Today I needed to delete the software OTP MFA method from over 2000 accounts in Entra ID.
I created a simple script to achieve this and I am sharing it below so it might help you in the future. The script will need a .csv, that file / path you are able to edit. It needs the column header ‘UserPrincipalName’.
In my case I needed to delete ‘SoftwareOathMethod’.
First you will need to connect to the GraphAPI:
# Connect
Connect-MgGraph -Scopes “UserAuthenticationMethod.ReadWrite.All”
# Path to CSV
$csvPath = “C:\Temp\users.csv”
# Read users from CSV.
$users = Import-Csv -Path $csvPath
foreach ($row in $users) {
$upn = $row.UserPrincipalName
Write-Host “Working on user: $upn” -ForegroundColor Cyan
try {
# Get user
$user = Get-MgUser -UserId $upn -ErrorAction Stop
# Get software oauth
$methods = Get-MgUserAuthenticationSoftwareOathMethod -UserId $user.Id -All
if ($methods.Count -eq 0) {
Write-Host “No software OAUTH methods founds” -ForegroundColor Yellow
continue
}
# Delete
foreach ($method in $methods) {
Remove-MgUserAuthenticationSoftwareOathMethod `
-UserId $user.Id `
-SoftwareOathAuthenticationMethodId $method.Id `
-ErrorAction Stop
Write-Host ” Deleted: $($method.Id)” -ForegroundColor Green
}
}
catch {
Write-Host “Error at $upn : $($_.Exception.Message)” -ForegroundColor Red
}
}