I need some help with Azure powershell as i know very little about powershell,Any help would be much appreciated. (this will be used in Azure Runbook check for people who register for MFA and add them to a group for conditional access)
I would like to convert this Msol Powershell script to Azure powershell
#get group
$group = get-msolgroup - <groupIDnumber>
#get all users with stronge authentication
$users = get-msoluser -all | select userprincipalname,objectid,StrongAuthenticationMethods
| where {$_.StrongAuthenticationMethods -ne $null}
#add users to group
$users | foreach {
add-msolgroupmember -groupobjectid $group.objectid -groupmembertype "user" -groupmemberobjectid $_.objectid
}
So far i have
$group = get-AzureADgroup -objectid <groupidnumber>
Check the commands in the latest AzureAD module.
https://docs.microsoft.com/en-us/powershell/module/azuread/
I believe the cmdlet structure are the same you just need to change msol
with AzureAD
From what I see, there's no way to get the StrongAuthenticationMethods property (or its equivalent) with the AzureAD cmdlets. There's a long standing request to add this: https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/20249953-powershell-and-graph-api-support-for-managing-mult?page=1&per_page=20
You can get a user's authentication methods from the Microsoft Graph API at https://graph.microsoft.com/beta/users/{id}/authentication/methods . See https://docs.microsoft.com/en-us/graph/api/resources/authenticationmethod?view=graph-rest-beta
But if really you just want to add these users to a conditional access group, can you just create a conditional access policy instead? See https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-azure-mfa
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.