Forum Discussion
Solved
Powershell CMDlets for MFA Settings?
Does anyone know if there are Powershell Cmdlets available to allow inspection of a user's MFA settings related to which verification options were configured and which option is considered primary? I...
You have the information in the Get-MSolUser cmdlet from MSOnline powershell module:
Connect-MsolService $User = Get-MSolUser -UserPrincipalName user@domain.com
$User.StrongAuthenticationMethodsWith that you get the default authentication method. There are other properties beginning by StrongAuthentication that give you other details
I Found A solution to this :)
Not a one time bypass, but require user to re-register at next sign-in
# /MWU
# First connect to your tenant (as you use to do it)
# Output from my connect tenant function
# cat function:Connect-O365-PROD
# Actual Connect-O365-PROD function
Get-PSSession | Remove-PSSession
$PROD365Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell-liveid -Credential $PRODAdminCred -Authentication Basic -AllowRedirection
#Use this if you import scriptfunctions from remote server, i only load remote script in my $profile
Import-Module (Import-PSSession $PROD365Session -AllowClobber) -global
Connect-MsolService -Credential $PRODAdminCred
##################Forget above if you are Pro :)#######################################
#Selected user in cloud
$Userpricipalname = "abc@org.com"
#Get settings for a user with exsisting auth data
$User = Get-MSolUser -UserPrincipalName $Userpricipalname
# Viewing default method
$User.StrongAuthenticationMethods
# Creating custom object for default method (here you just put in $true insted of $false, on the prefeered method you like)
$m1=New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationMethod
$m1.IsDefault = $false
$m1.MethodType="OneWaySMS"
$m2=New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationMethod
$m2.IsDefault = $false
$m2.MethodType="TwoWayVoiceMobile"
$m3=New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationMethod
$m3.IsDefault = $false
$m3.MethodType="PhoneAppOTP"
$m4=New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationMethod
$m4.IsDefault = $True
$m4.MethodType="PhoneAppNotification"
# To set the users default method for doing second factor
#$m=@($m1,$m2,$m3,$m4)
# To force user ONLY to re-register without clearing their phonenumber or App shared secret.
$m=@()
# Set command to define new settings
set-msoluser -Userprincipalname $user.UserPrincipalName -StrongAuthenticationMethods $m
#Settings should be empty, and user is required to register new phone number or whatever they like, i case they lost their phone.
$User = Get-MSolUser -UserPrincipalName $Userpricipalname
$User.StrongAuthenticationMethods
Do we have option to change the Phone number under Authentication tab from powershell ?
No Sadly there still no powershell way to update the Authentication Phone / info directly. ManishKKutty
Se the uservoice here: