As an administrator, you can manage the following user and device settings:
- Require users to provide contact methods again
- Delete app passwords
- Require MFA on all trusted devices
Require users to provide contact methods again
This setting forces the user to complete the registration process again. Non-browser apps continue to work if the user has app passwords for them. You can delete the users app passwords by also selecting Delete all existing app passwords generated by the selected users.
How to require users to provide contact methods again
- Sign in to the Azure portal.
- On the left, select Azure Active Directory > Users and groups > All users.
- Select Multi-Factor Authentication. The multi-factor authentication page opens.
- Check the box next to the user or users that you wish to manage. A list of quick step options appear on the right.
- Select Manage user settings.
- Check the box for Require selected users to provide contact methods again.

- Click save.
- Click close.
Delete users existing app passwords
This setting deletes all of the app passwords that a user has created. Non-browser apps that were associated with these app passwords stop working until a new app password is created.
How to delete users existing app passwords
- Sign in to the Azure portal.
- On the left, select Azure Active Directory > Users and groups > All users.
- Select Multi-Factor Authentication. The multi-factor authentication page opens.
- Check the box next to the user or users that you wish to manage. A list of quick step options appear on the right.
- Select Manage user settings.
- Check the box for Delete all existing app passwords generated by the selected users.

- Click save.
- Click close.
Restore MFA on all remembered devices for a user
One of the configurable features of Azure Multi-Factor Authentication is giving your users the option to mark devices as trusted. For more information, see Configure Azure Multi-Factor Authentication settings.
Users can opt out of two-step verification for a configurable number of days on their regular devices. If an account is compromised or a trusted device is lost, you need to be able to remove the trusted status and require two-step verification again.
The Restore multi-factor authentication on all remembered devices setting means that the user will be challenged to perform two-step verification the next time they sign in, regardless of whether they chose to mark their device as trusted.
How to restore MFA on all suspended devices for a user
- Sign in to the Azure portal.
- On the left, select Azure Active Directory > Users and groups > All users.
- Select Multi-Factor Authentication. The multi-factor authentication page opens.
- Check the box next to the user or users that you wish to manage. A list of quick step options appear on the right.
- Select Manage user settings.
- Check the box for Restore multi-factor authentication on all remembered devices

- Click save.
- Click close.
Next steps
Get more information about how to Configure Azure Multi-Factor Authentication settings
If your users need help, point them towards the User guide for two-step verification



