We can perform all activities thru SharePoint admin center. But Powershell has more features and is very effective for code lovers. First, install SharePoint Online Management Shell 64-bit on your PC and install the SPO modules using below commands.
(Note: use -Force parameter to install new version if old version already exists).
Install-Module -Name Microsoft.Online.SharePoint.PowerShell -Force
Install-Module SharePointPnPPowerShellOnline
Below is the default syntax. We can pick required parameters.
(Note: You must be a SharePoint Online global administrator to run the cmdlet).
The below customized Powershell cmdlet as per our requirement.
Install-Module -Name Microsoft.Online.SharePoint.PowerShell -Force
Install-Module SharePointPnPPowerShellOnline
Prefer to use Run ISE as Administrator
Connect to SPO admin center.
Below is the default syntax. We can pick required parameters.
(Note: You must be a SharePoint Online global administrator to run the cmdlet).
Connect-SPOService
-AuthenticationUrl <String>
[-ClientTag <String>]
[-Credential <CredentialCmdletPipeBind>]
[-Region <AADCrossTenantAuthenticationLocation>]
-Url <UrlCmdletPipeBind>
[<CommonParameters>]
The below customized Powershell cmdlet as per our requirement.
Connect-SPOService -Url https://gurram-admin.sharepoint.com -credential gvr@gurram.onmicrosoft.com
Enter the credentials and click OK to connect.
Enter the credentials and click OK to connect.
Sometimes, it might show error message (as shown below).
In that case, just use Connect-SPOService or use Connect-SPOService -Url https://gurram-admin.sharepoint.com , enter the URL /credentials in the prompted window. You are Connected.
With MFA enabled, once you run the above cmdlet and enter credentials, you will get below message and approve notification to MSFT Authenticator app on your mobile.
Approve on mobile, you are Connected.
_________________________________________________
For MFA (Multi Factor Authentication)
To active MFA, go to https://portal.azure.com >> Azure Active Directory >> MFA (under Security) >> Click on Activate (will take a while to get activated).
You will see the below Notification once successfully activated.
Go back to Azure Active Directory >> MFA (under Security), click on Additional cloud-based MFA settings.
Days before a device must re-authenticate (1-60): This is an awesome feature to enable saving users from too many requests.
select the required settings and click on Save, and Close.
Go to https://portal.azure.com >> Intune App Protection >> App Protection policies, Created two policies for Android and iOS devices.
Go to M365 Device Management >> Conditional Access >> Policies. Create new Policy or enable existing.
Enabled End user protection policy and Require MFA for Admins policies.
____________________________________________
Add account in Microsoft Authenticator app
Note: Once MFA is enabled for first time, you can skip to register for 14 days.
1. Open MS Teams web client and enter your credentials. You will see a message as shown below. Click Next,
Select Receive notifications for verification under Mobile app, Click Set up
Follow Instructions 1, 2, 3 on this screen.
Install Microsoft Authenticator app on your mobile. Click + on the right-top corner and choose "Work or school account"
Once Verification successful, Click on Done.
With MFA enabled, once you login into any M365 apps, you will get below message and approve notification to MSFT Authenticator app on your mobile.
As we enabled Days before a device must re-authenticate (1-60): 10, if you check the box (as shown above), you will not see this Notification for another 10 days.
No comments:
Post a Comment