| title | description | documentationcenter | services | author | manager | ms.assetid | ms.service | ms.workload | ms.tgt_pltfrm | ms.devlang | ms.topic | ms.date | ms.author | ms.reviewer | ms.custom |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Admins manage users and devices - Azure MFA | Microsoft Docs |
This describes how to change user settings such as forcing the users to do the proof-up process again. |
multi-factor-authentication |
MicrosoftGuyJFlo |
femila |
aac3b922-7cc1-428c-9044-273579aa7b5a |
multi-factor-authentication |
identity |
na |
na |
article |
06/23/2017 |
joflore |
richagi |
it-pro |
As an administrator, you can manage the following user and device settings:
- Require users to provide contact methods again
- Delete app passwords
- Require MFA on all trusted devices
This setting forces the user to complete the registration process again. Non-browser apps continue to work if the user has app passwords for them. You can delete the users app passwords by also selecting Delete all existing app passwords generated by the selected users.
- Sign in to the Azure portal.
- On the left, select Azure Active Directory > Users and groups > All users.
- Select Multi-Factor Authentication. The multi-factor authentication page opens.
- Check the box next to the user or users that you wish to manage. A list of quick step options appear on the right.
- Select Manage user settings.
- Check the box for Require selected users to provide contact methods again.
- Click save.
- Click close.
This setting deletes all of the app passwords that a user has created. Non-browser apps that were associated with these app passwords stop working until a new app password is created.
- Sign in to the Azure portal.
- On the left, select Azure Active Directory > Users and groups > All users.
- Select Multi-Factor Authentication. The multi-factor authentication page opens.
- Check the box next to the user or users that you wish to manage. A list of quick step options appear on the right.
- Select Manage user settings.
- Check the box for Delete all existing app passwords generated by the selected users.
- Click save.
- Click close.
One of the configurable features of Azure Multi-Factor Authentication is giving your users the option to mark devices as trusted. For more information, see Configure Azure Multi-Factor Authentication settings.
Users can opt out of two-step verification for a configurable number of days on their regular devices. If an account is compromised or a trusted device is lost, you need to be able to remove the trusted status and require two-step verification again.
The Restore multi-factor authentication on all remembered devices setting means that the user will be challenged to perform two-step verification the next time they sign in, regardless of whether they chose to mark their device as trusted.
- Sign in to the Azure portal.
- On the left, select Azure Active Directory > Users and groups > All users.
- Select Multi-Factor Authentication. The multi-factor authentication page opens.
- Check the box next to the user or users that you wish to manage. A list of quick step options appear on the right.
- Select Manage user settings.
- Check the box for Restore multi-factor authentication on all remembered devices
- Click save.
- Click close.
-
Get more information about how to Configure Azure Multi-Factor Authentication settings
-
If your users need help, point them towards the User guide for two-step verification