Forum Discussion
Khaled_Shyiab
Sep 11, 2020Copper Contributor
Powershell Cmdlets that checks MFA Status
Does any one know if there are Powershell Cmdlet that checks if MFA is disabled and phone number is registered under authentication methods.
If both conditions are met, then it enables or enforce MFA ?
- alexandertuvstromBrass Contributor
something like this should work
----- Script -----
Import-Module -Name MSOnline
Connect-MsolService
$EligibleUsers = Get-MsolUser -All | Where-Object -FilterScript {$_.MobilePhone -and -not $_.StrongAuthenticationMethods}
foreach ($User in $EligibleUsers)
{
$SAM = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationMethod
$SAM.IsDefault = $true
$SAM.MethodType = "OneWaySMS"
Set-MsolUser -ObjectID $User.ObjectId -StrongAuthenticationMethods $SAM
Write-Output "Set SMS MFA for user '($($User.UserPrincipalName))' to '$($User.MobilePhone)'"
}
----- Script End -----
- ChristianBergstromSilver Contributor
Khaled_Shyiab Hi, take a look at these.
Reporting MFA-Enabled Accounts
https://office365itpros.com/2018/11/21/reporting-mfa-enabled-accounts/Export Office 365 Users MFA Status to CSV using PowerShell
https://gallery.technet.microsoft.com/office/Export-Office-365-Users-81747c73