-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathKeepMFAMethodsforAllUsers.ps1
68 lines (54 loc) · 2.07 KB
/
KeepMFAMethodsforAllUsers.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
#Connect to Azure AD environment
Import-module MSOnline
$Credential = Get-Credential
Connect-MsolService -Credential $Credential
# Disable MFA for all users, keeping their MFA methods intact
#Get-MsolUser -All | Disable-MFA -KeepMethods
# Enforce MFA for all users
#Get-MsolUser -All | Set-MfaState -State Enforced
# Wrapper to disable MFA with the option to keep the MFA
# methods (to avoid having to proof-up again later)
function Disable-Mfa {
[CmdletBinding()]
param(
[Parameter(ValueFromPipeline=$True)]
$User,
[switch] $KeepMethods
)
Process {
Write-Verbose ("Disabling MFA for user '{0}'" -f $User.UserPrincipalName)
$User | Set-MfaState -State Disabled
if ($KeepMethods) {
# Restore the MFA methods which got cleared when disabling MFA
# TODO: Can this be done with the Set-MsolUser called in Set-MfaState?
Set-MsolUser -ObjectId $User.ObjectId `
-StrongAuthenticationMethods $User.StrongAuthenticationMethods
}
}
}
# Sets the MFA requirement state
function Set-MfaState {
[CmdletBinding()]
param(
[Parameter(ValueFromPipelineByPropertyName=$True)]
$ObjectId,
[Parameter(ValueFromPipelineByPropertyName=$True)]
$UserPrincipalName,
[ValidateSet("Disabled","Enabled","Enforced")]
$State
)
Process {
Write-Verbose ("Setting MFA state for user '{0}' to '{1}'." -f $ObjectId, $State)
$Requirements = @()
if ($State -ne "Disabled") {
$Requirement =
[Microsoft.Online.Administration.StrongAuthenticationRequirement]::new()
$Requirement.RelyingParty = "*"
$Requirement.State = $State
$Requirements += $Requirement
}
Set-MsolUser -ObjectId $ObjectId -UserPrincipalName $UserPrincipalName `
-StrongAuthenticationRequirements $Requirements
}
}
Get-MsolUser -All | Disable-MFA -KeepMethods