A collection of tools for managing the status of Azure MFA for individual users.
I created these scripts to enable me to quickly check and modify certain aspects of per-user Azure MFA enrolment, after growing frustrated at the number of blades required to perform the same actions via the Azure Portal. These scripts currently use the MSOnline module, though I will migrate them to the Graph API in due course.
I have also created a script implementing most of these functions within a Windows Forms GUI.
For ease of use I prefer to pre-load these functions in my PowerShell profile and assign them aliases (e.g. "mfaon" for Enable-AzureMFA), but this is not required.
This will retrieve the user account and set the State for StrongAuthenticationRequirements to "Enabled".
This will retrieve the user account and set the state for StrongAuthenticationRequirements to "Disabled".
This will retrieve the user account and report the current value of StrongAuthenticationRequirements.
This will retrieve the user account and return a summary of the account MFA status, including:
- Default MFA method
- Primary phone number
- Alternative phone number
- All available MFA methods
This will reset the StrongAuthenticationMethods for the account to null. This will allow the user to re-enrol for MFA.
This implements most of the above functions within a Windows Forms GUI for ease of use by support staff.