Forum Discussion

TT_Vert's avatar
TT_Vert
Copper Contributor
Mar 01, 2021

Very basic office 365 powershell MFA question, something has changed

I had a very basic script to enable MFA, set SMS as default and define phone #.  It worked great until recently.  Now it will enable MFA but when the user attempted to log in  for the first time MFA does not even attempt to send a text and gives the error shown below instantly.  I tried a different tenant and created an entire new account as a test just to see if I was missing something.  I compared user details between a working and non working MFA account and the only difference was the line "StrongAuthenticationUserDetails" but that may have just been due to the user not verifying # and logging  in yet.  The user i compared with had "Microsoft.Online.Administration.StrongAuthenticationUserDetails" in that field.   May be a red herring but i'm not sure at this point.

Thanks
Dave

 
 

 

 

#Ensure to Connect-MsolService as tenant admin first (365admin@), WILL NOT work using delegate permissions.
#This will prompt for email and phone #.  It will then enable MFA, add a phone # and default to SMS for approval.

$User = Read-Host -Prompt 'User email address'
$mobilenumber ="+1 " + (Read-Host -Prompt 'User cell phone')
Set-MsolUser -UserPrincipalName $user -MobilePhone $mobilenumber

#enforce MFA
$st = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement
$st.RelyingParty = "*"
$st.State = “Enabled”
$sta = @($st)

#Enable MFA for the user
Set-MsolUser -UserPrincipalName $user -StrongAuthenticationRequirements $sta

#Set SMS as default MFA method (Thanks GZ)
$m1=New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationMethod
$m1.IsDefault = $true
$m1.MethodType="OneWaySMS"
$m=@($m1)

#Set SMS as default 
set-msoluser -Userprincipalname "$user" -StrongAuthenticationMethods $m

#Display new mobile #
Get-MsolUser -UserPrincipalName $user | fl MobilePhone


 

 

 

 

No RepliesBe the first to reply

Resources