Enabling MFA in Office 365 using PowerShell, in this article you will get step to steps process to Enabling MFA in Office 365 using PowerShell
Multi-Factor Authentication (MFA) offers an added layer of security to safeguard your Office 365 accounts from unauthorized access. MFA requires users to provide additional verification, such as a code sent to their mobile device, in addition to their password. This article will guide you through the process of enabling MFA in Office 365 using PowerShell, a versatile scripting language that facilitates automated and efficient configuration management.
Table of Contents
Enabling MFA in Office 365 using PowerShell
Step 1: Connect to Exchange Online PowerShell
To initiate the process, open the PowerShell console on your local machine. To connect to Exchange Online PowerShell, it is necessary to install the Exchange Online Remote PowerShell Module. This can be achieved by executing the following command:
Install-Module -Name ExchangeOnlineManagementOnce the module is installed, you can establish a connection to Exchange Online PowerShell by using the following command:
Connect-ExchangeOnlineYou will be prompted to provide your Office 365 administrator credentials. Once authenticated successfully, you will be connected to Exchange Online PowerShell.
Step 2: Enable MFA for all users
To enable MFA for all users in your Office 365 tenant, employ the following PowerShell script:
$users = Get-User -Filter {RecipientTypeDetails -eq 'User'} -ResultSize Unlimited
foreach ($user in $users) {
$mfastatus = Get-MsolUser -UserPrincipalName $user.UserPrincipalName | Select-Object -ExpandProperty StrongAuthenticationRequirements
if ($mfastatus.Count -eq 0) {
$sta = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement
$sta.RelyingParty = "*"
$sta.State = "Enabled"
$sta.RememberDevicesNotIssuedBefore = (Get-Date).ToUniversalTime()
$sta.RememberDevicesNotIssuedBefore.AddYears(1)
$sta.RememberDevicesFromIssuanceUntil = (Get-Date).ToUniversalTime()
$sta.RememberDevicesFromIssuanceUntil.AddYears(1)
$mfareq = @($sta)
Set-MsolUser -UserPrincipalName $user.UserPrincipalName -StrongAuthenticationRequirements $mfareq
}
}
This script retrieves all the users in your Office 365 tenant and verifies whether MFA is already enabled for each user. If MFA is not enabled, it creates a new StrongAuthenticationRequirement object and sets the required properties. Subsequently, the script applies the MFA settings to the user using the Set-MsolUser cmdlet.
Step 3: Verifying MFA configuration
After executing the script, you can verify the MFA configuration for a specific user using the following PowerShell command:
Get-MsolUser -UserPrincipalName <UserPrincipalName> | Select-Object -ExpandProperty StrongAuthenticationRequirements
Replace <UserPrincipalName> with the actual User Principal Name (UPN) of the user.
Conclusion
Enabling Multi-Factor Authentication (MFA) in Office 365 enhances the security of your organization’s data by adding an additional layer of protection. Utilizing PowerShell, you can efficiently enable MFA for all users within your Office 365 tenant. By following the steps outlined in this article, you can ensure the safeguarding of your Office 365 environment against unauthorized access and potential security threats.
Check How to Enabling Multi-Factor Authentication (MFA) for Admins Using PowerShell
Visit Latestinfo365.com to check more article
