CODEWITHSUNDEEP
azurepowershellauthenticationazure-active-directorymulti-factor-authentication
Suri007
Suri007

Reputation: 101

Command to remove the number and revoke the MFA sessions through powershell in Azure

Currently doing the manual task to remove the Number of the user and then revoke multifactor authentication sessions from the portal for the off-boarding user.

is there any PowerShell command to remove the number and then revoke the MFA sessions and then save?

enter image description here

Upvotes: 0

Views: 4747

Answers (1)

Imran
Imran

Reputation: 5550

I tried to reproduce in my environment using PowerShell and got the below results

I have phone authentication method enabled for me like below:

enter image description here

Make sure to install the Microsoft.Graph.Identity.Signins PowerShell module like below

Install-module Microsoft.Graph.Identity.Signins
Connect-MgGraph -Scopes UserAuthenticationMethod.ReadWrite.All
Select-MgProfile -Name beta

To Remove a specific phone number for a user, use this below cmdlet

Remove-MgUserAuthenticationPhoneMethod -UserId [email protected] -PhoneAuthenticationMethodId 3179e48a-750b-4051-897c-87b9720928f7

enter image description here

The value of id should be 3179e48a-750b-4051-897c-87b9720928f7 to delete for mobile phone type

After running the above command phone number removed successfully like below

enter image description here

To revoke MFA session, use the below cmdlet

Revoke-AzureADUserAllRefreshToken -ObjectId "xxxxxxx"

enter image description here

Reference: Manage authentication methods for Azure AD Multi-Factor Authentication

Upvotes: 1

Related Questions