Set-AdfsAzureMfaTenant
Enables an AD FS farm to use MFA.
Syntax
Set-AdfsAzureMfaTenant
-TenantId <String>
-ClientId <String>
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
The Set-AdfsAzureMfaTenant cmdlet enables an Active Directory Federation Services (AD FS) farm to use Azure Multi-Factor Authentication (MFA) after a certificate has been created and registered in the Microsoft Entra tenant.
Examples
Example 1: Enable Azure MFA
PS C:\> $certbase64 = New-AdfsAzureMfaTenantCertificate -TenantID <your tenant ID>
PS C:\> New-MsolServicePrincipalCredential -AppPrincipalId 981f26a1-7f43-403b-a875-f8b09b8cd720 -Type asymmetric -Usage verify -Value $certBase64
PS C:\> Set-AdfsAzureMfaTenant -TenantId <your tenant ID> -ClientId 981f26a1-7f43-403b-a875-f8b09b8cd720
This command creates a certificate for Azure MFA, registers it in the tenant, and enables Azure MFA on the AD FS farm.
Example 2: Determine which certificate Azure MFA is using
$CertInBase64 = New-AdfsAzureMfaTenantCertificate -TenantID <your tenant ID>
[Security.Cryptography.X509Certificates.X509Certificate2]([System.Convert]::FromBase64String($CertInBase64))
After AD FS has been configured for Azure MFA, this command determines which certificate Azure MFA is using and when it expires.
Parameters
-ClientId
Specifies the well-known ID of the Azure MFA application in Microsoft Entra ID.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | False |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-TenantId
Specifies the GUID representation of a Microsoft Entra tenant ID. This can be found in the URL bar of the Microsoft Entra admin center, as in this example:
https://manage.windowsazure.com/contoso.onmicrosoft.com#Workspaces/ActiveDirectoryExtension/Directory/\<tenantID_GUID\>/directoryQuickStart
You can also use the Login-AzureRmAccount cmdlet that is part of the Azure PowerShell module to get the tenant ID.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | False |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Related Links
Commentaires
https://aka.ms/ContentUserFeedback.
Bientôt disponible : Tout au long de 2024, nous allons supprimer progressivement GitHub Issues comme mécanisme de commentaires pour le contenu et le remplacer par un nouveau système de commentaires. Pour plus d’informations, consultezEnvoyer et afficher des commentaires pour