Enable/Disable per-user MFA with Microsoft graph powershell SDK

Enable/Disable per-user MFA with Microsoft graph powershell SDK
7

Upvotes

Upvote

 Jan 10 2022
2 Comments (2 New)
New

Hello,

The equivalent to enable / disable per-user MFA using Microsoft graph powershell SDK:

Create the StrongAuthenticationRequirement Object

$sa = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement
$sa.RelyingParty = "*"
$sa.State = "Enabled"
$sar = @($sa)

Enable MFA for the user

Set-MsolUser -UserPrincipalName $user -StrongAuthenticationRequirements $sar

Regards,

Comments
Occasional Visitor

As a backup product, it is a security hole if we do not restore the MFA settings. With the deprecation of Basic Authentication, there is no way to restore MFA settings if they were previously set on the object being restored.   It makes sense that this ability is further restricted to backup products only to ensure no additional exposure while still maintaining security during a restore operation.

New Contributor

We need this feature ASAP.

Not everyone has Conditional Access Configured. (Business Premium License required)

Security defaults also cannot be used in combination with a Breakglass Account...