Enable multi-factor authentication for office 365 users using PowerShell

The script enables strong authentication for Office 365 users from a CSV input. Before you turn on strong auth or multi-factor auth, take necessary measure to communicate with users to notify them that they will have to register their mobile phone for MFA. On the next sign-in attempt to Office 365, they will be prompted to provide OTP from the text message of their mobile phone, username and password to sign-in to Office 365. To sign-in to Outlook App they have to generate an app password, then use username and app password to sign-in to Outlook.

#CSV File Header UserPrincipalName
#Example row testuser1@domain.com

Import-CSv -Path “c:\Temp\StrongAuthUsers.CSV” | ForEach {
$Users=Get-MsolUser -User $UPN
$Auth= New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement
$Auth.RelyingParty = “*”
$MFA= @($Auth)

#Enable MFA for a user
#Set-MsolUser -UserPrincipalName test1@domain.com -StrongAuthenticationRequirements $mfa
#Enable MFA for all users in the CSV files(use with CAUTION!)
#You have to create app password after strong auth configuration

$Users | Set-MsolUser -StrongAuthenticationRequirements $MFA

#Disable strong auth requirement
# $Users | Set-MsolUser -StrongAuthenticationRequirements $False


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.