Resetting SMS MFA with Entra External ID

Rory Braybrook
The new control plane
3 min readSep 24, 2024
Image of Reset button
Evan-Amos, Public domain, via Wikimedia Commons

I have set up a user with email/password and I use conditional access to set up MFA for the user.

The user's choice for MFA is to send an OTP to either their email address or phone.

What happens when the user loses their phone or buys a new one? You can do this by resetting the MFA for SMS and allowing the user to proof up again.

You can’t reset the email because that is the user’s identity.

When the user has proofed up for the first time and then logs in, they see this screen.

Image showing text code to +XX XXXXX

The user now verifies their SMS.

If we look at the user details under “Authentication methods”, we see that the user has SMS set.

Authentication methods showing SMS set

Note that you can change the phone option to SMS or voice call.

Image showing sign-in = SMS or voice call

Now, if the user loses their phone or buys a new one, they need to reset their MFA.

To do this, use the “Require re-register MFA” tab.

Image showing “Require re-register MFA” tab under “Authentication methods”

This brings up this screen:

Image requiring confirmation that you want to remove phone auth. via SMS

Click “OK”.

Now the “Authentication methods” screen shows:

Image showing SMS MFA has been removed

and you can see that the SMS option has been removed.

When the user next logs in, they will be asked to proof up again, and then they can use their new phone.

Image asking user to proof up via phone

Note that if you click the “Use a different verification option” after the user has proofed up, you see:

Image showing MFA choice — either Text or Email

and you can use either option.

All good!

--

--

The new control plane
The new control plane

Published in The new control plane

“Identity is the new control plane”. Articles around Microsoft Identity, Auth0 and identityserver. Click the “Archive” link at the bottom for more posts.

Rory Braybrook
Rory Braybrook

Written by Rory Braybrook

NZ Microsoft Identity dude and MVP. Azure AD/B2C/ADFS/Auth0/identityserver. StackOverflow: https://bit.ly/2XU4yvJ Presentations: http://bit.ly/334ZPt5

No responses yet