-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathMigrate from SSPR to AzureMFA.ps1
34 lines (25 loc) · 1.31 KB
/
Migrate from SSPR to AzureMFA.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
#Connect to Azure AD environment
Import-module MSOnline
$Credential = Get-Credential
Connect-MsolService -Credential $Credential
$upn = "<<UPN>>"
#Save Enabled status to sta array
$st = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement
$st.RelyingParty = "*"
$st.State = "Enabled"
$sta = @($st)
#Assign voice mobile to SM1 variable
$sm1 = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationMethod
$sm1.IsDefault = $true
$sm1.MethodType = "TwoWayVoiceMobile"
$sm = @($sm1)
#Set methods on User
Set-MsolUser -UserPrincipalName $upn -StrongAuthenticationRequirements $sta -StrongAuthenticationMethods $sm
#From here , we will save methods, disable the user from mfa per-user, and restore methods while keeping user disabled
# Save current StrongAuthenticationMethods
$Methods = (Get-MsolUser -UserPrincipalName [email protected]).StrongAuthenticationMethods
# Disable MFA by setting the StrongAuthenticationRequirements to an empty array
# This will also remove the StrongAuthenticationMethods
Set-MsolUser -UserPrincipalName [email protected] -StrongAuthenticationRequirements @()
# Restore the StrongAuthenticationMethods value that was saved
Set-MsolUser -UserPrincipalName [email protected] -StrongAuthenticationMethods $Methods