Can Azure MFA be managed through Adaxes

Question

We utilize Azure AD as well as Azure MFA for our VPN and we have instances where the MFA needs to be reset (essentially revoked then require to re-register). This link shows basically what we need to do.

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userdevicesettings

Currently only our sysadmins can do this, but we would like to extend this to our Helpdesk techs which unfortunately requires giving full access to Azure AD. We would like to leverage Adaxes for this, but not sure if it is possible or how it would be done.

Answer 1

Hello,

It can be done using the Reset MFA script from the following article in our repository: https://www.adaxes.com/script-repository/enabledisable-multi-factor-authentication-for-a-user-in-office-365-s544.htm.

Comments

Thank you. Do we need to modify this script in any way or customize for our company? I am assuming it pulls the credentials from the service account automatically to access 0365 and "adm-O365ObjectId" will grab the username automatically?

---

Hello,

You are right, there is no need to modify the script.

---

Apologies for all the additional questions, do I need to register the 0365 Tenant for this or do I just need to install the Microsoft Azure Active Directory Module.

Was looking at this documentation and it looks to be way more than we need for what we are trying to do.

https://www.adaxes.com/tutorials_ActiveDirectoryManagement_ManageAndAutomateOffice365.htm#automation

---

Hello,

Apologies for all the additional questions, do I need to register the 0365 Tenant for this or do I just need to install the Microsoft Azure Active Directory Module.

The Office 365 tenant should be registered in Adaxes and associated with the users the Custom Command is supposed to be executed on.

Was looking at this documentation and it looks to be way more than we need for what we are trying to do.

Unfortunately, the approach described in the tutorial cannot be used for managing Office 365 MFA. Currently, in Adaxes it can be done only using PowerShell scripts. If you need to delegate permissions to execute specific scripts, the scripts should be specified in Custom Commands and the delegates should have permissions to execute the commands. For information on how to delegate the permissions, please, have a look at the following tutorial: https://www.adaxes.com/tutorials_DelegatingPermissions_GrantRightsToExecuteCustomCommands.htm.

---

So the tenant does need to be registered, but how it is done is different from the online documentation? What would be the procedure for my purposes?

---

Hello,

The tenant needs to be registered as described in the Manage and Automate Office 365 tutorial. The data specified during tenants registration is used by Adaxes for interaction with Office 365. The scripts from the Manage multi-factor authentication for a user in Office 365 page use the same data.

To manage MFA via Adaxes, you will need to register your tenant in Adaxes, install Microsoft Azure Active Directory Module on the computers where Adaxes service runs, add the scripts from our repository to the relevant Custom Commands, grant permissions to execute the commands over the necessary users.