Forum Discussion
Re: Powershell CMDlets for MFA Settings?
Hi, is there a way to remove the authentication once it's set?
If I by accident enable this on a user, the user is unable to remove the authentication method within Office 365, since it does require minimum one selection.
As shown in your screen shot, those won't appear on a user account that haven't been enabled.
Kind Regards,
Kaspar D.
2 Replies
Kaspar_Danielsen The simplest method is via portal.azure.com. Navigate to Azure Active Directory->Users, then click Multi-Factor Authentication in the upper menu bar. Search for the username, then select it. You can then click Disable under "quick steps".
If you're using Conditional Access policies to enforce MFA, then the settings above are not used. In this case, you can remove MFA via PowerShell:
#Connect to Azure ADConnect-MsolService#Disable MFA for a user $mfa = @() Set-MsolUser -UserPrincipalName User@domain.com -StrongAuthenticationRequirements $mfa
Hi Gary,
Thank you for taking the time to answer my question.
I'm connected and ran the command. It accepted it, but both options for SMS and Call is still listed. In other words, it didn't make a change for some reason.
I don't use this command or use Office 365 to enable/disable MFA.
Set-MsolUser -UserPricipalName mailto:User@domain.com -StrongAuthenticationRequirements $mfa
When you run this command, it does show 2 or more options for SMS/Call/App etc. I wish to erase those with a command line, since it's not possible to do that manually in the users profile.
$User = Get-MSolUser -UserPrincipalName mailto:User@domain.com
$User.StrongAuthenticationMethodsKind Regards,
Kaspar Danielsen
