Open Windows PowerShell and follow the below steps
- $UserCredential = Get-Credential
- Import-Module MSOnline
- Connect-MsolService –Credential $UserCredential
Step 2: Run the following commands.
- $auth = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement
- $auth.RelyingParty = "*"
Step 3: Choose the MFA State. (As documented above)
- You can choose between "Enabled" and "Enforced"
- $auth.State = "Enabled"
Step 4: Choose the date – Any devices issued for a user before this date would require MFA setup. Normally, we would select the date of running the command.
- $auth.RememberDevicesNotIssuedBefore = (Get-Date)
Step 5: Command to Enable MFA for all Global Admins
- $O365ROLE = Get-MsolRole -RoleName “Company Administrator”
- Get-MsolRoleMember -RoleObjectId $O365ROLE.ObjectId | Foreach{ Set-MsolUser -UserPrincipalName $_.Emailaddress -StrongAuthenticationRequirements $auth}