Powershell 如何构造一个脚本来检查Azure Tentant并为管理员启用MFA?
你好,堆栈溢出 我遇到了以下问题。 我正在尝试创建一个脚本,该脚本将检查O365租户上存在哪些管理员帐户,并自动为他们启用MFA,以便他们下次登录时将提示设置MFA 以下代码如下所示: $mfa1=Get-MsolUser |选择对象UserPrincipalName、StrongAuthenticationMethods、StrongAuthenticationRequirements |其中对象{$\ UserPrincipalName-notin$exclude} } 让我知道我错在哪里,我已经在几乎所有的互联网上搜索了一个解决方案,而不必从CSV上传用户Powershell 如何构造一个脚本来检查Azure Tentant并为管理员启用MFA?,powershell,azure-active-directory,multi-factor-authentication,o365security-compliance,Powershell,Azure Active Directory,Multi Factor Authentication,O365security Compliance,你好,堆栈溢出 我遇到了以下问题。 我正在尝试创建一个脚本,该脚本将检查O365租户上存在哪些管理员帐户,并自动为他们启用MFA,以便他们下次登录时将提示设置MFA 以下代码如下所示: $mfa1=Get-MsolUser |选择对象UserPrincipalName、StrongAuthenticationMethods、StrongAuthenticationRequirements |其中对象{$\ UserPrincipalName-notin$exclude} } 让我知道我错在哪里,
提前谢谢 似乎您遇到了一些问题,但是下面基于您的代码的代码对我来说非常适合 对于快速测试,我指定一个用户来完成此过程:
$mfa1 = Get-MsolUser | Select-Object UserPrincipalName,StrongAuthenticationMethods,StrongAuthenticationRequirements | Where-object {$_.UserPrincipalName -eq '<User Principal Name>' }
foreach ($item in $mfa1) {
#if there is no StrongAuthenticationMethods, enable MFA
if ($item.StrongAuthenticationMethods.Count -eq 0){
$st = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement
$st.RelyingParty = "*"
#here is the issue that you can't set MFA successfully, the value should be "Enabled"
$st.State = "Enabled"
$sta = @($st)
Set-MsolUser -UserPrincipalName $item.UserPrincipalName -StrongAuthenticationRequirements $sta
Write-Host "test1"
}
else {
Write-Host "test2"
}
}
当用户启用MFA并设置MFA方法时:
当用户没有MFA方法时:
如果您还有任何问题,请与我联系。如果您要查找未启用的用户,则应使用$null-eq$item.StrongAuthenticationMethods或$item.StrongAuthenticationMethods.Count-eq 0抱歉,但为了测试这一点,我将状态设置为禁用,但为了在页面中发布,我更改了,但忘记将-ne更改为-eq:the$item.UserPrincipalName不受foreach函数的欢迎,错误:set-MsolUser:参数的值无效。参数名称:StrongAuthenticationRequirements。第13行字符:9+设置MsolUser-UserPrincipalName$item.UserPrincipalName-Stro…+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~类别信息:OperationsToping::[Set-MsolUser],MicrosoftOnlineException+FullyQualifiedErrorId:Microsoft.Online.Administration.Automation.PropertyValidationException,Microsoft.Online.Administration.Automation。SetUser@skitter,我已更新我的answer@skitter怎么样?你的问题解决了吗?
$mfa1 = Get-MsolUser | Select-Object UserPrincipalName,StrongAuthenticationMethods,StrongAuthenticationRequirements | Where-object {$_.UserPrincipalName -eq '<User Principal Name>' }
foreach ($item in $mfa1) {
#if there is no StrongAuthenticationMethods, enable MFA
if ($item.StrongAuthenticationMethods.Count -eq 0){
$st = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement
$st.RelyingParty = "*"
#here is the issue that you can't set MFA successfully, the value should be "Enabled"
$st.State = "Enabled"
$sta = @($st)
Set-MsolUser -UserPrincipalName $item.UserPrincipalName -StrongAuthenticationRequirements $sta
Write-Host "test1"
}
else {
Write-Host "test2"
}
}