Using Powershell to update Azure authentication method – phone number

Azure AD Multi-Factor Authentication (MFA) works by requiring two or more authentication methods for a user to gain access to applications.

Multi-factor authenticator in Azure AD can be set using different methods such as Microsoft Authenticator, Phone number, Email  etc.

One of the easiest MFA methods that doesn't require any user configuration and can be configured in the backend is Phone Number.

With phone number as an authentication method, users can choose to receive a text message with a verification code to enter in the sign-in interface or receive a phone call.

To read more information about how Azure AD multi-factor authentication works, refer here

I was recently working a project for Frontline workers enable the MFA for all users and use the phone number as 2^nd-factor authentication.

Updating the phone number for few users can be done using the Azure AD portal by visiting a user, go to the authentication method and add phone number.

If you want to update the phone numbers for bulk users, manual is not the way forward.we can use Powershell to automate the process of updating the phone number for all users.

We will use Microsoft Graph API to update the phone number (mobile) for all users using Powershell script.

The Powershell script does the following

1. Read the CSV file (UPN and phone number)

2. Check if the UPN exist or not , write to output log.

3.Check if the user has phone number exist (at least one).

4. If no phone number exist, update the phone number, write to output log

5.If the user has phone number exist, write to output log.

This script requires 2 modules to be installed, a) Microsoft Graph 2) Azure AD

output log:

Download the Powershell script which contains the CSV file and ps script from Github here.

Reference https://learn.microsoft.com/en-us/powershell/module/microsoft.graph.identity.signins/new-mguserauthenticationphonemethod?view=graph-powershell-1.0