Articles in this section

See more
Print

Text File | Delete Authentication Methods (re-register MFA) rule

Avatar
Tatiana Golubovich
  • Updated
Follow

Rule description

This rule queries the list of users specified in a text file and for each user deletes existing registered authentication methods. 

Note: CSV-file should be in UTF-8 format in case of using letters with an accent: á, ä, é, í, ö, ü and etc.

 

When to use this rule

Use this rule when you need to delete authentication methods for users that are specified in the CSV file.

This rule requires a source text file in the comma-separated variable format (CSV). You can use the template CSV files provided with the rule, or create a file in Microsoft Excel and export it as CSV.

To use a template CSV file: 

  1. In the Query section, click the [...] button next to the Select Data Source setting.

  2. Open Templates folder.

  3. Depending on the Account source system, select Enforce Office 365 License (Hybrid) or Enforce Office 365 License (Microsoft 365) CSV file.
  4. Click Open

The Query's source text file requires the following CSV (comma-separated value) format:

Hybrid users:

UserPrincipalName,DistinguishedName,SamAccountName,ObjectGuid
Joe.Smith@domain.com,"CN=Joe Smith,OU=IT,DC=domain,DC=com",jsmith,dd16cabd-b1a6-4fc4-b5b6-d86d8d8fca9e
Kelly.Jones@domain.com,"CN=Kelly Jones,OU=IT,DC=domain,DC=com",kjones,84da7c1e-69f8-48d9-afae-cc61bbf85be2

 

Microsoft 365 users:

UserPrincipalName,ObjectGuid
Joe.Smith@domain.com,dd16cabd-b1a6-4fc4-b5b6-d86d8d8fca9e
Kelly.Jones@domain.com,84da7c1e-69f8-48d9-afae-cc61bbf85be2

 

Rule Settings

Query Section

Setting name Description

Select data source

Specifies the text file to be imported.

The […] button allows the user to browse for the file and the Create/Edit button allows the creation or editing of the existing file in the built-in Data Source editor.

If you need to enforce licenses to hybrid users use Enforce Office 365 License (Hybrid) - Template.csv.

If you need to enforce licenses to Microsoft 365 users use Enforce Office 365 License (Microsoft 365) - Template.csv.

Data source anchor attribute

Select a column in the data source that contains the attribute value for identifying and mapping a user like UserPrincipalName.

Account source system

Select the source system of the accounts listed in the CSV file: Hybrid or Microsoft 365.

User anchor attribute

Automap searches for a user using the standard identity attribute DistinduishedName, UserPrincipalName, and ObjectGUID.

Select a custom attribute if your users are identified by a different attribute.

Note: Microsoft best practices assume the Active Directory and Office 365/Azure AD UPNs will match. 

More Options

 

Filter CSV data

This setting specifies the filter that can remove data rows from the imported text file that satisfies the specific condition.

Properties to display

To display additional properties for each object found by the query, add those properties to the list.

Filter Office 365 users

To hide unwanted data set the filtering conditions here.

Initialization script

 

Script

Usually, rules use query criteria to limit the query search scope. It improves the performance of the executed rule.

Due to PowerShell limitations, it is not possible to use calculated expressions in query criteria. That is the point where the initialization script can help. You can initialize a global variable in this setting and then use it in query criteria.

Important: To use a variable, declared in the initialization script, in the query scope, it must be global: $global:<variable name>.

Example: Update AD users, created in the last ten days.

  1. Add this initialization script:
{$global:DatePeriod = (Get-Date).AddDays(-10)}
  1. Use $DatePeriod variable in the query criteria builder:

 

Action Section

Setting name Description
Delete authentication methods

Specify which authentication methods should be deleted.

Note: Deleting all methods will require the user to re-register an MFA sign-in method.
Sign-out of MS 365 sessions Specify if signing a user out of all Microsoft 365 sessions. 

 

 

Output Section

This section defines the output format of this rule.

Please see the Output section article to get more information about this section.

 

Enforce/Schedule section

This section defines the schedule for how often to run the rule.

To get more information about this section, please see the Enforce/Schedule section article.

 

 Change History

Version Notes
10.1.0 The rule has been introduced in the product.

 

Related articles

Comments

0 comments

Please sign in to leave a comment.