Post
Ask Question

How To Enable And Disable MFA Using PowerShell

Introduction

 
In Office 365, multifactor authentication (MFA) is a security feature in which it authenticates whether the user who tries to access the exchange online is the same user who claims the account. MFA use the user's phone number or mobile app to connect the Office 365.
 
Providing the steps below to enable MFA,
 
Step 1
 
To run Office 365 to remote areas you have to get all the policies.
 
If the output is showing unrestricted then set the scope for the current user.
 
Step 2
 
To connect the PowerShell online you have to get the credentials for Office 365
 
Step 3
 
If MSOnline service is not imported in your end then you have to import the service first by using the below command. MSOnline service is use for connecting to office 365
 
Import-Module MSOnline
 
Step 4
 
Now create the authentication object and set the MFA status values.
 
Step 5
 
Then set the MFA
 
For single user,
 
Get-MsolUser -UserPrincipalName $UserName | Set-MsolUser -UserPrincipalName $UserName -StrongAuthenticationRequirements $authentication
 
For multiple user,
 
Get-MsolUser –All | Foreach{ Set-MsolUser -UserPrincipalName $_.UserPrincipalName -StrongAuthenticationRequirements $authentication}
  1. Get-ExecutionPolicy   
  2. Set-ExecutionPolicyUnrestricted–ScopeCurrentUser  
  3. $credential=Get-Credential  
  4. Connect-MsolService–Credential$credential  
  5. $UserName=Read-Host"Enter the username"  
  6. $authentication=New-Object-TypeNameMicrosoft.Online.Administration.StrongAuthenticationRequirement  
  7. $authentication.RelyingParty ="*"  
  8. $authentication.State ="Enabled"  
  9. $authentication.RememberDevicesNotIssuedBefore = (Get-Date)  
  10. Get-MsolUser-UserPrincipalName$UserName|Set-MsolUser-UserPrincipalName$UserName-StrongAuthenticationRequirements$authentication 
After running the script It will ask for credentials. Enter the user name(user must be tenanted administrator)
 
How To Enable And Disable MFA Using PowerShell
 
Enter the username in which you want to enable MFA.
 
Then you can see a successful message.
 
How To Enable And Disable MFA Using PowerShell
 
In the below screenshot you can check the user MFA status.
 
How To Enable And Disable MFA Using PowerShell
 
How to disable MFA using PowerShell
 
If you want to disable the MFA you have to use the below code.
 
Get-MsolUser -UserPrincipalName $UserName | Set-MsolUser -StrongAuthenticationRequirements @ ()