PowerShell to temporarily Disable Azure MFA (while remembering settings)

Valued Contributor

We occasionally need to disable MFA temporarily for users, only to turn it back on again after a short period of time.


We have scripts to enable it, but the following script to DISABLE MFA.


$sta = @()
Set-MsolUser -UserPrincipalName $user -StrongAuthenticationRequirements $sta


The problem is it also "forgets" all of the user's configurations and forces them to re-setup everything again.


Is there a way to DISABLE MFA without forgetting the user's settings?


This is what we use to enable:


$st = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement
$st.RelyingParty = "*"
$st.State = "Enforced"
$sta = @($st)
Set-MsolUser -UserPrincipalName $user -StrongAuthenticationRequirements $sta

1 Reply

What information is forgotten? can you write it into a different attribute then delete and pull it back in when re-enabling?