Enable per-user MFA for all users in office 365/AzureAd Tenant

Hi All.
Looking for a Powershell script to enable Per-user/legacy MFA for all users inside a office 365/AzureAd Tenant. This seems like a easy script to write and execute but I Cant find any info on it.


Welcome to the forum. :wave:t4:

I used your subject, added “PowerShell” to it and searched for it …


This should get you started. :+1:t4:

Hi Olaf. Appreciate the reply but had already spent some time researching this. Searching this results in no substantial info on the topic as Microsoft and the general community lean towards using Azure Security defaults. Don’t worry I spent some time and have written the following PowerShell Script. I was asking in this forum to see if anyone had done the hard work for me, I was just being lazy. Thanks

# Connect to tenant

# Sets the MFA requirement state
function Set-MfaState {
    Process {
        Write-Verbose ("Setting MFA state for user '{0}' to '{1}'." -f $ObjectId, $State)
        $Requirements = @()
        if ($State -ne "Disabled") {
            $Requirement =
            $Requirement.RelyingParty = "*"
            $Requirement.State = $State
            $Requirements += $Requirement
        Set-MsolUser -ObjectId $ObjectId -UserPrincipalName $UserPrincipalName `
                     -StrongAuthenticationRequirements $Requirements
# Enable MFA for all users
Get-MsolUser -All | Set-MfaState -State Enabled

Feel free to use the above to enable per-user/legacy MFA for all user in office 365/Azure AD

Thanks, Isaac

That’s what I thought. And in my opinion there were scripts already available. Without digging too deep into the code … for example the function on this site looks promissing and a kind of similar to yours …

… but thanks for sharing anyway. :+1:t4: