Sep 11 2020 01:31 AM
Does any one know if there are Powershell Cmdlet that checks if MFA is disabled and phone number is registered under authentication methods.
If both conditions are met, then it enables or enforce MFA ?
Sep 11 2020 02:32 AM
@Khaled_Shyiab Hi, take a look at these.
Reporting MFA-Enabled Accounts
https://office365itpros.com/2018/11/21/reporting-mfa-enabled-accounts/
Export Office 365 Users MFA Status to CSV using PowerShell
https://gallery.technet.microsoft.com/office/Export-Office-365-Users-81747c73
Sep 14 2020 03:25 PM
something like this should work
----- Script -----
Import-Module -Name MSOnline
Connect-MsolService
$EligibleUsers = Get-MsolUser -All | Where-Object -FilterScript {$_.MobilePhone -and -not $_.StrongAuthenticationMethods}
foreach ($User in $EligibleUsers)
{
$SAM = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationMethod
$SAM.IsDefault = $true
$SAM.MethodType = "OneWaySMS"
Set-MsolUser -ObjectID $User.ObjectId -StrongAuthenticationMethods $SAM
Write-Output "Set SMS MFA for user '($($User.UserPrincipalName))' to '$($User.MobilePhone)'"
}
----- Script End -----