cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Powershell Cmdlets that checks MFA Status

Khaled_Shyiab
Copper Contributor

‎Sep 11 2020 01:31 AM

‎Sep 11 2020 01:31 AM

Powershell Cmdlets that checks MFA Status

Does any one know if there are Powershell Cmdlet that checks if MFA is disabled and phone number is registered under authentication methods.

If both conditions are met, then it enables or enforce MFA ?

Labels:
4,157 Views
0 Likes
2 Replies
Reply
2 Replies
ChristianBergstrom

‎Sep 11 2020 02:32 AM

‎Sep 11 2020 02:32 AM

Re: Powershell Cmdlets that checks MFA Status

@Khaled_Shyiab Hi, take a look at these.

 

Reporting MFA-Enabled Accounts
https://office365itpros.com/2018/11/21/reporting-mfa-enabled-accounts/ 

 

Export Office 365 Users MFA Status to CSV using PowerShell

https://gallery.technet.microsoft.com/office/Export-Office-365-Users-81747c73 

0 Likes
Reply
alexandertuvstrom

‎Sep 14 2020 03:25 PM

‎Sep 14 2020 03:25 PM

Re: Powershell Cmdlets that checks MFA Status

@Khaled_Shyiab 

something like this should work

 

----- Script -----

Import-Module -Name MSOnline

Connect-MsolService

 

$EligibleUsers  = Get-MsolUser -All | Where-Object -FilterScript {$_.MobilePhone -and -not $_.StrongAuthenticationMethods}   

 

foreach ($User in $EligibleUsers)

{

        $SAM = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationMethod

        $SAM.IsDefault  = $true

        $SAM.MethodType = "OneWaySMS"

        Set-MsolUser -ObjectID $User.ObjectId -StrongAuthenticationMethods $SAM

 

    Write-Output "Set SMS MFA for user '($($User.UserPrincipalName))' to '$($User.MobilePhone)'"

} 

 

----- Script End -----

0 Likes
Reply