Multi-factor authentication (MFA) is an authentication method in which a user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism.

Over time, a user may lose or replace an authenticator device or perhaps move to a new mobile phone number. This is likely to impact MFA and so prevent access to the user’s computer.  A resultant change to MFA details is therefore required if the user is to continue to enjoy access. Individual users may manage their own MFA settings using the online portal at http://aka.ms/MFASetup. However, if this is not completed prior to decommissioning the old device, then administrator assistance will be required to reset the user’s MFA details.

This article shows how an administrator can reset a user’s MFA details, enabling the user to then set up new MFA details at their next log on.

Prerequisites

To complete this task, you must have appropriate Office 365 administrator permissions.

Reset the MFA details of a user

1. Go to https://portal.azure.com, and sign into the Microsoft Azure portal using an account with administrative privileges.
2. From the left-hand menu, click Azure Active Directory and, from the options given, click Users.
   
   
   
   A list of All users appears.

3. Search the list for, and click on, the desired user.
   
   

4. On the left-hand menu panel, under Manage, click Authentication methods.
   
   

5. Click Require re-register MFA and/or add/change the mobile phone number (the used becoms able to authenticate with additional methods then).