Set-Adfs Azure Mfa Tenant

Enables an AD FS farm to use MFA.

Syntax

Set-AdfsAzureMfaTenant
   -TenantId <String>
   -ClientId <String>
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The Set-AdfsAzureMfaTenant cmdlet enables an Active Directory Federation Services (AD FS) farm to use Azure Multi-Factor Authentication (MFA) after a certificate has been created and registered in the Azure Active Directory (AD) tenant.

Examples

Example 1: Enable Azure MFA

PS C:\> $certbase64 = New-AdfsAzureMfaTenantCertificate -TenantID <your tenant ID>
PS C:\> New-MsolServicePrincipalCredential -AppPrincipalId 981f26a1-7f43-403b-a875-f8b09b8cd720 -Type asymmetric -Usage verify -Value $certBase64
PS C:\> Set-AdfsAzureMfaTenant -TenantId <your tenant ID> -ClientId 981f26a1-7f43-403b-a875-f8b09b8cd720

This command creates a certificate for Azure MFA, registers it in the tenant, and enables Azure MFA on the AD FS farm.

Example 2: Determine the Azure MFA certificate

PS C:\> New-AdfsAzureMfaTenantCertificate -TenantID <your tenant ID> -out-file amfacert.cer

This command determines which certificate Azure MFA is using, after AD FS has been configured for Azure MFA using the previous example.

Required Parameters

-ClientId

Specifies the well-known ID of the Azure MFA application in Azure AD.

Type: String
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-TenantId

Specifies the GUID representation of an Azure AD tenant ID. This can be found in the URL bar of the Azure AD portal, as in this example:

https://manage.windowsazure.com/contoso.onmicrosoft.com#Workspaces/ActiveDirectoryExtension/Directory/\<tenantID_GUID\>/directoryQuickStart

You can also use the Login-AzureRmAccount cmdlet that is part of the Azure PowerShell module to get the tenant ID.

Type: String
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

Optional Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type: SwitchParameter
Aliases: cf
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type: SwitchParameter
Aliases: wi
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False