将 Msol Powershell 转换为 Azure Powershell

Question

I need some help with Azure powershell as i know very little about powershell,Any help would be much appreciated. (this will be used in Azure Runbook check for people who register for MFA and add them to a group for conditional access)

I would like to convert this Msol Powershell script to Azure powershell

#get group
$group = get-msolgroup - <groupIDnumber>

#get all users with stronge authentication 
$users = get-msoluser -all | select userprincipalname,objectid,StrongAuthenticationMethods
  | where {$_.StrongAuthenticationMethods -ne $null}

#add users to group
$users | foreach {
    add-msolgroupmember -groupobjectid $group.objectid -groupmembertype "user" -groupmemberobjectid $_.objectid
}

So far i have

$group = get-AzureADgroup -objectid <groupidnumber>

Answer 1

Check the commands in the latest AzureAD module.

https://docs.microsoft.com/en-us/powershell/module/azuread/

I believe the cmdlet structure are the same you just need to change msol with AzureAD

Answer 2

From what I see, there's no way to get the StrongAuthenticationMethods property (or its equivalent) with the AzureAD cmdlets. There's a long standing request to add this: https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/20249953-powershell-and-graph-api-support-for-managing-mult?page=1&per_page=20

You can get a user's authentication methods from the Microsoft Graph API at https://graph.microsoft.com/beta/users/{id}/authentication/methods . See https://docs.microsoft.com/en-us/graph/api/resources/authenticationmethod?view=graph-rest-beta

But if really you just want to add these users to a conditional access group, can you just create a conditional access policy instead? See https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-azure-mfa