When you delete the device history, the user's devices become unregistered, and the user is required to provide identity confirmation the next time the user tries to access an RBA-protected resource.
RSA recommends that you delete a user's device history if the user reports a device as lost or stolen. You might also want to delete a user's device history if it contains devices that are no longer in use, or if the user mistakenly chooses to register a device that is public or shared.
In the Security Console, click Authentication > Risk-Based Authentication > Manage Enabled Users.
Use the search fields to find the user whose device history that you want to delete.
Click the user, and click Delete Device History.
Click OK to confirm the deletion.