Enforce MFA using CSV



Step 1. Connect-MsolService

Step 2. Run the following commands.
$auth = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement
$auth.RelyingParty = "*"

Step 3. Choose the MFA State.
You can choose between "Enabled" and "Enforced"
$auth.State = "Enabled"

Step 4: Choose the date.
Any devices issued for a user before this date would require MFA setup. Normally, we would select the date of running the command.
$auth.RememberDevicesNotIssuedBefore = (Get-Date)

Step 5. Activate MFA.

For one user
Set-MsolUser -UserPrincipalName <UserPrincipalName> -StrongAuthenticationRequirements $auth

Using CSV- Create a CSV with column UserPrincipalName and place users under this column.
Import-Csv C:\RAhul\userMFA.csv | Get-MsolUser | Foreach{ Set-MsolUser -UserPrincipalName $_.UserPrincipalName -StrongAuthenticationRequirements $auth}

Comments

  1. Hi, is there a way to enhance the script to include checkpoint/verification if the current state is already “Enforced” then provide prompt or skip that particular user

    ReplyDelete
  2. Greate, simple and objective! nice!

    ReplyDelete

Post a Comment

Popular Posts