Reset-EntraStrongAuthenticationMethodByUpn
Resets the strong authentication method using the User Principal Name (UPN).
Syntax
Reset-EntraStrongAuthenticationMethodByUpn
-UserPrincipalName <String>
[-TenantId <String>]
[<CommonParameters>] Description
The Reset-EntraStrongAuthenticationMethodByUpn cmdlet resets the strong authentication method by using the User Principal Name (UPN). It is recommended to use Temporary Access Pass (TAP) to allow a users to sign in temporarily without MFA instead of deleting all methods.
Deleting all methods will force the user to re-register MFA next time they sign in.
In delegated scenarios with work or school accounts, when acting on another user, the signed-in user must have a supported Microsoft Entra role or custom role with the necessary permissions. The least privileged roles for this operation are:
- Authentication Administrator
- Privileged Authentication Administrator
Examples
Example 1: Resets the strong authentication method by using the User Principal Name
Connect-Entra -Scopes 'UserAuthenticationMethod.ReadWrite.All'
Reset-EntraStrongAuthenticationMethodByUpn -UserPrincipalName '[email protected]'This example demonstrates how to reset the strong authentication method by using the User Principal Name (UPN).
-UserPrincipalNameparameter specifies the User Principal Name (UPN) of the user whose strong authentication method is being reset. You can use-UserId,-Identity,-UPN,-ObjectIdas an alias for-UserPrincipalName.
Parameters
-UserPrincipalName
Specifies the User Principal Name (UPN) of the user whose strong authentication method is being reset.
| Type: | System.String |
| Aliases: | UserId, Identity, UPN, ObjectId |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |