cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

PowerShell to temporarily Disable Azure MFA (while remembering settings)

Brent Ellis
Silver Contributor

‎May 24 2018 06:54 AM - last edited on ‎Jan 14 2022 05:24 PM by

‎May 24 2018 06:54 AM - last edited on ‎Jan 14 2022 05:24 PM by

PowerShell to temporarily Disable Azure MFA (while remembering settings)

We occasionally need to disable MFA temporarily for users, only to turn it back on again after a short period of time.

 

We have scripts to enable it, but the following script to DISABLE MFA.

 

$sta = @()
Set-MsolUser -UserPrincipalName $user -StrongAuthenticationRequirements $sta

 

The problem is it also "forgets" all of the user's configurations and forces them to re-setup everything again.

 

Is there a way to DISABLE MFA without forgetting the user's settings?

 

This is what we use to enable:

 

$st = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement
$st.RelyingParty = "*"
$st.State = "Enforced"
$sta = @($st)
Set-MsolUser -UserPrincipalName $user -StrongAuthenticationRequirements $sta

8,654 Views
0 Likes
1 Reply
Reply
1 Reply
Mitch King

‎Jun 03 2018 10:50 PM

‎Jun 03 2018 10:50 PM

Re: PowerShell to temporarily Disable Azure MFA (while remembering settings)

What information is forgotten? can you write it into a different attribute then delete and pull it back in when re-enabling?

0 Likes
Reply