Enabling MFA in Office 365 using PowerShell

Enabling MFA in Office 365 using PowerShell, in this article you will get step to steps process to Enabling MFA in Office 365 using PowerShell

Multi-Factor Authentication (MFA) offers an added layer of security to safeguard your Office 365 accounts from unauthorized access. MFA requires users to provide additional verification, such as a code sent to their mobile device, in addition to their password. This article will guide you through the process of enabling MFA in Office 365 using PowerShell, a versatile scripting language that facilitates automated and efficient configuration management.

Enabling MFA in Office 365 using PowerShell

Enabling MFA in Office 365 using PowerShell

Step 1: Connect to Exchange Online PowerShell

To initiate the process, open the PowerShell console on your local machine. To connect to Exchange Online PowerShell, it is necessary to install the Exchange Online Remote PowerShell Module. This can be achieved by executing the following command:

Install-Module -Name ExchangeOnlineManagement

Once the module is installed, you can establish a connection to Exchange Online PowerShell by using the following command:


You will be prompted to provide your Office 365 administrator credentials. Once authenticated successfully, you will be connected to Exchange Online PowerShell.

Step 2: Enable MFA for all users

To enable MFA for all users in your Office 365 tenant, employ the following PowerShell script:

$users = Get-User -Filter {RecipientTypeDetails -eq 'User'} -ResultSize Unlimited
foreach ($user in $users) {
    $mfastatus = Get-MsolUser -UserPrincipalName $user.UserPrincipalName | Select-Object -ExpandProperty StrongAuthenticationRequirements
    if ($mfastatus.Count -eq 0) {
        $sta = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement
        $sta.RelyingParty = "*"
        $sta.State = "Enabled"
        $sta.RememberDevicesNotIssuedBefore = (Get-Date).ToUniversalTime()
        $sta.RememberDevicesFromIssuanceUntil = (Get-Date).ToUniversalTime()
        $mfareq = @($sta)
        Set-MsolUser -UserPrincipalName $user.UserPrincipalName -StrongAuthenticationRequirements $mfareq

This script retrieves all the users in your Office 365 tenant and verifies whether MFA is already enabled for each user. If MFA is not enabled, it creates a new StrongAuthenticationRequirement object and sets the required properties. Subsequently, the script applies the MFA settings to the user using the Set-MsolUser cmdlet.

Step 3: Verifying MFA configuration

After executing the script, you can verify the MFA configuration for a specific user using the following PowerShell command:

Get-MsolUser -UserPrincipalName <UserPrincipalName> | Select-Object -ExpandProperty StrongAuthenticationRequirements

Replace <UserPrincipalName> with the actual User Principal Name (UPN) of the user.


Enabling Multi-Factor Authentication (MFA) in Office 365 enhances the security of your organization’s data by adding an additional layer of protection. Utilizing PowerShell, you can efficiently enable MFA for all users within your Office 365 tenant. By following the steps outlined in this article, you can ensure the safeguarding of your Office 365 environment against unauthorized access and potential security threats.

Check How to Enabling Multi-Factor Authentication (MFA) for Admins Using PowerShell

Visit Latestinfo365.com to check more article

Leave a Reply

Your email address will not be published. Required fields are marked *

5 × one =