MFA - Enable via Powershell

%3CLINGO-SUB%20id%3D%22lingo-sub-1585984%22%20slang%3D%22en-US%22%3EMFA%20-%20Enable%20via%20Powershell%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1585984%22%20slang%3D%22en-US%22%3E%3CP%3E_____________________________%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eexisting%20script%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%24auth.RelyingParty%20%3D%20%22*%22%3C%2FP%3E%3CP%3E%24auth.State%20%3D%20%22Enforced%22%3C%2FP%3E%3CP%3E%24auth.RememberDevicesNotIssuedBefore%20%3D%20(Get-Date)%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EImport-Csv%20C%3A%5CCSV%5CMFA_Enabled.csv%20%7C%20Get-MsolUser%20%7C%20Foreach%7B%20Set-MsolUser%20-UserPrincipalName%20%24_.UserPrincipalName%20-StrongAuthenticationRequirements%20%24auth%7D%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E------------------------------------------------------------------------------------------------------------------------------------------------------------------%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eif%20we%20use%20%E2%80%9CEnable%E2%80%9D%20in%20the%20%24auth.State%2C%20can%20this%20script%20be%20enhanced%26nbsp%3B%20to%20include%20checkpoint%2Fverification%20if%20the%20current%20state%20is%20already%20%E2%80%9CEnforced%E2%80%9D%20then%20provide%20prompt%20or%20even%20skip%20that%20particular%20user%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1585984%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EMFA%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Super Contributor

_____________________________

 

existing script:

 

$auth.RelyingParty = "*"

$auth.State = "Enforced"

$auth.RememberDevicesNotIssuedBefore = (Get-Date)


Import-Csv C:\CSV\MFA_Enabled.csv | Get-MsolUser | Foreach{ Set-MsolUser -UserPrincipalName $_.UserPrincipalName -StrongAuthenticationRequirements $auth}

 

------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

if we use “Enable” in the $auth.State, can this script be enhanced  to include checkpoint/verification if the current state is already “Enforced” then provide prompt or even skip that particular user?

0 Replies