powershell 将用户从每用户MFA转换为基于条件访问的MFA
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了powershell 将用户从每用户MFA转换为基于条件访问的MFA相关的知识,希望对你有一定的参考价值。
# Disable MFA for all users, keeping their MFA methods intact
Get-MsolUser -All | Disable-MFA -KeepMethods
# Enforce MFA for all users
Get-MsolUser -All | Set-MfaState -State Enforced
# Wrapper to disable MFA with the option to keep the MFA
# methods (to avoid having to proof-up again later)
function Disable-MFA {
[CmdletBinding()]
param(
[Parameter(ValueFromPipeline=$True)]
$User,
[switch] $KeepMethods
)
Process {
Write-Verbose ("Disabling MFA for user '{0}'" -f $User.UserPrincipalName)
$User | Set-MfaState -State Disabled
if ($KeepMethods) {
# Restore the MFA methods which got cleared when disabling MFA
Set-MsolUser -ObjectId $User.ObjectId `
-StrongAuthenticationMethods $User.StrongAuthenticationMethods
}
}
}
# Sets the MFA requirement state
function Set-MfaState {
[CmdletBinding()]
param(
[Parameter(ValueFromPipelineByPropertyName=$True)]
$ObjectId,
[Parameter(ValueFromPipelineByPropertyName=$True)]
$UserPrincipalName,
[ValidateSet("Disabled","Enabled","Enforced")]
$State
)
Process {
Write-Verbose ("Setting MFA state for user '{0}' to '{1}'." -f $ObjectId, $State)
$Requirements = @()
if ($State -ne "Disabled") {
$Requirement =
[Microsoft.Online.Administration.StrongAuthenticationRequirement]::new()
$Requirement.RelyingParty = "*"
$Requirement.State = $State
$Requirements += $Requirement
}
Set-MsolUser -ObjectId $ObjectId -UserPrincipalName $UserPrincipalName `
-StrongAuthenticationRequirements $Requirements
}
}
以上是关于powershell 将用户从每用户MFA转换为基于条件访问的MFA的主要内容,如果未能解决你的问题,请参考以下文章
允许用户选择加入 MFA
开启MFA的账户使用Powershell免密(使用证书应用身份验证)方式连接Exchange Online
AWS Amplify/Cognito - 一种仅在用户首次登录时设置 TOTP MFA 的方法
AWS Cognito - 重置用户 MFA
EMS 动手实验2:用户自助密码重设&条件访问策略强制用户使用MFA二次验证&启用标识保护配置风险检测
来宾用户如何在 Azure Active Directory 中重置其 MS Authenticator MFA 设置?