Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

PowerShell to temporarily Disable Azure MFA (while remembering settings)

Silver Contributor

We occasionally need to disable MFA temporarily for users, only to turn it back on again after a short period of time.

 

We have scripts to enable it, but the following script to DISABLE MFA.

 

$sta = @()
Set-MsolUser -UserPrincipalName $user -StrongAuthenticationRequirements $sta

 

The problem is it also "forgets" all of the user's configurations and forces them to re-setup everything again.

 

Is there a way to DISABLE MFA without forgetting the user's settings?

 

This is what we use to enable:

 

$st = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement
$st.RelyingParty = "*"
$st.State = "Enforced"
$sta = @($st)
Set-MsolUser -UserPrincipalName $user -StrongAuthenticationRequirements $sta

1 Reply

What information is forgotten? can you write it into a different attribute then delete and pull it back in when re-enabling?