How do i construct a script that can check the Azure Tentant and enable MFA for Admins?

Hello Stack Overflow,

I'm encountering the following issue. I'm trying to create a script that will check what administrator accounts are present on the O365 tenant and enable automatically for them MFA so that, the next time they will log in the will be prompted to setup MFA.

The code bellow is as following:

$mfa1 = Get-MsolUser | Select-Object UserPrincipalName,StrongAuthenticationMethods,StrongAuthenticationRequirements | Where-object {$_.UserPrincipalName -notin $exclude }

foreach ($item in $mfa1) {  if ($null -ne $item.StrongAuthenticationMethods){      $st = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement      $st.RelyingParty = "*"      $st.State = "Enable"      $sta = @($st)      Set-MsolUser -UserPrincipalName $item.UserPrincipalName -StrongAuthenticationRequirements $sta      Write-Host "test1"  }  else {      Write-Host "test2"  }  

}

Let me know where the i'm wrong, i have searched almost all the internet for a solution without having to upload the users from the CSV

Thanks in advance !

https://stackoverflow.com/questions/65791009/how-do-i-construct-a-script-that-can-check-the-azure-tentant-and-enable-mfa-for January 19, 2021 at 07:53PM