mirror of
https://github.com/admindroid-community/powershell-scripts.git
synced 2025-12-17 16:35:19 +00:00
Enable MFA for Admin Users
Enable MFA for Admin Users
This commit is contained in:
AdminDroid
parent
ab08c6c03e
commit
97826ff919
138
Enable MFA for Admin Users/EnableMFAforAdmins.ps1
Normal file
138
Enable MFA for Admin Users/EnableMFAforAdmins.ps1
Normal file
@ -0,0 +1,138 @@
|
||||
<#
|
||||
=============================================================================================
|
||||
Name: Enable MFA for all Office 365 admins
|
||||
Version: 1.0
|
||||
Website: m365scripts.com
|
||||
Script by: M365Scripts Team
|
||||
For detailed script execution: https://m365scripts.com/security/enabling-mfa-for-admins-using-powershell/
|
||||
============================================================================================
|
||||
#>
|
||||
|
||||
|
||||
|
||||
|
||||
#PARAMETERS
|
||||
param (
|
||||
[String] $UserName = $null,
|
||||
[String] $Password = $null,
|
||||
[Switch] $LicensedAdminsOnly
|
||||
)
|
||||
|
||||
#Check for Module Availability
|
||||
$MsOnline = (Get-Module MsOnline -ListAvailable).Name
|
||||
if($MsOnline -eq $null)
|
||||
{
|
||||
Write-Host "Important: Module MsOnline is unavailable. It is mandatory to have this module installed in the system to run the script successfully."
|
||||
$Confirm = Read-Host Are you sure you want to install module? [Y] Yes [N] No
|
||||
if($Confirm -match "[yY]")
|
||||
{
|
||||
Write-Host "Installing MsOnline module..."
|
||||
Install-Module MsOnline -Repository PsGallery -Force -AllowClobber
|
||||
Write-Host "Required Module is installed in the machine Successfully" -ForegroundColor Magenta
|
||||
}
|
||||
else
|
||||
{
|
||||
Write-Host "Exiting. `nNote: MsOnline module must be available in your system to run the script"
|
||||
Exit
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
#Importing Module by default will avoid the cmdlet unrecognized error
|
||||
Import-Module MsOnline -Force
|
||||
|
||||
#CONNECTING TO MSOLSERVICE.......
|
||||
Write-Host "Connecting to Msolservice..."
|
||||
if(($UserName -ne "") -and ($Password -ne ""))
|
||||
{
|
||||
$SecuredPassword = ConvertTo-SecureString -AsPlainText $Password -Force
|
||||
$Credential = New-Object System.Management.Automation.PSCredential $UserName,$SecuredPassword
|
||||
Connect-MsolService -Credential $Credential
|
||||
}
|
||||
else
|
||||
{
|
||||
Connect-MsolService
|
||||
}
|
||||
|
||||
#Creating Object for Enable MFA
|
||||
$MultiFactorAuthentication_Object= New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement
|
||||
$MultiFactorAuthentication_Object.RelyingParty = "*"
|
||||
$MultiFactorAuthentication_Object.State = "Enabled"
|
||||
$MultiFactorAuthentication = @($MultiFactorAuthentication_Object)
|
||||
|
||||
|
||||
#Separating Admin without MFA And Enable MFA for them
|
||||
Write-Host "Preparing Admin Without MFA List And Enable MFA for them..."
|
||||
$OutputCsv=".\AdminsWithoutMFAReport_$((Get-Date -format MMM-dd` hh-mm` tt).ToString()).csv"
|
||||
$global:CountForSuccess = 0
|
||||
$global:CountForFailed = 0
|
||||
|
||||
|
||||
#function for enable MFA for Admins
|
||||
function EnableMFAforadmin
|
||||
{
|
||||
$AdminName = $User.DisplayName
|
||||
$LicensedStatus = if($User.isLicensed) { "Licensed" } else { "UnLicensed" }
|
||||
|
||||
try
|
||||
{
|
||||
Set-MsolUser -UserPrincipalName $User.userprincipalname -StrongAuthenticationRequirements $MultiFactorAuthentication -ErrorAction Stop
|
||||
$global:CountForSuccess++
|
||||
$MFAstatus = "MFA successfully Assigned"
|
||||
}
|
||||
catch
|
||||
{
|
||||
$global:CountForFailed++
|
||||
$MFAstatus = "Failed To Assign MFA"
|
||||
}
|
||||
$User = @{'Admin Name'=$AdminName;'UPN' =$User.UserPrincipalName;'Roles'=($Roles.Name)-join',';'License Status'=$LicensedStatus;'MFA Status'=$MFAstatus}
|
||||
$ExportUser = New-Object PSObject -Property $User
|
||||
$ExportUser | Select-Object 'Admin Name','UPN','Roles','License Status','MFA Status' | Export-csv -path $OutputCsv -NoType -Append
|
||||
Write-Progress -Activity "Updating $Adminname ..." -Status "MFA Successfully Assigned for $CountForSuccess Admins , Failed for $CountForFailed Admins"
|
||||
}
|
||||
|
||||
|
||||
|
||||
#Filter Admin User Using MsolUserRole
|
||||
Get-MsolUser -All | Select UserPrincipalName,DisplayName,StrongAuthenticationRequirements,isLicensed | ForEach-Object {
|
||||
|
||||
$User = $_
|
||||
$Roles = (Get-MsolUserRole -UserPrincipalName $User.UserPrincipalName)
|
||||
if($LicensedAdminsOnly.IsPresent)
|
||||
{
|
||||
if($Roles.Name -ne $null -and $User.StrongAuthenticationRequirements.State -eq $null -and $User.IsLicensed -eq $true)
|
||||
{
|
||||
EnableMFAforadmin
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
if($Roles.name -ne $null -and $User.StrongAuthenticationRequirements.State -eq $null)
|
||||
{
|
||||
EnableMFAforadmin
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
#Display Details about succesfull and failure
|
||||
if($CountForSuccess -ne 0 -or $CountForFailed -ne 0)
|
||||
{
|
||||
Write-Host "MFA Successfully Enabled for $CountForSuccess Admins and MFA Failed for $CountForFailed Admins"
|
||||
}
|
||||
else
|
||||
{
|
||||
Write-Host "Already All the Admins are enabled MFA"
|
||||
}
|
||||
|
||||
|
||||
#Open output file after execution
|
||||
if((Test-Path -Path $OutputCsv) -eq "True") {
|
||||
Write-Host "The Output file availble in $outputCsv" -ForegroundColor Green
|
||||
$Prompt = New-Object -ComObject wscript.shell
|
||||
$UserInput = $Prompt.popup("Do you want to open output file?",` 0,"Open Output File",4)
|
||||
If ($UserInput -eq 6)
|
||||
{
|
||||
Invoke-Item "$OutputCSV"
|
||||
}
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user