PowerShell to temporarily Disable Azure MFA (while remembering settings)

Silver Contributor

We occasionally need to disable MFA temporarily for users, only to turn it back on again after a short period of time.

 

We have scripts to enable it, but the following script to DISABLE MFA.

 

$sta = @()
Set-MsolUser -UserPrincipalName $user -StrongAuthenticationRequirements $sta

 

The problem is it also "forgets" all of the user's configurations and forces them to re-setup everything again.

 

Is there a way to DISABLE MFA without forgetting the user's settings?

 

This is what we use to enable:

 

$st = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement
$st.RelyingParty = "*"
$st.State = "Enforced"
$sta = @($st)
Set-MsolUser -UserPrincipalName $user -StrongAuthenticationRequirements $sta

1 Reply

What information is forgotten? can you write it into a different attribute then delete and pull it back in when re-enabling?