user1172579
Reputation: 575
Enable O365 MFA with no old phone number via PowerSehll
I have create 2 x PowerShell script for enable and disable the MFA, it works, but when i want to remove the phone number , the disable MFA script do no remove the phone number. so when i enable the MFA again for the user. the old number is still there
Enable MFA
Import-Module MSOnline
$Username = '[email protected]'
$Password = ConvertTo-SecureString 'Password' -AsPlainText -Force
$credentials = new-object -typename System.Management.Automation.PSCredential -argumentlist $Username,$Password -ErrorAction Stop
Connect-MsolService -credential $credentials -ErrorAction Stop
$mfa = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement")
$mfa.RelyingParty = '*'
$mfa.RememberDevicesNotIssuedBefore = (Get-Date)
$auth = @($mfa)
Set-MsolUser -UserPrincipalName [email protected] -StrongAuthenticationRequirements $auth"
Disable MFA
Import-Module MSOnline
$Username = '[email protected]'
$Password = ConvertTo-SecureString 'Password' -AsPlainText -Force
$credentials = new-object -typename System.Management.Automation.PSCredential -argumentlist $Username,$Password -ErrorAction Stop
Connect-MsolService -credential $credentials -ErrorAction Stop
$mfa = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement")
$mfa.RelyingParty = '*'
$mfa.RememberDevicesNotIssuedBefore = (Get-Date)
$auth = @()
Set-MsolUser -UserPrincipalName [email protected] -StrongAuthenticationRequirements $auth"
Upvotes: 1
Views: 609
Answers (1)
user1172579
Reputation: 575
I found the answer of myself
This code only disable the MFA but do not remove the phone numbers etc
Set-MsolUser -UserPrincipalName [email protected] -StrongAuthenticationRequirements $auth"
I have to add this as well to remove the phone numbers
Set-MsolUser -UserPrincipalName [email protected] -StrongAuthenticationMethods $auth"
So the code will looks like:
Import-Module MSOnline
$Username = '[email protected]'
$Password = ConvertTo-SecureString 'Password' -AsPlainText -Force
$credentials = new-object -typename System.Management.Automation.PSCredential -argumentlist $Username,$Password -ErrorAction Stop
Connect-MsolService -credential $credentials -ErrorAction Stop
$mfa = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement")
$mfa.RelyingParty = '*'
$mfa.RememberDevicesNotIssuedBefore = (Get-Date)
$auth = @()
Set-MsolUser -UserPrincipalName [email protected] -StrongAuthenticationMethods $auth"
Set-MsolUser -UserPrincipalName [email protected] -StrongAuthenticationRequirements $auth"
Upvotes: 1
Related Questions
- How do I programmatically clear or update a phone number for Azure AD B2C MFA?
- Command to remove the number and revoke the MFA sessions through powershell in Azure
- How can i login to Azure using an account with MFA using Powershell?
- How to enforce MFA using PowerShell script without being global admin
- Setting StrongAuthenticationUserDetails PhoneNumber for AzureAD via Powershell?
- Setting MFA phone number for a user AAD B2C
- Automate Powershell Script to connect to MSOnline while MFA is applied
- Programmatically authenticate into AAD with MFA via powershell
- Connect-MsolService does not work after enabling MFA?
- How to perform a Non-Interactive MFA Login to Azure Subscription using Powershell