Enable 2FA for O365 users

Use of 2FA is something everyone should use on all services in 2019. 2FA will stops a lot of the mayor attack that has happened the last month. Example from Norway is attack on Visma, Maersk, Hydro. I don’t say that 2FA will solve everything, but helps a lot with the work. Everyone that has O365 license has free 2FA, admin just need to enable it.

App Password is default allowed; this give no extra security when users can create static password for apps like Outlook, OneDrive etc. When App Password is disabled, you need to activate modern authentication to get apps to work.

Default is modern authentication not enabled in Exchange Online. Modern authentication cannot be enabled in O365 portal, just possible to do with PowerShell. Has created an example how you can do this under:

  1. Connect to Exchange Online PowerShell.
  2. Run the following: Set-OrganizationConfig -OAuth2ClientProfileEnabled $true
  3. Run the following to verify that modern authentication is enabled: Get-OrganizationConfig | Format-Table Name,OAuth* -Auto

Entire code together here:

# Setup PSSession to O365 (Step 1)
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session -DisableNameChecking

# Enable modern authentication (OAuth)(Step 2)
Set-OrganizationConfig -OAuth2ClientProfileEnabled $true

# Verify value for for modern authentication (OAuth)(Step 3)
Get-OrganizationConfig | Format-Table Name,OAuth* -Auto 

# Close PSSession
Remove-PSSession $Session

Leave a Reply