Azure Active Directory authentication – Configuring Multi-Factor Authentication (MFA) – PowerShell cmdlets – Part 6

Hi All,

LIFE IS BEAUTIFUL 🙂 I hope we all are safe:) STAY SAFE, STAY HEALTHY 🙂 STAY HOME 🙂

In last couple of articles we are discussing about Azure AD and authentications

In this article we will discuss the PowerShell cmdlets for the configuring Multi-Factor authentication .

Take Away From This Article:

  • How to configure Multi-Factor authentication using PowerShell cmdlets

So lets begin the FUN 🙂 Lets explore few important PowerShell cmdlets related to Azure Multi-Factor authentication.

We need to connect using Connect-MsolService to the Azure Active Directory.

To get default authentication methods available

Azure - PowerShell cmdlet getting default authentication methods
Fig1 : Azure – PowerShell cmdlet – getting default authentication methods

As we know there are following three states for any user account for Multi-Factor authentication

  • Enabled
  • Disabled – Default state for new user.
  • Enforce

To know whether Multi-Factor authentication is enabled or disabled for the given users

Azure - PowerShell cmdlet - Showing users MFA details
Fig2 : Azure – PowerShell cmdlet – Showing users MFA details

There is “State” property of StrongAuthenticationRequirements of user property as shown in above Fig.

Following are sample cmdlets just to explore more in details

Azure - PowerShell cmdlet - Displaying MFA details where MFA state is Enabled and Disabled
Fig3 : Azure – PowerShell cmdlet – Displaying MFA details where MFA state is Enabled and Disabled

When Multi-Factor authentication for the user is disabled , “StrongAuthenticationRequirements” returns empty as shown in above Fig. For user “prasham@knowledgejunction1.onmicrosoft.com” Multi-Factor authentication is disabled. So user1.StrongAuthenticationRequirements returns nothing.

To change the state of Multi-Factor authentication for user – In below example we are disabling MFA status for the user – “prasham1@knowledgejunction1.onmicrosoft.com”

Azure - PowerShell cmdlet to update the Multi-Factor state of user
Fig4 : Azure – PowerShell cmdlet to update the Multi-Factor state of user

To enable Multi-Factor authentication for given user – We need to create the instance of “Microsoft.Online.Administration.StrongAuthenticationRequirement” and update the State property

Similarly, we could have bulk user update, we could read users from CSV file and loop through to update respective status mentioned in .CSV file. Following is the sample code: Updating Multi-Factor authentication for bulk users

Azure - PowerShell cmdlet  - Sample .CSV file
Fig5 : Azure – PowerShell cmdlet – Sample .CSV file

We have very good series on Azure, lots of discussion on Azure, please visit – https://knowledge-junction.com/?s=azure

Thanks for reading 🙂 If its worth at least reading once, kindly please like and share. SHARING IS CARING 🙂

Enjoy the beautiful life 🙂 Have a FUN 🙂 HAVE A SAFE LIFE 🙂 TAKE CARE 🙂

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: