Working closely with nonprofits every day, I often come across a common challenge faced by MFA users. Recently, I worked with a nonprofit leader who faced an issue after getting a new phone. She was unable to authenticate into her Microsoft 365 environment because her MFA setup was tied to her old device. This experience highlighted how important it is to have a process in place for MFA re-registration. Without it, even routine changes like upgrading a phone can disrupt access to your everyday tools and technologies, delaying important work such as submitting a grant proposal.
Why MFA is Essential for Nonprofits
Before we discuss how to reset MFA, let’s take a step back and discuss why MFA is a necessity for nonprofits the way it is important for any organization.
In the nonprofit world, protecting sensitive or confidential data—like donor information, financial records, and program details—is a top priority. One of the best ways to step up your security game is by using Multi-Factor Authentication (MFA). MFA adds an extra layer of protection on top of passwords by requiring something you have (like a mobile app or text message) or something you are (like a fingerprint). This makes it a lot harder for cybercriminals to get unauthorized access.
If your nonprofit uses Azure Active Directory (AAD), or Microsoft Entra (as it is now called), with Microsoft 365, MFA can make a big difference in keeping your work safe. Since Microsoft Entra is built to work together with other Microsoft tools, it’s easy to set up and enforce secure sign-in methods across your whole organization. To make sure this added protection stays effective, it’s a good idea to occasionally ask users to update how they verify their identity.
What Does MFA Re-Registration Mean for Nonprofits?
MFA re-registration is just a fancy way of saying users need to update or reset how they authenticate, or verify, themselves. This might mean setting up MFA on a new phone (like the woman in the scenario above), adding an extra security option (like a hardware token), or simply confirming their existing setup. It’s all about making sure the methods and devices your users rely on for MFA are secure and under their control.
When and Why Should Nonprofits Require MFA Re-Registration?
Outside of getting a new phone, there may be other situations that raise cause for reason to re-register your MFA. A few scenarios include:
- Lost or Stolen Devices: Similar to the scenario above, if someone loses their phone or it gets stolen, you will have to re-register the new device.
- Role Changes: If someone’s responsibilities change, their MFA setup can be adjusted to match their new access needs.
- Security Enhancements: Organizations may require users to re-register for MFA to adopt more secure authentication methods, such as moving from SMS-based MFA to an app-based MFA like Microsoft Authenticator
- Policy Updates: When an organization updates its security policies, it might require all users to re-register for MFA to comply with new standards
- Account Compromise: If there is a suspicion that an account has been compromised, re-registering for MFA can help secure the account by ensuring that only the legitimate user has access
With Microsoft Entra, managing MFA re-registration is straightforward and can be done with an administrator to the organization’s tenant.
How to require re-registration of MFA
To reset or require re-registration of MFA in Microsoft Entra, please follow the steps below.
- Navigate to portal.azure.com with your nonprofit admin account.
- Select Microsoft Entra ID
- Select the drop-down for Manage
- In the left-hand menu bar select Users > Select the user's name that you want to reregister to MFA (not shown).
- Once in their profile, select Manage MFA authentication methods
- Select Require re-register multifactor authentication
Congratulations! The user will now be required to re-register the account in the Microsoft Authentication app.
Updated Jan 13, 2025
Version 1.0
KenelleMoore
Microsoft
Microsoft
