Feb 10 2019 09:18 AM - edited Feb 10 2019 09:26 AM
I have several scripts to edit user profile fields through Powershell without active MFA.
Sure I can have a user with a complex password outside MFA but I don't want that.
Can anyone point me to one script that works with MFA?
It's a sharepoint online system.
Thanks a lot,
Nuno
Feb 10 2019 09:24 AM
Your title doesn't really match the post content, so can you clarify what exactly you are trying to do? If the idea is to be able to run some scripts while bypassing MFA, you can configure a Trusted IP/Named location: https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/quickstart-configure-name...
Or enforce MFA via CA policy, with exception for the particular user account. Or use a service principal instead.
Feb 10 2019 09:35 AM
Sorry for the title, i've corrected it (it was the site's autosuggestion and I didn't noticed it had changed).
Thanks for your reply, I'll look into your suggestions, I really didn't knew about service principals but it seems a good alternative. It's a similar principle as MFA app passwords?
Trusted IP/Named location could also be a solution but it opens some internal security backdoors.
Nuno