May 24 2018
06:54 AM
- last edited on
Jan 14 2022
05:24 PM
by
TechCommunityAP
May 24 2018
06:54 AM
- last edited on
Jan 14 2022
05:24 PM
by
TechCommunityAP
We occasionally need to disable MFA temporarily for users, only to turn it back on again after a short period of time.
We have scripts to enable it, but the following script to DISABLE MFA.
$sta = @()
Set-MsolUser -UserPrincipalName $user -StrongAuthenticationRequirements $sta
The problem is it also "forgets" all of the user's configurations and forces them to re-setup everything again.
Is there a way to DISABLE MFA without forgetting the user's settings?
This is what we use to enable:
$st = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement
$st.RelyingParty = "*"
$st.State = "Enforced"
$sta = @($st)
Set-MsolUser -UserPrincipalName $user -StrongAuthenticationRequirements $sta
Jun 03 2018 10:50 PM
What information is forgotten? can you write it into a different attribute then delete and pull it back in when re-enabling?