Push icon
  • Product
  • Use cases
    SaaS discovery
    SaaS discovery
    Detect SaaS apps that employees are using in your company.
    Risky third-party integrations
    Risky third-party integrations
    Nudge employees to remove unused third-party integrations.
    Malicious mail rule detection
    Malicious mail rule detection
    A strong indicator of compromise. Detect and respond automatically.
    Automated MFA deployment
    Automated MFA deployment
    Use ChatOps to automatically nudge employees to enroll.
  • Pricing
  • Blog
  • About

Recover an account with MFA: Microsoft 365

To follow this guide you will need:

  • The correct role: the Authentication Administrator role is needed to perform these steps for most users or the Privileged Authentication Administrator for all users, including admins. Higher privilege roles, such as Global Administrator, can also perform these actions.


If a user loses or breaks their Multi-Factor Authentication method, we need to mark their account as requiring re-registration of MFA.

Step 1

First you should make sure the request is actually from the user it appears to be.

If the request to reset MFA is from an email (work or personal) or a phone call from someone you don’t know well enough to recognise their voice, you should first take a minute to check that the request is legitimate.

Do this by giving them a call or sending them a secure text message (e.g. Slack, Teams, Telegram, or Signal) using a number you got from the company directory or phonebook (or in a pinch from another colleague).

A simple: “Hi, this is IT - just double checking you requested an MFA reset” and confirmation from them will do the job.

Need more information? See our article on verifying user requests.

Step 2

Go to the Users blade in the Azure Active Directory admin center. Select the target user.

Step 3

From the side menu, select Authentication Methods:

Microsoft 365: Authentication methods

Step 4

Select Require re-register MFA:

M365: Users, Authentication methods, Require re-register MFA

Step 5

Instruct the user to go to https://aka.ms/mfasetup to re-register for MFA.

push logo
Product
  • Overview
  • Pricing
Use cases
  • SaaS discovery
  • Risky third-party integrations
  • Malicious mail rule detection
  • Automated MFA deployment
Push
  • Team
  • Investors
  • Contact
  • Careers
Assurance
  • Privacy policy
  • Cookie policy
  • Terms
  • Sub-processors
© Push 2022. All rights reserved.
cyber essentials logo
You're offline. Waiting to reconnect.