This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 62%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVS%3C/text%3E%3C/svg%3E)
Hi,
I'm trying to understand the difference between revoke sessions option in a user overview page and revoke mfa authentication sessions option under authentication methods.
From testing, revoke sessions will sign a user out from all devices and require them to sign back in to resume access.
I assume revoke mfa authentication sessions will require them to provide mfa the next time they try to sign in to an app that needs mfa even if they have previously provided it.
Is this correct?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 45%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAV%3C/text%3E%3C/svg%3E)
Hi @Vuy Si
Following up to see if the below suggestion was helpful. And, if you have any further query do let us know.
Hi @Vuy Si
Following up to see if the below suggestion was helpful. And, if you have any further query do let us know.
Correct. Revoking MFA sessions will simply require them to do MFA again on apps that require it
https://learn.microsoft.com/en-us/entra/identity/authentication/howto-mfa-userdevicesettings
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 95%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAH%3C/text%3E%3C/svg%3E)
If you hit "revoke sessions" for a user, I understand that it requires them to sign back in. But at this next sign-in, will it also prompt them for MFA? i.e. does "revoke sessions" effectively include "revoke MFA sessions" or would the user only need to provide a password?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 6%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMG%3C/text%3E%3C/svg%3E)
Hi,
this clarification was very helpful.
I have a question, I need to revoke MFA session for all tenant users massively, I tried searching but I can't find a powershell command to be able to do it in one go for all users, to avoid having to do it by hand one by one, can someone help me to understand what powershell command I should use?