Hello Stack Overflow,
I'm encountering the following issue. I'm trying to create a script that will check what administrator accounts are present on the O365 tenant and enable automatically for them MFA so that, the next time they will log in the will be prompted to setup MFA.
The code bellow is as following:
$mfa1 = Get-MsolUser | Select-Object UserPrincipalName,StrongAuthenticationMethods,StrongAuthenticationRequirements | Where-object {$_.UserPrincipalName -notin $exclude }
foreach ($item in $mfa1) {
if ($null -ne $item.StrongAuthenticationMethods){
$st = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement
$st.RelyingParty = "*"
$st.State = "Enable"
$sta = @($st)
Set-MsolUser -UserPrincipalName $item.UserPrincipalName -StrongAuthenticationRequirements $sta
Write-Host "test1"
}
else {
Write-Host "test2"
}
}
Let me know where the i'm wrong, i have searched almost all the internet for a solution without having to upload the users from the CSV
Thanks in advance !
Seems you got some issue, but the code below that based on your code works perfectly for me.
For a quick test, I specify a user to go through this process:
When a user has enabled MFA and set MFA method:
When a user has no MFA method:
Let me know if you have any further questions.