Issue description
We are aware of an issue preventing the ‘Re-enroll Azure MFA’ button from working successfully in Portal. It affects the following use cases:
- User registered with the default authentication method ‘OATH time-based one-time password (TOTP)’.
- Users registered with more than one authentication methods – the default authentication method set to ‘Phone’ plus any other method.
When the button is selected in the User Detail page in Portal, we expect the authentication methods to be removed from the account so that the user is prompted to re-register an MFA authentication method upon next login. Currently, no error is thrown, and a successful audit is produced, however, users are not prompted to re-register their authentication method for MFA as they have not been removed correctly.
Latest updates and guidance:
This is being investigated under problem record PRB0221699.
If users are not prompted to re-register an authentication method for MFA after administrators have selected the ‘Re-enroll Azure MFA’ button in Portal, we request they confirm the default authentication method within the MFA Status report. They should raise a Service Request with the Helpdesk (helpdesk@nhs.net), providing the email address of the affect users so that the desk can manually re-enrol the user for MFA.
| Last Reviewed Date | 06/03/2024 |
