Jul 23 2017
05:26 AM
- last edited on
Jan 14 2022
05:30 PM
by
TechCommunityAP
Jul 23 2017
05:26 AM
- last edited on
Jan 14 2022
05:30 PM
by
TechCommunityAP
Is there a way to force a user to re-register with the Azure AD Self Service Password Reset as if he/she has never registered before?
Is there a way to remove the registration of a specific user or re-initialise a specific user?
Jul 23 2017 05:31 AM
If they have not registered, re-registration does not seem applicable to me so I'm a little bit confused by your question, but you may find this helpful https://docs.microsoft.com/en-us/azure/active-directory/active-directory-passwords-data
Jul 23 2017 11:25 AM
You can clear the SSPR data via PowerShell, the relevant attributes are listed here: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-passwords-data
Jul 26 2017 05:09 AM
Hi Han,
Did you tried following by clearing the user data what Vasil suggested?
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-passwords-data
May be a new user you could try and test.
Jul 30 2017 08:30 AM
Jul 30 2017 05:58 PM
Hi !
Review your eligible accounts.
Get-MsolUser -UserPrincipalName admin@soft.onmicrosoft.com | select PasswordNeverExpires
More about passwords and password expiration policies
https://support.office.com/en-us/article/Change-how-often-passwords-expire-in-Office-365-for-Small-B...
Feb 19 2018 07:57 AM
My question has nothing to do with password expiring.
Feb 19 2018 09:15 AM
Hi Han,
Within the MFA configuration, there is an option to require selected users to provide contact methods again. As far as i can see, the user doesn't have be MFA enabled.
Within https://aad.portal.azure.com go to Users. On the top of the page, you can go to Multi-Factor Authentication. A new page/tab will be opened. On that page you can select the user => Manage User Settings => place a check mark at Require selected users to provide contact methods again and click save.
Hope this helps.
Best regards,
Ruud Gijsbers
Feb 19 2018 04:26 PM
Yes, I understand.
Do you agree with Ruud Gijsbers?
Jun 29 2018 11:35 AM
I was trying to do the same task, force a user to re-register for SSPR in a lab tenant. I was able to do so by removing values from the AAD user.
Get-MsolUser -UserPrincipalName user@domain.com | select AlternateEmailAddresses
Get-MsolUser -UserPrincipalName user@domain.com | select MobilePhone
Get-MsolUser -UserPrincipalName user@domain.com | select PhoneNumber
After I removed data from all 3 properties, the user could no longer do SSPR. When the user goes to https://aka.ms/ssprsetup, they are prompted to register (after a successful sign-in).
Jan 03 2019 02:14 AM
I Found A solution to this 🙂
# /MWU
# First connect to your tenant (as you use to do it)
# Output from my connect tenant function
# cat function:Connect-O365-PROD
# Actual Connect-O365-PROD function
Get-PSSession | Remove-PSSession
$PROD365Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell-liveid -Credential $PRODAdminCred -Authentication Basic -AllowRedirection
#Use this if you import scriptfunctions from remote server, i only load remote script in my $profile
Import-Module (Import-PSSession $PROD365Session -AllowClobber) -global
Connect-MsolService -Credential $PRODAdminCred
##################Forget above if you are Pro :)#######################################
#Selected user in cloud
$Userpricipalname = "abc@org.com"
#Get settings for a user with exsisting auth data
$User = Get-MSolUser -UserPrincipalName $Userpricipalname
# Viewing default method
$User.StrongAuthenticationMethods
# Creating custom object for default method (here you just put in $true insted of $false, on the prefeered method you like)
$m1=New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationMethod
$m1.IsDefault = $false
$m1.MethodType="OneWaySMS"
$m2=New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationMethod
$m2.IsDefault = $false
$m2.MethodType="TwoWayVoiceMobile"
$m3=New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationMethod
$m3.IsDefault = $false
$m3.MethodType="PhoneAppOTP"
$m4=New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationMethod
$m4.IsDefault = $True
$m4.MethodType="PhoneAppNotification"
# To set the users default method for doing second factor
#$m=@($m1,$m2,$m3,$m4)
# To force user ONLY to re-register without clearing their phonenumber or App shared secret.
$m=@()
# Set command to define new settings
set-msoluser -Userprincipalname $user.UserPrincipalName -StrongAuthenticationMethods $m
#Settings should be empty, and user is required to register new phone number or whatever they like, i case they lost their phone.
$User = Get-MSolUser -UserPrincipalName $Userpricipalname
$User.StrongAuthenticationMethods
May 02 2022 07:18 AM
May 04 2022 02:03 AM
Aug 22 2022 04:22 PM