Table of contents
TLS
TOC
Collapse the table of content
Expand the table of content

Set-AdfsAzureMfaTenant

Brian Lich|Last Updated: 3/8/2017

SYNOPSIS

Enables an AD FS farm to use MFA.

SYNTAX

Set-AdfsAzureMfaTenant -TenantId <String> -ClientId <String> [-WhatIf] [-Confirm] [<CommonParameters>]

DESCRIPTION

The Set-AdfsAzureMfaTenant cmdlet enables an Active Directory Federation Services (AD FS) farm to use Azure Multi-Factor Authentication (MFA) after a certificate has been created and registered in the Azure Active Directory (AD) tenant.

EXAMPLES

Example 1: Enable Azure MFA

PS C:\> $certbase64 = New-AdfsAzureMfaTenantCertificate -TenantID <your tenant ID>
PS C:\> New-MsolServicePrincipalCredential -AppPrincipalId 981f26a1-7f43-403b-a875-f8b09b8cd720 -Type asymmetric -Usage verify -Value $certBase64
PS C:\> Set-AdfsAzureMfaTenant -TenantId <your tenant ID> -ClientId 981f26a1-7f43-403b-a875-f8b09b8cd720

This command creates a certificate for Azure MFA, registers it in the tenant, and enables Azure MFA on the AD FS farm.

Example 2: Determine the Azure MFA certificate

PS C:\> New-AdfsAzureMfaTenantCertificate -TenantID <your tenant ID> -out-file amfacert.cer

This command determines which certificate Azure MFA is using, after AD FS has been configured for Azure MFA using the previous example.

PARAMETERS

-ClientId

Specifies the well-known ID of the Azure MFA application in Azure AD.

Type: String
Parameter Sets: (All)
Aliases: 

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type: SwitchParameter
Parameter Sets: (All)
Aliases: cf

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-TenantId

Specifies the GUID representation of an Azure AD tenant ID. This can be found in the URL bar of the Azure AD portal, as in this example:

https://manage.windowsazure.com/contoso.onmicrosoft.com#Workspaces/ActiveDirectoryExtension/Directory/\<tenantID_GUID\>/directoryQuickStart

You can also use the Login-AzureRmAccount cmdlet that is part of the Azure PowerShell module to get the tenant ID.

Type: String
Parameter Sets: (All)
Aliases: 

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type: SwitchParameter
Parameter Sets: (All)
Aliases: wi

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

OUTPUTS

NOTES

New-AdfsAzureMfaTenantCertificate

© 2017 Microsoft