MFAHelp.psm1
|
New-Module -Name MFAHelp -ScriptBlock { Function Enable-MFA { Param($Name) $MSOnline = Get-Module -Name MSOnline -ListAvailable If ($MSOnline) { $Connected = Get-MsolDomain -ErrorAction SilentlyContinue If ($Connected) { $PrincipalName = Get-MsolUser -SearchString $Name | Select-Object UserPrincipalName $MFA = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement $MFA.RelyingParty = "*" $MFA.State = "Disabled" $MFAsetDisable = @($MFA) $ObjectID = Get-MsolUser -UserPrincipalName $PrincipalName.UserPrincipalName | Select-Object -Property ObjectID $TenantID = Get-MsolUser -UserPrincipalName $PrincipalName.UserPrincipalName | Select-Object -Property TenantID Set-MsolUser -UserPrincipalName $PrincipalName.UserPrincipalName -StrongAuthenticationRequirements @() -ObjectId $ObjectID.ObjectId Start-Sleep -Seconds 15 $MFA = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement $MFA.RelyingParty = "*" $MFA.State = "Enabled" $MFAsetEnable = @($MFA) $ObjectID = Get-MsolUser -UserPrincipalName $PrincipalName.UserPrincipalName | Select-Object -Property ObjectID $TenantID = Get-MsolUser -UserPrincipalName $PrincipalName.UserPrincipalName | Select-Object -Property TenantID Set-MsolUser -UserPrincipalName $PrincipalName.UserPrincipalName -StrongAuthenticationRequirements $MFAsetEnable -ObjectId $ObjectID.ObjectId Reset-MsolStrongAuthenticationMethodByUpn -UserPrincipalName $PrincipalName.UserPrincipalName -TenantId $TenantID.TenantID Write-Output "" Write-Output "INFO: MFA has been Enabled for $($Name)." Write-Output "" } Else { Connect-MsolService $PrincipalName = Get-MsolUser -SearchString $Name | Select-Object UserPrincipalName $MFA = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement $MFA.RelyingParty = "*" $MFA.State = "Disabled" $MFAsetDisable = @($MFA) $ObjectID = Get-MsolUser -UserPrincipalName $PrincipalName.UserPrincipalName | Select-Object -Property ObjectID $TenantID = Get-MsolUser -UserPrincipalName $PrincipalName.UserPrincipalName | Select-Object -Property TenantID Set-MsolUser -UserPrincipalName $PrincipalName.UserPrincipalName -StrongAuthenticationRequirements @() -ObjectId $ObjectID.ObjectId Start-Sleep -Seconds 15 $MFA = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement $MFA.RelyingParty = "*" $MFA.State = "Enabled" $MFAsetEnable = @($MFA) $ObjectID = Get-MsolUser -UserPrincipalName $PrincipalName.UserPrincipalName | Select-Object -Property ObjectID $TenantID = Get-MsolUser -UserPrincipalName $PrincipalName.UserPrincipalName | Select-Object -Property TenantID Set-MsolUser -UserPrincipalName $PrincipalName.UserPrincipalName -StrongAuthenticationRequirements $MFAsetEnable -ObjectId $ObjectID.ObjectId Reset-MsolStrongAuthenticationMethodByUpn -UserPrincipalName $PrincipalName.UserPrincipalName -TenantId $TenantID.TenantID Write-Output "" Write-Output "INFO: MFA has been Enabled for $($Name)." Write-Output "" } } Else { Install-Module -Name MSOnline -Force -AllowClobber -SkipPublisherCheck -Scope AllUsers $Connected = Get-MsolDomain -ErrorAction SilentlyContinue If ($Connected) { $PrincipalName = Get-MsolUser -SearchString $Name | Select-Object UserPrincipalName $MFA = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement $MFA.RelyingParty = "*" $MFA.State = "Disabled" $MFAsetDisable = @($MFA) $ObjectID = Get-MsolUser -UserPrincipalName $PrincipalName.UserPrincipalName | Select-Object -Property ObjectID $TenantID = Get-MsolUser -UserPrincipalName $PrincipalName.UserPrincipalName | Select-Object -Property TenantID Set-MsolUser -UserPrincipalName $PrincipalName.UserPrincipalName -StrongAuthenticationRequirements @() -ObjectId $ObjectID.ObjectId Start-Sleep -Seconds 15 $MFA = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement $MFA.RelyingParty = "*" $MFA.State = "Enabled" $MFAsetEnable = @($MFA) $ObjectID = Get-MsolUser -UserPrincipalName $PrincipalName.UserPrincipalName | Select-Object -Property ObjectID $TenantID = Get-MsolUser -UserPrincipalName $PrincipalName.UserPrincipalName | Select-Object -Property TenantID Set-MsolUser -UserPrincipalName $PrincipalName.UserPrincipalName -StrongAuthenticationRequirements $MFAsetEnable -ObjectId $ObjectID.ObjectId Reset-MsolStrongAuthenticationMethodByUpn -UserPrincipalName $PrincipalName.UserPrincipalName -TenantId $TenantID.TenantID Write-Output "" Write-Output "INFO: MFA has been Enabled for $($Name)." Write-Output "" } Else { Connect-MsolService $PrincipalName = Get-MsolUser -SearchString $Name | Select-Object UserPrincipalName $MFA = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement $MFA.RelyingParty = "*" $MFA.State = "Disabled" $MFAsetDisable = @($MFA) $ObjectID = Get-MsolUser -UserPrincipalName $PrincipalName.UserPrincipalName | Select-Object -Property ObjectID $TenantID = Get-MsolUser -UserPrincipalName $PrincipalName.UserPrincipalName | Select-Object -Property TenantID Set-MsolUser -UserPrincipalName $PrincipalName.UserPrincipalName -StrongAuthenticationRequirements @() -ObjectId $ObjectID.ObjectId Start-Sleep -Seconds 15 $MFA = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement $MFA.RelyingParty = "*" $MFA.State = "Enabled" $MFAsetEnable = @($MFA) $ObjectID = Get-MsolUser -UserPrincipalName $PrincipalName.UserPrincipalName | Select-Object -Property ObjectID $TenantID = Get-MsolUser -UserPrincipalName $PrincipalName.UserPrincipalName | Select-Object -Property TenantID Set-MsolUser -UserPrincipalName $PrincipalName.UserPrincipalName -StrongAuthenticationRequirements $MFAsetEnable -ObjectId $ObjectID.ObjectId Reset-MsolStrongAuthenticationMethodByUpn -UserPrincipalName $PrincipalName.UserPrincipalName -TenantId $TenantID.TenantID Write-Output "" Write-Output "INFO: MFA has been Enabled for $($Name)." Write-Output "" } } } Function Disable-MFA { Param($Name) $MSOnline = Get-Module -Name MSOnline -ListAvailable If ($MSOnline) { $Connected = Get-MsolDomain -ErrorAction SilentlyContinue If ($Connected) { $PrincipalName = Get-MsolUser -SearchString $Name | Select-Object UserPrincipalName $MFA = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement $MFA.RelyingParty = "*" $MFA.State = "Disabled" $MFAsetDisable = @($MFA) $ObjectID = Get-MsolUser -UserPrincipalName $PrincipalName.UserPrincipalName | Select-Object -Property ObjectID $TenantID = Get-MsolUser -UserPrincipalName $PrincipalName.UserPrincipalName | Select-Object -Property TenantID Set-MsolUser -UserPrincipalName $PrincipalName.UserPrincipalName -StrongAuthenticationRequirements @() -ObjectId $ObjectID.ObjectId Write-Output "" Write-Output "INFO: MFA has been disabled for $($Name)." Write-Output "" } Else { Connect-MsolService $PrincipalName = Get-MsolUser -SearchString $Name | Select-Object UserPrincipalName $MFA = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement $MFA.RelyingParty = "*" $MFA.State = "Disabled" $MFAsetDisable = @($MFA) $ObjectID = Get-MsolUser -UserPrincipalName $PrincipalName.UserPrincipalName | Select-Object -Property ObjectID $TenantID = Get-MsolUser -UserPrincipalName $PrincipalName.UserPrincipalName | Select-Object -Property TenantID Set-MsolUser -UserPrincipalName $PrincipalName.UserPrincipalName -StrongAuthenticationRequirements @() -ObjectId $ObjectID.ObjectId Write-Output "" Write-Output "INFO: MFA has been disabled for $($Name)." Write-Output "" } } Else { Install-Module -Name MSOnline -Force -AllowClobber -SkipPublisherCheck -Scope AllUsers $Connected = Get-MsolDomain -ErrorAction SilentlyContinue If ($Connected) { $PrincipalName = Get-MsolUser -SearchString $Name | Select-Object UserPrincipalName $MFA = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement $MFA.RelyingParty = "*" $MFA.State = "Disabled" $MFAsetDisable = @($MFA) $ObjectID = Get-MsolUser -UserPrincipalName $PrincipalName.UserPrincipalName | Select-Object -Property ObjectID $TenantID = Get-MsolUser -UserPrincipalName $PrincipalName.UserPrincipalName | Select-Object -Property TenantID Set-MsolUser -UserPrincipalName $PrincipalName.UserPrincipalName -StrongAuthenticationRequirements @() -ObjectId $ObjectID.ObjectId Write-Output "" Write-Output "INFO: MFA has been disabled for $($Name)." Write-Output "" } Else { Connect-MsolService $PrincipalName = Get-MsolUser -SearchString $Name | Select-Object UserPrincipalName $MFA = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement $MFA.RelyingParty = "*" $MFA.State = "Disabled" $MFAsetDisable = @($MFA) $ObjectID = Get-MsolUser -UserPrincipalName $PrincipalName.UserPrincipalName | Select-Object -Property ObjectID $TenantID = Get-MsolUser -UserPrincipalName $PrincipalName.UserPrincipalName | Select-Object -Property TenantID Set-MsolUser -UserPrincipalName $PrincipalName.UserPrincipalName -StrongAuthenticationRequirements @() -ObjectId $ObjectID.ObjectId Write-Output "" Write-Output "INFO: MFA has been disabled for $($Name)." Write-Output "" } } } Function Reset-MFAContactMethods { Param($Name) $MSOnline = Get-Module -Name MSOnline -ListAvailable If ($MSOnline) { $Connected = Get-MsolDomain -ErrorAction SilentlyContinue If ($Connected) { $PrincipalName = Get-MsolUser -SearchString $Name | Select-Object UserPrincipalName $ObjectID = Get-MsolUser -UserPrincipalName $PrincipalName.UserPrincipalName | Select-Object -Property ObjectID $TenantID = Get-MsolUser -UserPrincipalName $PrincipalName.UserPrincipalName | Select-Object -Property TenantID Set-MsolUser -UserPrincipalName $PrincipalName.UserPrincipalName -StrongAuthenticationRequirements @() -ObjectId $ObjectID.ObjectId Write-Output "" Write-Output "INFO: Contact Methods have been reset for $($Name)" Write-Output "" } Else { Connect-MsolService $PrincipalName = Get-MsolUser -SearchString $Name | Select-Object UserPrincipalName $ObjectID = Get-MsolUser -UserPrincipalName $PrincipalName.UserPrincipalName | Select-Object -Property ObjectID $TenantID = Get-MsolUser -UserPrincipalName $PrincipalName.UserPrincipalName | Select-Object -Property TenantID Set-MsolUser -UserPrincipalName $PrincipalName.UserPrincipalName -StrongAuthenticationRequirements @() -ObjectId $ObjectID.ObjectId Write-Output "" Write-Output "INFO: Contact Methods have been reset for $($Name)" Write-Output "" } } Else { Install-Module -Name MSOnline -Force -AllowClobber -SkipPublisherCheck -Scope AllUsers $Connected = Get-MsolDomain -ErrorAction SilentlyContinue If ($Connected) { $PrincipalName = Get-MsolUser -SearchString $Name | Select-Object UserPrincipalName $ObjectID = Get-MsolUser -UserPrincipalName $PrincipalName.UserPrincipalName | Select-Object -Property ObjectID $TenantID = Get-MsolUser -UserPrincipalName $PrincipalName.UserPrincipalName | Select-Object -Property TenantID Set-MsolUser -UserPrincipalName $PrincipalName.UserPrincipalName -StrongAuthenticationRequirements @() -ObjectId $ObjectID.ObjectId Write-Output "" Write-Output "INFO: Contact Methods have been reset for $($Name)" Write-Output "" } Else { Connect-MsolService $PrincipalName = Get-MsolUser -SearchString $Name | Select-Object UserPrincipalName $ObjectID = Get-MsolUser -UserPrincipalName $PrincipalName.UserPrincipalName | Select-Object -Property ObjectID $TenantID = Get-MsolUser -UserPrincipalName $PrincipalName.UserPrincipalName | Select-Object -Property TenantID Set-MsolUser -UserPrincipalName $PrincipalName.UserPrincipalName -StrongAuthenticationRequirements @() -ObjectId $ObjectID.ObjectId Write-Output "" Write-Output "INFO: Contact Methods have been reset for $($Name)" Write-Output "" } } } } | Import-Module |