The following script below can be used to enforce the MFA requirement for all "Company Administrator" accounts:
# Import the AAAD Module
Import-Module MSOnline
# Connect to MSO
Connect-MsolService
$multiFactor = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement
$multiFactor.RelyingParty
= "*"
$multiFactor.State
= "Enforced"
$multiFactor.RememberDevicesNotIssuedBefore
= (Get-Date)
$role = Get-MsolRole -RoleName
"Company Administrator"
Get-MsolRoleMember -RoleObjectId $role.ObjectId | ForEach-Object {
Set-MsolUser
-UserPrincipalName $_.EmailAddress -StrongAuthenticationRequirements
$multiFactor
}
with a small amount of work this could be scheduled using task scheduler (see - http://tiftomorrow.blogspot.co.uk/2017/10/ps-disable-owa-for-o365-users-via.html for more details)
Comments
Post a Comment