Introduction
In Office 365, multifactor authentication (MFA) is a security feature in which it authenticates whether the user who tries to access the exchange online is the same user who claims the account. MFA use the user's phone number or mobile app to connect the Office 365.
Providing the steps below to enable MFA,
Step 1
To run Office 365 to remote areas you have to get all the policies.
If the output is showing unrestricted then set the scope for the current user.
Step 2
To connect the PowerShell online you have to get the credentials for Office 365
Step 3
If MSOnline service is not imported in your end then you have to import the service first by using the below command. MSOnline service is use for connecting to office 365
Import-Module MSOnline
Step 4
Now create the authentication object and set the MFA status values.
Step 5
Then set the MFA
For single user,
Get-MsolUser -UserPrincipalName $UserName | Set-MsolUser -UserPrincipalName $UserName -StrongAuthenticationRequirements $authentication
For multiple user,
Get-MsolUser –All | Foreach{ Set-MsolUser -UserPrincipalName $_.UserPrincipalName -StrongAuthenticationRequirements $authentication}
- Get-ExecutionPolicy
- Set-ExecutionPolicyUnrestricted–ScopeCurrentUser
- $credential=Get-Credential
- Connect-MsolService–Credential$credential
- $UserName=Read-Host"Enter the username"
- $authentication=New-Object-TypeNameMicrosoft.Online.Administration.StrongAuthenticationRequirement
- $authentication.RelyingParty ="*"
- $authentication.State ="Enabled"
- $authentication.RememberDevicesNotIssuedBefore = (Get-Date)
- Get-MsolUser-UserPrincipalName$UserName|Set-MsolUser-UserPrincipalName$UserName-StrongAuthenticationRequirements$authentication
After running the script It will ask for credentials. Enter the user name(user must be tenanted administrator)
Enter the username in which you want to enable MFA.
Then you can see a successful message.
In the below screenshot you can check the user MFA status.
How to disable MFA using PowerShell
If you want to disable the MFA you have to use the below code.
Get-MsolUser -UserPrincipalName $UserName | Set-MsolUser -StrongAuthenticationRequirements @ ()