How to enable and disable MFA using PowerShell

Introduction-In Office 365, multifactor authentication (MFA) is a security feature in which it authenticates whether the user who trying to access the exchange online is the same user who claims the account. MFA use the user’s phone number or mobile app to connect the Office 365.

Providing the steps below to enable MFA.

 

Step1-To run Office 365 to remote areas you have to get all the policies.

If the output is showing unrestricted then set the scope for the current user.

Step2-To connect the PowerShell online you have to get the credentials for Office 365

Step3-If MSOnline service is not imported in your end then you have to import the service first by using the below command. MSOnline service is use for connecting to office 365

Import-Module MSOnline

Step4-Now create the authentication object and set the MFA status values.

Step5-Then set the MFA

For single user

Get-MsolUser -UserPrincipalName $UserName | Set-MsolUser -UserPrincipalName $UserName -StrongAuthenticationRequirements $authentication

 

For multiple user

Get-MsolUser –All | Foreach{ Set-MsolUser -UserPrincipalName $_.UserPrincipalName -StrongAuthenticationRequirements $authentication}

 

Get-ExecutionPolicy

Set-ExecutionPolicy Unrestricted –Scope CurrentUser

$credential = Get-Credential

Connect-MsolService –Credential $credential

 

$UserName= Read-Host “Enter the username”

 

$authentication= New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement

$authentication.RelyingParty = “*”

$authentication.State = “Enabled”

$authentication.RememberDevicesNotIssuedBefore = (Get-Date)

 

Get-MsolUser -UserPrincipalName $UserName | Set-MsolUser -UserPrincipalName $UserName -StrongAuthenticationRequirements $authentication

 

  • After running the script It will ask for credentials. Enter the user name(user must be tenanted administrator)

  • Enter the username in which you want to enable MFA.
  • Then you can see a successful message.

  • In the below screenshot you can check the user MFA status.

How to disable MFA using PowerShell-

If you want to disable the MFA you have to use the below code.

 

Get-MsolUser -UserPrincipalName $UserName | Set-MsolUser -StrongAuthenticationRequirements @ ()

Leave a Reply

Your email address will not be published. Required fields are marked *