Forum Discussion

Khaled_Shyiab's avatar
Khaled_Shyiab
Copper Contributor
Sep 11, 2020

Powershell Cmdlets that checks MFA Status

Does any one know if there are Powershell Cmdlet that checks if MFA is disabled and phone number is registered under authentication methods.

If both conditions are met, then it enables or enforce MFA ?

MFA

2 Replies

  • alexandertuvstrom's avatar
    alexandertuvstrom
    Brass Contributor
    Sep 14, 2020

    Khaled_Shyiab 

    something like this should work

     

    ----- Script -----

    Import-Module -Name MSOnline

    Connect-MsolService

     

    $EligibleUsers  = Get-MsolUser -All | Where-Object -FilterScript {$_.MobilePhone -and -not $_.StrongAuthenticationMethods}   

     

    foreach ($User in $EligibleUsers)

    {

            $SAM = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationMethod

            $SAM.IsDefault  = $true

            $SAM.MethodType = "OneWaySMS"

            Set-MsolUser -ObjectID $User.ObjectId -StrongAuthenticationMethods $SAM

     

        Write-Output "Set SMS MFA for user '($($User.UserPrincipalName))' to '$($User.MobilePhone)'"

    } 

     

    ----- Script End -----

  • ChristianBergstrom's avatar
    ChristianBergstrom
    Silver Contributor
    Sep 11, 2020

    Khaled_Shyiab Hi, take a look at these.

     

    Reporting MFA-Enabled Accounts
    https://office365itpros.com/2018/11/21/reporting-mfa-enabled-accounts/ 

     

    Export Office 365 Users MFA Status to CSV using PowerShell

    https://gallery.technet.microsoft.com/office/Export-Office-365-Users-81747c73 

Resources