cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Manage M365 MFA setting using Powershell

sachin011390
Copper Contributor

‎Sep 06 2021 02:51 AM - edited ‎Sep 06 2021 02:53 AM

‎Sep 06 2021 02:51 AM - edited ‎Sep 06 2021 02:53 AM

Manage M365 MFA setting using Powershell

I am enforcing Multi-Factor Authentication for all my M365 users (azure ad plan 2) and it works as expected. Ability to set exceptions when users work from particular branch offices too works as expected. screenshot below.

 

 

sachin011390_0-1630921662572.png

 

 

 

however, i have many branch offices where the IP address can change every week, so need a way to automate updating the above list.

 

is there a power shell module i can use to update this list rather then login to the portal and type it out every time there is a change ?

 

Labels:
1,706 Views
0 Likes
4 Replies
Reply
4 Replies
pvanberlo

‎Sep 06 2021 05:17 AM

‎Sep 06 2021 05:17 AM

Re: Manage M365 MFA setting using Powershell

When you have Azure AD Premium P2 I would consider using Azure AD Conditional Access policies for enforcing MFA and the Named Locations feature available in Azure AD. You can use PowerShell to update names locations using the Set-AzureADMSNamedLocationPolicy cmdlet.

https://docs.microsoft.com/en-us/powershell/module/azuread/set-azureadmsnamedlocationpolicy?view=azu...
0 Likes
Reply
sachin011390

‎Sep 06 2021 07:36 AM

‎Sep 06 2021 07:36 AM

Re: Manage M365 MFA setting using Powershell

@pvanberlothanks. but i want to set IP based exceptions only. not interested in conditional access in this case.

0 Likes
Reply
pvanberlo

‎Sep 06 2021 07:49 AM - edited ‎Sep 06 2021 07:51 AM

‎Sep 06 2021 07:49 AM - edited ‎Sep 06 2021 07:51 AM

Re: Manage M365 MFA setting using Powershell

@sachin011390 I understand what you're saying, however, Microsoft actually recommends using Azure AD Conditional Access for MFA purposes nowadays. I do not believe there is a programmatic or PowerShell way to change the "trusted IPs for per user MFA" and the portal is the only way to manage this interactively.

1 Like
Reply
Mike Crowley

‎Sep 25 2021 09:10 PM

‎Sep 25 2021 09:10 PM

Re: Manage M365 MFA setting using Powershell

Trusted IPs all come over to conditional access as the "mfa trusted ips" named location. you can interact with named locations.
e.g.
New-MgIdentityConditionalAccessNamedLocation
https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.identity.signins/new-mgidentityco...
0 Likes
Reply