Wednesday, November 22, 2017

Steps to enable MFA for Global Admins in Office 365 by Powershell


Open Windows PowerShell and follow the below steps

Step 1: Connect to MsolService via PowerShell
Running the command below will bring up a popup would require you to enter your Office 365 Administrator Credentials.
  1. $UserCredential = Get-Credential
  2. Import-Module MSOnline
  3. Connect-MsolService –Credential $UserCredential 

Step 2: Run the following commands.
  1. $auth = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement
  2. $auth.RelyingParty = "*" 

Step 3: Choose the MFA State. (As documented above)
  1. You can choose between "Enabled" and "Enforced"
  2. $auth.State = "Enabled" 

Step 4: Choose the date – Any devices issued for a user before this date would require MFA setup. Normally, we would select the date of running the command.
  1. $auth.RememberDevicesNotIssuedBefore = (Get-Date)

 Step 5: Command to Enable MFA for all Global Admins
  1. $O365ROLE = Get-MsolRole -RoleName “Company Administrator”
  2. Get-MsolRoleMember -RoleObjectId $O365ROLE.ObjectId | Foreach{ Set-MsolUser -UserPrincipalName $_.Emailaddress -StrongAuthenticationRequirements $auth}


Total Pageviews

Followers