Enabling MFA for Microsoft 365 Admins Using PowerShell

In this article, we will explore the process of Enabling MFA for Microsoft 365 Admins Using PowerShell or enabling MFA Office 365 Powershell, a versatile scripting language and automation framework.

In today’s digital landscape, ensuring data security and protecting user accounts from unauthorized access is paramount. One effective method to enhance security is implementing multi-factor authentication (MFA).

Microsoft 365, a popular suite of cloud-based productivity tools, offers administrators the option to enable MFA for their accounts, adding an extra layer of protection.

PowerShell: A Valuable Tool for Microsoft 365 Administration

PowerShell is a command-line shell and scripting language developed by Microsoft specifically for system administration and automation tasks. It provides administrators with the ability to interact programmatically with Microsoft 365 services, facilitating efficient management and configuration of various aspects of the environment.

Why Enable MFA for Microsoft 365 Admins?

Administrators play a critical role in managing Microsoft 365 environments, often having access to sensitive data, user accounts, and configuration settings. Enabling MFA for admins ensures that even if their credentials are compromised, an additional verification step is required to gain access to the account. This significantly reduces the risk of unauthorized access and potential data breaches, as attackers would need physical possession of the secondary factor, such as a mobile device, to complete the authentication process. In the below, article we will check how to Enabling MFA for Microsoft 365 Admins Using PowerShell.

Enabling MFA for Microsoft 365 Admins Using PowerShell

To Enabling MFA for Microsoft 365 Admins Using PowerShell, follow the steps below:

Step 1: Install Required Modules

Before proceeding, ensure that you have the necessary PowerShell modules installed. You will need the AzureAD and MSOnline modules, which you can install using the following commands:

Install-Module -Name AzureAD
Install-Module -Name MSOnline

Step 2: Connect to Azure AD

To connect to your Microsoft 365 tenant, use the following PowerShell command:

Connect-AzureAD

This command will prompt you to enter your admin credentials. Once authenticated, you will be connected to your Azure Active Directory (AD).

Step 3: Enable MFA for an Admin

To Enabling MFA for a specific admin, use the following PowerShell command:

$adminUser = "admin@example.com"
$enableMFA = New-Object -TypeName Microsoft.Open.AzureAD.Model.RequiredResourceAccess
$enableMFA.ResourceAccess = @()
$enableMFA.ResourceAccess.Add((New-Object -TypeName Microsoft.Open.AzureAD.Model.ResourceAccess -ArgumentList ("311a71cc-e848-46a1-bdf8-97ff7156d8e6", "Scope")))
Set-AzureADUser -ObjectId (Get-AzureADUser -Filter "UserPrincipalName eq '$adminUser'").ObjectId -ExtensionProperty $enableMFA

Replace “admin@example.com” with the user principal name of the admin account for which you want to enable MFA. This command adds the required resource access for MFA to the admin account.

Step 4: Verify MFA Status

To verify the MFA status for an admin, use the following PowerShell command:

Get-MsolUser -UserPrincipalName $adminUser | Select-Object -Property DisplayName, IsMFAEnabled

Replace “admin@example.com” with the user principal name of the admin account for which you want to enable MFA. This command adds the required resource access for MFA to the admin account.

Step 4: Verify MFA Status

To verify the MFA status for an admin, use the following PowerShell command:

Get-MsolUser -UserPrincipalName $adminUser | Select-Object -Property DisplayName, IsMFAEnabled

This command retrieves the MFA status for the specified admin account.

Step 5: Repeat Steps 3 and 4 for Other Admins

Repeat steps 3 and 4 for each admin account you want to enable MFA for. Make sure to replace “$adminUser” with the respective user principal name in each command.

Enable MFA Office 365 powershell csv

Bulk Enabling MFA office 365 – follow mentioned below commands –

Prepare a CSV file with user information:

• Create a CSV file named “users.csv” that includes columns for “Username” and “Enabled.” The “Username” column should contain the Office 365 usernames you wish to enabling MFA for, while the “Enabled” column should be set to “True” for those users.
• Example CSV file content:

Username,Enabled
user1@domain.com,True
user2@domain.com,True

Connect to Azure AD and Office 365

• Open a PowerShell session with administrative privileges and connect to Azure AD and Office 365 using the following commands:

Connect-AzureAD
Connect-MsolService

Read the CSV file and enable MFA for the specified users

• Utilize the following script to read the CSV file and enable MFA for the specified users:

$users = Import-Csv -Path "C:\path\to\users.csv"

foreach ($user in $users) {
    $username = $user.Username
    $enabled = $user.Enabled

    # Enable MFA for the user
    Set-MsolUser -UserPrincipalName $username -StrongAuthenticationRequirements @($null) -ErrorAction SilentlyContinue

    if ($enabled -eq "True") {
        # Enable MFA for the user
        $user = Get-MsolUser -UserPrincipalName $username
        $user | Enable-MFA
        Write-Host "MFA enabled for user: $username"
    }
    else {
        Write-Host "MFA not enabled for user: $username"
    }
}

Save the PowerShell script and execute it

• Save the PowerShell script (e.g., “enable_mfa.ps1”) that contains the code from Step 4.
• Open a PowerShell session in the folder where the script is saved and execute the following command:

By following these steps, you will be able to enable multi-factor authentication (MFA) for your Office 365 users using PowerShell and a CSV file. Please ensure that you have the necessary permissions to perform these actions within your Office 365 environment.

How to enable MFA Office 365 for a user

Enable MFA for the user:

• Enabling MFA for the desired user with the following command:

Set-User -Identity user@domain.com -MultiFactorAuthEnabled $true

• Substitute “user@domain.com” with the UPN of the user you wish to enable MFA for.

Verify the MFA status:

• Confirm the MFA status for the user by executing the following command:

Get-User -Identity user@domain.com | Select-Object UserPrincipalName, MultiFactorAuthEnabled

• This will display the user’s UPN and MFA status.

By following these steps, you can enabling MFA for a specific user in Office 365 using PowerShell. Remember that administrative privileges are required to execute these actions.

How to get mfa status PowerShell

Connect to Azure AD and Office 365:

• Open PowerShell and establish a connection to Azure AD and Office 365 by executing the following commands:

Connect-AzureAD
Connect-MsolService

Retrieve the MFA status for a user:

• To check the MFA status for a specific user, run the following command:

Get-MsolUser -UserPrincipalName user@domain.com | Select-Object UserPrincipalName, @{Name="MFAStatus"; Expression={$_.StrongAuthenticationMethods.Count -gt 0}}

• Replace “user@domain.com” with the User Principal Name (UPN) of the user you want to check.

Retrieve the MFA status for all users:

• If you want to retrieve the MFA status for all users in your Office 365 tenant, use the following command:

Get-MsolUser | Select-Object UserPrincipalName, @{Name="MFAStatus"; Expression={$_.StrongAuthenticationMethods.Count -gt 0}}

By following these steps, you can retrieve the MFA status of users in Office 365 using PowerShell. Please ensure that you have the necessary permissions to access this information.

Conclusion

Enabling MFA for Microsoft 365 admins using PowerShell is a vital step in securing your organization’s data

Check How to Enabling MFA in Office 365 using PowerShell

FAQ’s

Visit Latestinfo365.com to check more article