Profile photo of Ingólfur Arnar Stangeland

How to administer AzureAD, O365 and Skype for Business using PowerShell and Multi-Factor Authentication

Azure Active DirectoryPreviously, support for MFA in O365/AzureAD/Skype/Sharepoint was limited to Office applications that supported it and browser-based administration of O365/Azure.

This changes with version 1.1 of the Azure AD PowerShell module released earlier this month which provides support for MFA.


The steps to enable it are as follows:

  1. Enable MFA on the various tenants ()
  2. Download the latest AzureAD PowerShell modules that provide support for MFA (v 1.1 released 15. August 2016)
  3. Make sure you have the correct mobile phone number, alternate email and/or authenticator app installed (you typically want to have more than one MFA option available)
  4. Enable MFA on the user you want to protect with MFA
  5. Instruct the user to go to to verify their MFA settings (and SSPR if applicable)

Note: There are still some aspects in the Windows OS that are still not really aware of MFA, particulartly the Domain Join functionality.  If have enabled MFA on the account you’re using for the domain join operation and you receive an erroneous “Incorrect Password” error (i.e. code 0x52e in the NetSetup.log debug log)  during a domain join (and assuming you are actually typing in the correct password) then you may need to revert back to using a separate non-MFA account – at least for the domain join operation.

Default MFA settings:

The Office 365 tenant/resource host (Exchange Online, SharePoint Online and Skype for Business Online) will need to be configured to accept a modern authentication connection.
Here is the per service state of modern authentication by default :

  • Exchange Online – OFF by default.
  • SharePoint Online – ON by default.
  • Skype for Business Online – OFF by default.

Once you have MFA enabled and the new version of the AAD PS module installed you should be able to go through the additional MFA verification steps after logon:MFA


Azure Active Directory PowerShell with Modern Authentication

Download Details: Azure Active Directory Connection

Azure AD PowerShell: Public Preview of support for Azure MFA + new Device Management Commands

Azure AD PowerShell: Public Preview of support for Azure MFA + new Device Management Commands

How to install and configure Azure PowerShell

Skype for Business Online: Enable your tenant for modern authentication

Exchange Online: How to enable your tenant for modern authentication

The sign in experience with Azure Multi-Factor Authentication

Remote Desktop Gateway and Azure Multi-Factor Authentication Server using RADIUS

What are App Passwords in Azure Multi-Factor Authentication?


Profile photo of Ingólfur Arnar Stangeland

Predicting the future with Powershell and Mathemagic

Have you ever had the pleasure of being awoken in the middle of the night by a low disk space alert on one of your business-critical LOB systems?

Did you ever wish for a more proactive method for catching this than waiting for the yellow/red alerts to go “ping!”?

I know I did, so I sat down and played math for a couple of hours and then applied the result using Powershell and a scheduled task.  The result is a configurable script that sends you an email alert when the sustained disk consumption on the system is estimated to consume all freespace on one of the disks within the set amount of time you specify (by default 30 Days).

Download ChkBurn 0.8 – modify all references to Contoso to fit your domain.

Sample output:


Profile photo of Ingólfur Arnar Stangeland

Powershell parsing of archived event logs


You want to find specific events from multiple archived event logs.

I wonder why he put a gorilla picture in here?

I wonder why he put a gorilla picture in here?


EventScrape.ps1 – uses Powershell Get-WinEvent to parse offline event logs and sort them into chronological order.

# *App* is targeting archived Application logs – change to suit your needs
Get-ChildItem -include *App*.evt,*App*.evtx -Path E:\EventLogs\Winevt\logs\ -recurse |

ForEach-Object {“Parsing $($_.fullname)`r`n”

Try {

$TotalSearch+=Get-WinEvent -FilterHashtable @{

#StartTime=”1/14/2011″ ; #in case you want to limit the search to a certain time range
} -EA Stop
$TotalSearch+=Get-WinEvent -FilterHashtable @{

#StartTime=”1/14/2011″ ; #in case you want to limit the search to a certain time range
} -EA Stop

} Catch [System.Exception] {“Done”}}

$TotalSearch| sort-object TimeCreated|fl|out-file “BackPressure.txt”
$searchCSV=$TotalSearch| sort-object TimeCreated|convertto-csv -useculture
$searchCSV|out-file “SearchCSV.csv”

gc .\BackPressure.txt |select-string “resource pressure” -context 5,7 |out-file Presures.txt
invoke-item .\Presures.txt



Use PowerShell to Parse Saved Event Logs for Errors