管理 Azure 多重身份验证的用户设置Manage user settings for Azure Multi-Factor Authentication

为了便于管理 Azure 多重身份验证的用户,可以要求用户重置其密码、重新注册 MFA,或撤消现有的 MFA 会话。To help manage the users of Azure Multi-Factor Authentication, you can require users to reset their password, re-register for MFA, or revoke existing MFA sessions. 对于已定义应用密码的用户,还可以选择删除这些密码,使这些应用程序中的旧身份验证失败。For users that have defined app passwords, you can also choose to delete these passwords, causing legacy authentication to fail in those applications. 如果需要向用户提供帮助或想要重置其安全状态,可能需要执行这些操作。These actions may be necessary if you need to provide assistance to a user, or want to reset their security status.

管理用户身份验证选项Manage user authentication options

如果你被分配“身份验证管理员”角色,你可以要求用户重置其密码、重新注册 MFA,或者从其用户对象撤消现有的 MFA 会话。If you're assigned the Authentication Administrator role you can require users to reset their password, re-register for MFA, or revoke existing MFA sessions from their user object. 若要管理用户设置,请完成以下步骤:To manage user settings, complete the following steps:

  1. 登录到 Azure 门户Sign in to the Azure portal.

  2. 在左侧,选择“Azure Active Directory” > “用户” > “所有用户” 。On the left, select Azure Active Directory > Users > All users.

  3. 选择要在其上执行操作的用户,然后选择“身份验证方法”。Choose the user you wish to perform an action on and select Authentication methods. 在窗口顶部,为用户选择以下选项之一:At the top of the window, then choose one of the following options for the user:

    • “重置密码”会重置用户的密码并分配一个必须在下次登录时更改的临时密码。Reset Password resets the user's password and assigns a temporary password that must be changed on the next sign-in.

    • “要求重新注册 MFA”在生效后,会请求用户在下次登录时设置一个新的 MFA 身份验证方法。Require Re-register MFA makes it so that when the user signs in next time, they're requested to set up a new MFA authentication method.

      备注

      如果管理员要求用户重新注册 MFA,则不会删除用户当前注册的身份验证方法。The user's currently registered authentication methods aren't deleted when an admin requires re-registration for MFA. 用户重新注册 MFA 后,建议他们查看其安全信息并删除任何以前注册的不再可用的身份验证方法。After a user re-registers for MFA, we recommend they review their security info and delete any previously registered authentication methods that are no longer usable.

    • “撤消 MFA 会话”会清除用户的被系统记住的 MFA 会话,并要求用户下一次登录时执行 MFA。这是设备上的策略要求的。Revoke MFA Sessions clears the user's remembered MFA sessions and requires them to perform MFA the next time it's required by the policy on the device.

    从 Azure 门户管理身份验证方法

删除用户现有的应用密码Delete users existing app passwords

如果需要,可以删除用户创建的所有应用密码。If needed, you can delete all of the app passwords that a user has created. 与这些应用密码关联的非浏览器应用将会停止工作,直到创建新应用密码为止。Non-browser apps that were associated with these app passwords stop working until a new app password is created. 需要“全局管理员”权限才能执行此操作。Global administrator permissions are required to perform this action.

若要删除用户的应用密码,请完成以下步骤:To delete a user's app passwords, complete the following steps:

  1. 登录到 Azure 门户Sign in to the Azure portal.
  2. 在左侧,选择 "Azure Active Directory" > “用户” > “所有用户” 。On the left-hand side, select Azure Active Directory > Users > All users.
  3. 选择“多重身份验证”。Select Multi-Factor Authentication. 可能需要向右滚动才能看到此菜单选项。You may need to scroll to the right to see this menu option. 选择以下示例屏幕截图中所示的选项,以查看完整的 Azure 门户窗口和菜单位置:Select the example screenshot below to see the full Azure portal window and menu location:
  4. 选中要管理的用户或用户旁的框。Check the box next to the user or users that you wish to manage. 右侧会显示快速步骤选项列表。A list of quick step options appears on the right.
  5. 选择“管理用户设置”,然后选中“删除所选用户生成的所有现有应用密码”复选框,如以下示例中所示 :删除所有现有的应用密码Select Manage user settings, then check the box for Delete all existing app passwords generated by the selected users, as shown in the following example: Delete all existing app passwords
  6. 选择“保存”,然后选择“关闭” 。Select save, then close.

后续步骤Next steps

本文介绍了如何配置单个用户设置。This article helped configure individual user settings. 若要配置 Azure 多重身份验证服务设置,请参阅配置 Azure 多重身份验证设置To configure Azure Multi-Factor Authentication service settings, see Configure Azure Multi-Factor Authentication settings

如果用户需要帮助,请参阅 Azure 多重身份验证的用户指南If your users need help, see the User guide for Azure Multi-Factor Authentication.