Nov 29 2018 09:28 AM
Been searching for a way to force a specific or multiple users to re-enter their O365/Azure authentication details (alt email, mobile phone etc.) and, can't find one.
Any help on how to do this would be mighty helpful.
Jan 31 2019 02:36 AM
I actually found a solution to this and i wrote to Microsoft to update their info, and now they have updated there documentation :)
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates
It is also posisble to define/change the default auth method for a user.
$MethodOneWaySMS=New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationMethod
$MethodOneWaySMS.IsDefault = $false
$MethodOneWaySMS.MethodType="OneWaySMS"
$MethodTwoWayVoiceMobile=New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationMethod
$MethodTwoWayVoiceMobile.IsDefault = $false
$MethodTwoWayVoiceMobile.MethodType="TwoWayVoiceMobile"
$MethodPhoneAppOTP=New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationMethod
$MethodPhoneAppOTP.IsDefault = $false
$MethodPhoneAppOTP.MethodType="PhoneAppOTP"
$MethodPhoneAppNotification=New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationMethod
$MethodPhoneAppNotification.IsDefault = $false
$MethodPhoneAppNotification.MethodType="PhoneAppNotification"
# To set the users default method for doing second factor
$AllMethods=@($MethodOneWaySMS,$MethodTwoWayVoiceMobile,$MethodPhoneAppOTP,$MethodPhoneAppNotification)
# Set command to define new settings
set-msoluser -Userprincipalname $Userprincipalname -StrongAuthenticationMethods $AllMethods