Post
Ask Question

MFA (Multi Factor Authentication) Authentication Using PowerShell In SharePoint Online

These days, authentication is one of the most important factors in the cloud environment. Many organizations are utilizing SharePoint Online as their Content Management System. It is their basic requirement that delicate information does not slip into bad hands. Therefore, Multi-Factor Authentication for Office 365 becomes possibly the most important factor. Multi-factor authentication is a two-step process. In addition to passwords, users are expected to acknowledge a phone call/ text message to complete the verification process. One can enable Multi-Factor Authentication by following these steps.

Navigate to the Admin Portal through this link

https://admin.microsoft.com/Adminportal

MFA (Multi Factor Authentication) Authentication Using PowerShell In SharePoint Online

Select the "Active Users" tab.

MFA (Multi Factor Authentication) Authentication Using PowerShell In SharePoint Online

Select a user. A new window will open.

MFA (Multi Factor Authentication) Authentication Using PowerShell In SharePoint Online

Click on the "Manage multi-factor authentication" link from more settings.

MFA (Multi Factor Authentication) Authentication Using PowerShell In SharePoint Online

Check on the user account for which you want to enable MFA and select the "Enable" option.

MFA (Multi Factor Authentication) Authentication Using PowerShell In SharePoint Online

Or, open the admin center with the user for which you want to enable MFA authentication. Navigate to here.

MFA (Multi Factor Authentication) Authentication Using PowerShell In SharePoint Online

From the above figure, you can see we have successfully enabled multi-factor authentication for the user named “test”.

In our blog, we will see how to work with MFA authentication using PowerShell. Basically, we provide the user's username and password credentials in the PowerShell script to retrieve the client context object. If we will use the same procedure with MFA to enable user account, it will show an exception while executing the client context.

"Execute Query" with "0" argument(s): "The sign-in name or password does not match one in the Microsoft
account system."'
In MFA authentication, we use $authManager.GetWebLoginClientContext to retrieve the context. Executing this line opens the authentication window and asks for login credentials and acknowledged call/ text message to verify authentication from the script.

Note
Make sure you have installed the latest version of SharePoint, i.e., SharePointPnPPowerShellOnline.msi in your system and added all the dlls of latest versions. You can download the OfficeDevPnP.Core.dll,Microsoft.IdentityModel.Clients.ActiveDirectory.dll package from these links.

  • https://www.nuget.org/packages/SharePointPnPCoreOnline/2.26.1805.1
  • https://www.nuget.org/packages/Microsoft.IdentityModel.Clients.ActiveDirectory/2.29.0

Download the packages, rename that (add .zip extension with it), and save. Extract it to use the dlls in scripts.

In this blog, we are going to create a custom list with MFA authentication.

The code block for this is mentioned below.
  1. try {  
  2.     $SiteURL = "http://portal/sites/site1"  
  3.     $ListTitle = "NewList" [System.Reflection.Assembly]::LoadFrom("C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\ISAPI\Microsoft.SharePoint.Client.dll")[System.Reflection.Assembly]::LoadFrom("C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\ISAPI\Microsoft.SharePoint.Client.Runtime.dll")[System.Reflection.Assembly]::LoadFrom("C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\ISAPI\Microsoft.IdentityModel.Clients.ActiveDirectory.dll")[System.Reflection.Assembly]::LoadFrom("C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\ISAPI\OfficeDevPnP.Core.dll")  
  4.     $authManager = new - object OfficeDevPnP.Core.AuthenticationManager;  
  5.     $Context = $authManager.GetWebLoginClientContext($SiteURL);#  
  6.     Retrieve lists  
  7.     $Lists = $Context.Web.Lists  
  8.     $Context.Load($Lists)  
  9.     $Context.ExecuteQuery()# Create list with "custom"  
  10.     list template  
  11.     $ListInfo = New - Object Microsoft.SharePoint.Client.ListCreationInformation  
  12.     $ListInfo.Title = $ListTitle  
  13.     $ListInfo.TemplateType = "100"  
  14.     $List = $Context.Web.Lists.Add($ListInfo)  
  15.     $List.Description = "new list description"  
  16.     $List.Update()  
  17.     $Context.ExecuteQuery()  
  18. catch {  
  19.     Write - Host - ForegroundColor Red 'Error '':'  
  20.     $Error[0].ToString();  
  21.     sleep 10  
  22. }  

After the code is executed, a custom list is created successfully in the SharePoint site.

MFA (Multi Factor Authentication) Authentication Using PowerShell In SharePoint Online
Next Recommended Reading Add And Manipulate Modern SharePoint Page Using PnP PowerShell