Home

Re-enter authentication details

%3CLINGO-SUB%20id%3D%22lingo-sub-292887%22%20slang%3D%22en-US%22%3ERe-enter%20authentication%20details%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-292887%22%20slang%3D%22en-US%22%3E%3CP%3EBeen%20searching%20for%20a%20way%20to%20force%20a%20specific%20or%20multiple%20users%20to%20re-enter%20their%20O365%2FAzure%20authentication%20details%20(alt%20email%2C%20mobile%20phone%20etc.)%20and%2C%20can't%20find%20one.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20help%20on%20how%20to%20do%20this%20would%20be%20mighty%20helpful.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-292887%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Active%20Directory%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-328484%22%20slang%3D%22en-US%22%3ERe%3A%20Re-enter%20authentication%20details%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-328484%22%20slang%3D%22en-US%22%3E%3CP%3EI%20actually%20found%20a%20solution%20to%20this%20and%20i%20wrote%20to%20Microsoft%20to%20update%20their%20info%2C%20and%20now%20they%20have%20updated%20there%20documentation%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-mfa-userstates%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-mfa-userstates%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20is%20also%20posisble%20to%20define%2Fchange%20the%20default%20auth%20method%20for%20a%20user.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%24MethodOneWaySMS%3DNew-Object%20-TypeName%20Microsoft.Online.Administration.StrongAuthenticationMethod%3CBR%20%2F%3E%24MethodOneWaySMS.IsDefault%20%3D%20%24false%3CBR%20%2F%3E%24MethodOneWaySMS.MethodType%3D%22OneWaySMS%22%3CBR%20%2F%3E%3CBR%20%2F%3E%24MethodTwoWayVoiceMobile%3DNew-Object%20-TypeName%20Microsoft.Online.Administration.StrongAuthenticationMethod%3CBR%20%2F%3E%24MethodTwoWayVoiceMobile.IsDefault%20%3D%20%24false%3CBR%20%2F%3E%24MethodTwoWayVoiceMobile.MethodType%3D%22TwoWayVoiceMobile%22%3CBR%20%2F%3E%3CBR%20%2F%3E%24MethodPhoneAppOTP%3DNew-Object%20-TypeName%20Microsoft.Online.Administration.StrongAuthenticationMethod%3CBR%20%2F%3E%24MethodPhoneAppOTP.IsDefault%20%3D%20%24false%3CBR%20%2F%3E%24MethodPhoneAppOTP.MethodType%3D%22PhoneAppOTP%22%3CBR%20%2F%3E%3CBR%20%2F%3E%24MethodPhoneAppNotification%3DNew-Object%20-TypeName%20Microsoft.Online.Administration.StrongAuthenticationMethod%3CBR%20%2F%3E%24MethodPhoneAppNotification.IsDefault%20%3D%20%24false%3CBR%20%2F%3E%24MethodPhoneAppNotification.MethodType%3D%22PhoneAppNotification%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%23%20To%20set%20the%20users%20default%20method%20for%20doing%20second%20factor%3CBR%20%2F%3E%24AllMethods%3D%40(%24MethodOneWaySMS%2C%24MethodTwoWayVoiceMobile%2C%24MethodPhoneAppOTP%2C%24MethodPhoneAppNotification)%3CBR%20%2F%3E%3CBR%20%2F%3E%23%20Set%20command%20to%20define%20new%20settings%3CBR%20%2F%3Eset-msoluser%20-Userprincipalname%20%24Userprincipalname%20-StrongAuthenticationMethods%20%24AllMethods%3C%2FP%3E%3C%2FLINGO-BODY%3E
labonn
Occasional Visitor

Been searching for a way to force a specific or multiple users to re-enter their O365/Azure authentication details (alt email, mobile phone etc.) and, can't find one.

 

Any help on how to do this would be mighty helpful.

 

1 Reply

I actually found a solution to this and i wrote to Microsoft to update their info, and now they have updated there documentation :)

 

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates

 

It is also posisble to define/change the default auth method for a user.

 

$MethodOneWaySMS=New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationMethod
$MethodOneWaySMS.IsDefault = $false
$MethodOneWaySMS.MethodType="OneWaySMS"

$MethodTwoWayVoiceMobile=New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationMethod
$MethodTwoWayVoiceMobile.IsDefault = $false
$MethodTwoWayVoiceMobile.MethodType="TwoWayVoiceMobile"

$MethodPhoneAppOTP=New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationMethod
$MethodPhoneAppOTP.IsDefault = $false
$MethodPhoneAppOTP.MethodType="PhoneAppOTP"

$MethodPhoneAppNotification=New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationMethod
$MethodPhoneAppNotification.IsDefault = $false
$MethodPhoneAppNotification.MethodType="PhoneAppNotification"

 

# To set the users default method for doing second factor
$AllMethods=@($MethodOneWaySMS,$MethodTwoWayVoiceMobile,$MethodPhoneAppOTP,$MethodPhoneAppNotification)

# Set command to define new settings
set-msoluser -Userprincipalname $Userprincipalname -StrongAuthenticationMethods $AllMethods