Security Focus: Enable / Disable MFA on Azure AD Admin Account

Last week I presented a little function that I use to reset my Azure AD admin account passwords.

This week I want to show how to enable / disable Multi Factor Authentication on an Azure AD account.

$St = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement
$St.RelyingParty = "*"
$Sta = @($St)
Set-MsolUser -UserPrincipalName -StrongAuthenticationRequirements $Sta 



$Sta = @()
Set-MsolUser -UserPrincipalName -StrongAuthenticationRequirements $Sta 


Comments (4)

  1. turbomcp says:

    Great stuff

  2. JosephK says:

    Exactly what i was looking for, How to Disable MFA for O365 User via Powershell.

  3. Paul Mooij says:

    Hi Ian,

    Enforcing MFA still requires the user to provide the additional security verification details themself…
    Preferably, I would pre-populate that fields with the known Email and Mobile Phone number.
    I’ve been able to setup these details in a local object (see snippet below), but how do I update the user with this?!?

    Thanks for your reply!

    # Set MFA User Details?
    $sad = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationUserDetails
    $sad.PhoneNumber = $user.MobilePhone
    $sad.Email = $user.AlternateEmailAddresses
    # -> How to SET the MFA properties to the User?!? Set-MsolUser has no parameter to do so…

  4. There is any single command to disabled MFA for all users …?

Skip to main content