Forum Discussion
Very basic office 365 powershell MFA question, something has changed
I had a very basic script to enable MFA, set SMS as default and define phone #. It worked great until recently. Now it will enable MFA but when the user attempted to log in for the first time MFA does not even attempt to send a text and gives the error shown below instantly. I tried a different tenant and created an entire new account as a test just to see if I was missing something. I compared user details between a working and non working MFA account and the only difference was the line "StrongAuthenticationUserDetails" but that may have just been due to the user not verifying # and logging in yet. The user i compared with had "Microsoft.Online.Administration.StrongAuthenticationUserDetails" in that field. May be a red herring but i'm not sure at this point.
Thanks
Dave
#Ensure to Connect-MsolService as tenant admin first (365admin@), WILL NOT work using delegate permissions.
#This will prompt for email and phone #. It will then enable MFA, add a phone # and default to SMS for approval.
$User = Read-Host -Prompt 'User email address'
$mobilenumber ="+1 " + (Read-Host -Prompt 'User cell phone')
Set-MsolUser -UserPrincipalName $user -MobilePhone $mobilenumber
#enforce MFA
$st = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement
$st.RelyingParty = "*"
$st.State = “Enabled”
$sta = @($st)
#Enable MFA for the user
Set-MsolUser -UserPrincipalName $user -StrongAuthenticationRequirements $sta
#Set SMS as default MFA method (Thanks GZ)
$m1=New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationMethod
$m1.IsDefault = $true
$m1.MethodType="OneWaySMS"
$m=@($m1)
#Set SMS as default
set-msoluser -Userprincipalname "$user" -StrongAuthenticationMethods $m
#Display new mobile #
Get-MsolUser -UserPrincipalName $user | fl MobilePhone