Azure AD Multi-Factor Authentication (MFA) works by requiring two or more authentication methods for a user to gain access to applications.
Multi-factor authenticator in Azure AD can be set using different methods such as Microsoft Authenticator, Phone number, Email etc.
One of the easiest MFA methods that doesn't require any user configuration and can be configured in the backend is Phone Number.
With phone number as an authentication method, users can choose to receive a text message with a verification code to enter in the sign-in interface or receive a phone call.
To read more information about how Azure AD multi-factor authentication works, refer here
I was recently working a project for Frontline workers enable the MFA for all users and use the phone number as 2nd-factor authentication.
Updating the phone number for few users can be done using the Azure AD portal by visiting a user, go to the authentication method and add phone number.
If you want to update the phone numbers for bulk users, manual is not the way forward.we can use Powershell to automate the process of updating the phone number for all users.
We will use Microsoft Graph API to update the phone number (mobile) for all users using Powershell script.
The Powershell script does the following
1. Read the CSV file (UPN and phone number)
2. Check if the UPN exist or not , write to output log.
3.Check if the user has phone number exist (at least one).
4. If no phone number exist, update the phone number, write to output log
5.If the user has phone number exist, write to output log.
This script requires 2 modules to be installed, a) Microsoft Graph 2) Azure AD
output log:
Download the Powershell script which contains the CSV file and ps script from Github here.
4 Comments
Thanks. It works really well.
Sadly this script doesn't work
Getting below error after running the script.
User test.user8@oracle.com doesnt exist, please check
----------------Script ended at 09-01-2023-050120------------------
----------------Script started at 09-01-2023-050549------------------
Can you please help
can you check if the user exist? does the script for any user? are you able to fetech the users manually using the following script line?
Repalce: Get-AzureADUser -SearchString $upn
with:Get-AzureADUser -objectid $upn
Regards,
Eswar