Introduction-In Office 365, multifactor authentication (MFA) is a security feature in which it authenticates whether the user who trying to access the exchange online is the same user who claims the account. MFA use the user’s phone number or mobile app to connect the Office 365.
Providing the steps below to enable MFA.
Step1-To run Office 365 to remote areas you have to get all the policies.
If the output is showing unrestricted then set the scope for the current user.
Step2-To connect the PowerShell online you have to get the credentials for Office 365
Step3-If MSOnline service is not imported in your end then you have to import the service first by using the below command. MSOnline service is use for connecting to office 365
Import-Module MSOnline
Step4-Now create the authentication object and set the MFA status values.
Step5-Then set the MFA
For single user
Get-MsolUser -UserPrincipalName $UserName | Set-MsolUser -UserPrincipalName $UserName -StrongAuthenticationRequirements $authentication
For multiple user
Get-MsolUser –All | Foreach{ Set-MsolUser -UserPrincipalName $_.UserPrincipalName -StrongAuthenticationRequirements $authentication}
Get-ExecutionPolicy
Set-ExecutionPolicy Unrestricted –Scope CurrentUser
$credential = Get-Credential
Connect-MsolService –Credential $credential
$UserName= Read-Host “Enter the username”
$authentication= New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement
$authentication.RelyingParty = “*”
$authentication.State = “Enabled”
$authentication.RememberDevicesNotIssuedBefore = (Get-Date)
Get-MsolUser -UserPrincipalName $UserName | Set-MsolUser -UserPrincipalName $UserName -StrongAuthenticationRequirements $authentication
- After running the script It will ask for credentials. Enter the user name(user must be tenanted administrator)
- Enter the username in which you want to enable MFA.
- Then you can see a successful message.
- In the below screenshot you can check the user MFA status.
How to disable MFA using PowerShell-
If you want to disable the MFA you have to use the below code.
Get-MsolUser -UserPrincipalName $UserName | Set-MsolUser -StrongAuthenticationRequirements @ ()