forked from NickRoss-Pax8/Security
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathNon-MFA Admins.ps1
22 lines (19 loc) · 1.01 KB
/
Non-MFA Admins.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
Connect-MsolService
$admins = Import-csv C:\temp\nonMFAAdmins.csv
$auth = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement
$auth.RelyingParty = "*"
$auth.State = "Enabled"
$auth.RememberDevicesNotIssuedBefore = (Get-Date)
foreach ($admin in $admins) {
if ($admin.IsLicensed -eq "FALSE") {
Write-Host "Enabling MFA for $($admin.userprincipalname)" -ForegroundColor Green
Set-MsolUser -UserPrincipalName $admin.userprincipalname -StrongAuthenticationRequirements $auth -TenantId $admin.tenantid
$state = (get-msoluser -TenantId $admin.tenantid -UserPrincipalName $admin.UserPrincipalName).StrongAuthenticationRequirements.state
$admin.MFAStatus = $state
$admin | export-csv C:\temp\adminMFAStatus.csv -NoTypeInformation -append
}
else {
Write-Host "Not Enabling MFA for $($admin.userprincipalname)" -ForegroundColor Red
$admin | export-csv C:\temp\MFAEnabledAdmins.csv -Append -NoTypeInformation
}
}