Reset-EntraStrongAuthenticationMethodByUpn
Resets the strong authentication method using the User Principal Name (UPN).
Syntax
Default (Default)
Reset-EntraStrongAuthenticationMethodByUpn
-UserPrincipalName <String>
[-TenantId <String>]
[<CommonParameters>]
Description
The Reset-EntraStrongAuthenticationMethodByUpn cmdlet resets the strong authentication method by using the User Principal Name (UPN). It is recommended to use Temporary Access Pass (TAP) to allow a users to sign in temporarily without MFA instead of deleting all methods.
Deleting all methods will force the user to re-register MFA next time they sign in.
In delegated scenarios with work or school accounts, when acting on another user, the signed-in user must have a supported Microsoft Entra role or custom role with the necessary permissions. The least privileged roles for this operation are:
- Authentication Administrator
- Privileged Authentication Administrator
Examples
Example 1: Resets the strong authentication method by using the User Principal Name
Connect-Entra -Scopes 'UserAuthenticationMethod.ReadWrite.All'
Reset-EntraStrongAuthenticationMethodByUpn -UserPrincipalName 'SawyerM@contoso.com'
This example demonstrates how to reset the strong authentication method by using the User Principal Name (UPN).
-UserPrincipalNameparameter specifies the User Principal Name (UPN) of the user whose strong authentication method is being reset. You can use-UserId,-Identity,-UPN,-ObjectIdas an alias for-UserPrincipalName.
Parameters
-TenantId
The unique ID of the tenant to perform the operation on. The TenantID applies to the logged-in Tenant ID. Ensures backward compatibility with Azure AD and MSOnline for partner scenarios.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-UserPrincipalName
Specifies the User Principal Name (UPN) of the user whose strong authentication method is being reset.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | UserId, Identity, UPN, ObjectId |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.