Hi @tim richards · Thank you for reaching out.
When MFA is not enabled using Multi-factor Authentication Portal, and users directly go to aka.ms/mfasetup to do the MFA proofup, they just configure MFA Method e.g., MFA phone call/text message, which populates this information in StrongAuthenticationMethods
attribute and the phone attribute under authentication methods of those users. However, as the MFA status of the users is disabled, they won't be prompted to perform MFA while accessing any cloud application protected with Azure AD authentication.
In short, they just have populated the information required to perform MFA but they won't be prompted to perform MFA until the status is enabled in the Multi-factor Authentication Portal (unless MFA is enabled via other methods like Conditional Access or Identity protection).
Now, if you want to clear the information that they have populated via aka.ms/mfasetup, and present them with 'more information required' screen, you can use below PowerShell cmdlet:
- Run
Connect-MsolService
and sign in with Global Admin Account. - Run
Set-MsolUser -UserPrincipalName username@your_tenant.onmicrosoft.com -StrongAuthenticationMethods @()
to clear MFA information for the given user.
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.