Users occasionally lose access to their Multifactor Authentication (MFA) source, possibly by purchasing a new phone or changing phone numbers. When this happens, they are locked out of any resource that requires MFA. In these cases, they need to re-register for MFA with their new source.
Here are the steps to reset MFA registration for a user in Azure:
NOTE: to reset a user’s MFA registration, the account performing the following actions must be in the Authentication Admin or Global Admin role.
- Log in to the Azure Portal at https://portal.azure.com
- Navigate to the Azure Active Directory service
- Click on Users from the left menu
- Navigate to the user’s profile by clicking on their name
Click on Authentication methods option from the left menu
Click on Require re-register MFA
Optionally, click on Revoke MFA sessions to kill any active MFA sessions
Once these steps are complete, the user will be prompted to register for MFA the next time they attempt to access an area of Azure/M365 that requires MFA.