管理云中 Azure 多重身份验证的用户设置Manage user settings with Azure Multi-Factor Authentication in the cloud

作为管理员,可以管理以下用户和设备设置:As an administrator, you can manage the following user and device settings:

  • 要求用户再次提供联系方法Require users to provide contact methods again
  • 删除应用密码Delete app passwords
  • 在所有信任的设备上要求 MFARequire MFA on all trusted devices

管理身份验证方法Manage authentication methods

作为被分配“身份验证管理员”角色的管理员,你可以要求用户重置其密码、重新注册 MFA,或者从其用户对象撤消现有的 MFA 会话。As an administrator assigned the Authentication Administrator role you can require users to reset their password, re-register for MFA, or revoke existing MFA sessions from their user object.

从 Azure 门户管理身份验证方法

  1. 登录到 Azure 门户Sign in to the Azure portal.
  2. 在左侧,选择“Azure Active Directory” > “用户” > “所有用户” 。On the left, select Azure Active Directory > Users > All users.
  3. 选择要在其上执行操作的用户,然后选择“身份验证方法”。 Choose the user you wish to perform an action on and select Authentication methods.
    • “重置密码”会重置用户的密码并分配一个必须在下次登录时更改的临时密码。 Reset Password will reset the user's password and assign a temporary password that must be changed on the next sign in.
    • “要求重新注册 MFA”在生效后,会请求用户在下次登录时设置一个新的 MFA 身份验证方法。 Require Re-register MFA will make it so that when the user signs in next time, they will be requested to setup a new MFA authentication method.
    • “撤消 MFA 会话”会清除用户的被系统记住的 MFA 会话,并要求用户下一次登录时执行 MFA。这是设备上的策略要求的。 Revoke MFA Sessions clears the user's remembered MFA sessions and requires them to perform MFA the next time it is required by the policy on the device.

删除用户现有的应用密码Delete users existing app passwords

此设置会删除用户创建的所有应用密码。This setting deletes all of the app passwords that a user has created. 与这些应用密码关联的非浏览器应用将会停止工作,直到创建新应用密码为止。Non-browser apps that were associated with these app passwords stop working until a new app password is created. 需要全局管理员权限才能执行此操作。Global administrator permissions are required to perform this action.

如何删除用户现有的应用密码How to delete users existing app passwords

  1. 登录到 Azure 门户Sign in to the Azure portal.
  2. 在左侧,选择“Azure Active Directory” > “用户” > “所有用户” 。On the left, select Azure Active Directory > Users > All users.
  3. 在右侧,选择工具栏上的“多重身份验证” 。On the right, select Multi-Factor Authentication on the toolbar. 多重身份验证页面将打开。The multi-factor authentication page opens.
  4. 选中要管理的用户或用户旁的框。Check the box next to the user or users that you wish to manage. 右侧会显示快速步骤选项列表。A list of quick step options appears on the right.
  5. 选择“管理用户设置” 。Select Manage user settings.
  6. 选中“删除选定用户生产的所有现有应用密码”框 。Check the box for Delete all existing app passwords generated by the selected users. 删除所有现有的应用密码Delete all existing app passwords
  7. 单击“保存” 。Click save.
  8. 单击“关闭” 。Click close.

后续步骤Next steps