Enabling MFA for Microsoft 365 Admins Using PowerShell

Enabling MFA for Microsoft 365 Admins Using PowerShell

Authenticating your Office 365 account just once with a password won’t protect your data as you won’t know how the login occurred, either by you or by an attacker. So, you need to depend upon the second form of authentication that delivers a strong authentication. Here Multi-factor authentication(MFA) can be of great assistance. Multi-factor authentication is purposely used to provide more security to your Office 365. To give much security to your organization, enable MFA for admins.

What is Multi-factor Authentication (MFA)?

Multi-factor authentication is an additional verification method. Along with the password, you’ll need to provide additional sign-in verification, which reduces the likelihood of cyberattacks. The verification can be provided by something you have, such as an OTP sent to your device, approval via the Microsoft authenticator app, or by something you are, such as fingerprints.

Why Require MFA for Administrative Roles?

Admin accounts are extremely valuable and privileged and should be protected from compromise because they have extensive authority over users. According to Microsoft research, 78% of admins have not enabled MFA for their accounts. Consequently, this can result in a catastrophic outage of enterprise data, since it includes the control over the users’ access, the enterprise’s confidential information, etc. Hence, enabling MFA and tracking registered authentication methods is paramount. Enhance your protection measures by auditing Microsoft 365 admin activities using PowerShell.

Enable MFA for Admins using PowerShell:

No matter how complicated your passwords are, there is always a threat of brute force attack possible. Suppose an attacker cracks the password and gains access to the admin accounts. Your entire domain can be compromised, and you will not even be alerted by their intrusion. So, securing all the admin accounts is imperative to the security of your organization.

Office 365 requires MFA for all the admins to ensure your administrative security. Additionally, it is one of the highest-scoring Microsoft Secure Score recommendations, allowing you to earn up to 10 points.

To enable MFA for admins in office 365, get the benefit of using the below script, and enable.

Download now: EnableMFAforAdmins.ps1

Script Highlights:

  • Finds admins without MFA and enables MFA for them.
  • Allows to enable MFA for licensed admins alone.
  • Exports MFA enabling status to CSV file.
  • The script can be executed with MFA enabled account.
  • Credentials are passed as parameters, so worry not!

How to Execute the Script?

Method 1: You can use the below method to run the script with both MFA and non-MFA accounts.

.\EnableMFAforAdmins.ps1

Method 2: To run a script non-interactively (i.e., Scheduler-friendly), you can use the below format.

.\EnableMFAforAdmins.ps1 -UserName [email protected] -Password XXX

Exported Output File:

The output CSV file is exported. The exported CSV file contains the name, administrative role of the user along with the license status and MFA status.

Exported CSV file for all admins

More Use case of the Script:

Our script lets you filter based on license status and enable MFA to them.

Enable MFA for All Admins Using PowerShell:

Run the script to enable MFA for all Office 365 administrators, regardless of license status.

This script lets you obtain the purpose of two functions at once.

  • You can find the admins without MFA.
  • Enable MFA for all the admin.
.\EnableMFAforAdmins.ps1

Enable MFA for Admins Based on License Status:

Only Enable MFA For Admin With the License – By using this script, you’ll be able to better categorize based on their license availability.

To enable MFA only for licensed admins, use the parameter -LicensedAdminsOnly along with it.

.\EnableMFAforAdmins.ps1 -LicensedAdminsOnly

Conclusion:

MFA adds an extra layer of security to your cloud storage. Implementing MFA in high-risk accounts, such as admin accounts, can help lessen the chance of a data breach. Additionally, keeping track of your Office 365 users’ MFA status will help you assign MFA to users to those who don’t have it enabled, thereby lowering their risk.

I hope this blog helped you set up MFA for all admins in Office 365.

Enabling MFA for Microsoft 365 Admins Using PowerShell

by Pavithra time to read: 3 min
0