microsoft Authenticator App.

To unblock them we have to open Azure Active Directory Admin Center or (https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/MultifactorAuthenticationMenuBlade/Overview/fr...) open MFA / Under Settings open Block/Unblock users, then unblock that account.

We have a Hybrid domain and normally we can enable, Enforce, Disable from https://account.activedirectory.windowsazure.com/UserManagement/MultifactorVerification.aspx But Unblock / Block is NOT an option there.

I have a Powershell Script to Enable, Enforce, Disable, but I do not see anything on unblocking a user.

 @Vasil Michev 

Solution

Interesting, I've never seen deny result in a block when using Azure MFA. I just did a quick test with my account and it doesn't result in blocking. Perhaps I'm missing something...

 

In any case, the unblock action can only be done via the portal UI afaik.

Thanks, Frustrating, But thanks... @Vasil Michev 

When any MFA enabled Microsoft or Office 365 user has tried login in with incorrect password then the user account gets blocked and can be unblocked using below URL.

Even if you have basic free subscription a Global Admin can Login here an unblock the user account.

https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/MultifactorAuthenticationMenuBlade/BlockedUser...

 

More details:-

https://blogs.technet.microsoft.com/tfg/2015/12/02/english-unblocking-azure-mfa-for-an-o365aad-user/

 

Hope that answers the question however any unanswered queries about MFA or Office 365 are welcome.

@TDoss 

Related Conversations
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
30 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
7 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies