One of the tasks an Azure admin will probably have to do frequently when MFA is enabled for O365 users is to reset it. This can be achieved by manually use the “Require re-register MFA” option in the Azure admin portal. We at Provisior are all about automating as much as possible so that users can do that themselves by using the self service capabilities of the Provisior platform.

You can use the following PowerShell script to clear the current authentication methods for O365, so the users is required to configure MFA again.

    $noMfaConfig = @()
    Set-MsolUser -UserPrincipalName $upn -StrongAuthenticationMethods $noMfaConfig

By binding the script to a service in the service catalog, you are able to offer this to your end users.

Note: this script requires at least the Authentication Administrator role in Azure.