0
Is is possible to get/set Authentication Phone via Powershell? I found some old documentation that says this is possible via the old MSOnline module but I cannot find anything in the new AzureAD module.
Old Property: StrongAuthenticationUserDetails
MSOnline Doc
ExceptionLimeCat
Posted 2019-10-22T15:26:22.077
Reputation: 189
0
It is indeed, though it's important to note that the AzureAD module has not matured enough to replace the MSOnline (Msol) module altogether, yet.
To install the module please see later part of this page:
https://docs.microsoft.com/en-us/office365/enterprise/powershell/connect-to-office-365-powershell
You need to create a StrongAuthenticationMethod object and use the Set-MsolUser cmdlet as follows:
I've written this script which contains all four strong authentication methods. Adjust as required.
# Check Msol module installed and imported
If ((Get-Module -Name MSOnline)[0] -eq $null) {
Install-Module -Name MSOnline -Force -AllowClobber
}
else
{
Import-Module -Name MSOnline
}
# Popup login page if not logged in
Connect-MsolService
# Define variables (or adjust script to read from data source and loop)
$UserPrincipalName = "youruser@yourcorp.com"
$MobileNumber = "+01 234 567 890"
$AlternateMobiles = @("+02 345 678 901", "+03 456 789 012")
# Create new SAM objects
<#
Supported SAM types:
OneWaySMS - Text code sent to mobile
PhoneAppOTP - Authenticator code
PhoneAppNotification - Push notification
TwoWayVoiceMobile - Phone call
Note: Probably not able to use the App methods unless enrolled
#>
$SAM1 = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationMethod
$SAM2 = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationMethod
$SAM3 = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationMethod
$SAM4 = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationMethod
# Configure as required
$SAM1.IsDefault = $true # <<<< Is default method
$SAM1.MethodType = "OneWaySMS"
$SAM2.IsDefault = $false
$SAM2.MethodType = "PhoneAppOTP"
$SAM3.IsDefault = $false
$SAM3.MethodType = "PhoneAppNotification"
$SAM4.IsDefault = $false
$SAM4.MethodType = "TwoWayVoiceMobile"
$SAMethods = @($SAM1, $SAM2, $SAM3, $SAM4)
Set-MsolUser -UserPrincipalName $UserPrincipalName -StrongAuthenticationMethods $SAMethods `
-MobilePhone $MobileNumber -AlternateMobilePhones $AlternateMobiles
Architect Jamie
Posted 2019-10-22T15:26:22.077
Reputation: 116
0
Using below code, you can get a list of MFA enabled users with Authentication Phone number.
$Result=""
$Results=@()
Get-MsolUser -All | where{$_.StrongAuthenticationRequirements.State -ne ""}
| foreach{
$DisplayName=$_.DisplayName
$MFAPhone=$_.StrongAuthenticationUserDetails.PhoneNumber
$Result=@{'DisplayName'=$DisplayName;'MFAPhone'=$MFAPhone}
$Results= New-Object PSObject -Property $Result
$Results | Select-Object DisplayName,MFAPhone | Export-CSV <FilePath> -Append -NoType
}
Else, you can try below PowerShell script.
https://o365reports.com/2019/05/09/export-office-365-users-mfa-status-csv/
Kathy Cooper
Posted 2019-10-22T15:26:22.077
Reputation: 53
were you able to run the MSOnline commands? I installed MSOnline module but still received the 'cmdlet not found' message on the commands in that module. – ExceptionLimeCat – 2019-10-23T20:12:53.207
After installing MSOnline Module, you need to import MSOnline cmdlets using below cmd-let
Import-Module Msonline – Kathy Cooper – 2019-10-29T07:49:45.723
I was able to run the MSOnline commands but did not return any data for myself even though I am enrolled in two-factor authentication. – ExceptionLimeCat – 2019-10-29T21:43:09.580
I am wondering if the StrongAuthenticationUserDetails property is still supported. – ExceptionLimeCat – 2019-10-29T21:52:35.353
Were you able to run the MSOnline commands? I installed MSOnline module but still received the 'cmdlet not found' message on the commands in that module. – ExceptionLimeCat – 2019-10-24T16:32:59.067
Yes. If you run
– Architect Jamie – 2019-10-24T17:03:03.573Get-Command -Module MSOnlinedo you get any results back?Install-Module -Name MSOnline -Force -AllowClobbershould install the module for you if you get nothing back. See this page https://docs.microsoft.com/en-us/office365/enterprise/powershell/connect-to-office-365-powershell for detailed instructions and requirements.