How does one enable, disable, and reset a user’s MFA in Office 365? I was surprised by how much is required for enabling MFA.
Enable MFA
The first thing we do is Get the User from the Get-MsolUser.
1 | $user = Get-MsolUser -UserPrincipalName $UPN |
Next, we create a Strong Authentication object using the New-Object.
1 | $SAR = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement |
Now the object is created, you can review the object by using the Get-Member command. This object has 4 properties and 4 methods. We can now edit the properties. We will edit the RelyingParty and state.
1 2 | $sar.RelyingParty = "*"$sar.State = "Enabled" |
Now we place the edited items into the user’s account.
1 2 | $sarobject = @($sa)Set-MsolUser -UserPrincipalName $user.Userprincipalname -StrongAuthenticationRequirements $sarobject |
The Script
1 2 3 4 5 | $user = Get-MsolUser -UserPrincipalName $UPN$SAR = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequiremen $sar.RelyingParty = "*"$sar.State = "Enabled"$sarobject = @($sa)Set-MsolUser -UserPrincipalName $user.Userprincipalname -StrongAuthenticationRequirements $sarobjec |
Disable MFA
Disabling MFA is extremely easy compared to enabling it. It’s as simple as putting a blank object inside the strong authentication requirements flag.
1 | Set-MsolUser -UserPrincipalName $user.Userprincipalname -StrongAuthenticationRequirements @() |
Reset MFA
The last one is to reset the MFA. Microsoft created a commandlet just for this case. The command is Reset-MsolStrongAuthenticationMethodByUpn.
1 | Reset-MsolStrongAuthenticationMethodByUpn -UserPrincipalName $user.Userprincipalname |
I hope this helps out.
Trackbacks/Pingbacks