When you delete the device history, the user's devices become unregistered, and the user is required to provide identity confirmation the next time the user tries to access an RBA-protected resource.
RSA recommends that you delete a user's device history if the user reports a device as lost or stolen. You might also want to delete a user's device history if it contains devices that are no longer in use, or if the user mistakenly chooses to register a device that is public or shared.
In the Security Console, click Authentication > Risk-Based Authentication > Manage Enabled Users.
Use the search fields to find the user whose device history that you want to delete.