Question:
That title really flows.
When setting up computers for use with Azure Active Directory, we would have IT do initial setup and config. This included the first sign in and joining to Azure Active Directory. When signing in it forces you to select a verification method. We would use our desk phone or cell phone for ease.
The time has come for us to update that second factor phone number. I know of a way to manually do it via the Azure AD Web UI, but I am looking for a scripted way to set that number in PowerShell.
Here is how I retrieve the number via PowerShell.
|
1 2 |
Get-msoluser -UserPrincipalName "email@emailaddress.com" | Select-Object -ExpandProperty StrongAuthenticationUserDetails |
That code returns this info:
|
1 2 3 4 5 6 7 |
ExtensionData : System.Runtime.Serialization.ExtensionDataObject AlternativePhoneNumber : Email : OldPin : PhoneNumber : +1 5554445555 Pin : |
However, there seems to be no similar option for setting the StrongAuthenticationUserDetails.
All my searches just turned up how to bulk enable 2-factor authentication, which is not what I want to do. I want to leave the StrongAuthentication the same while only updating the phone number.
Answer:
As I said in comment, it appears there is read-only access for powershell.
There is even opened ticket for that on Azure feedback.
There is a plan to do it, but no ETA. My guess is that you will have to wait if you want to use powershell only.
As workaround, you could use powershell & watir for .NET OR Watin with Watin recorder to automatize it via Internet Explorer. As I don’t have a testing Azure; I can not create workable code for you.
Using Watin and powershell – you could check: https://cmille19.wordpress.com/2009/09/01/internet-explorer-automation-with-watin/
The following text and code, I wanted to backup it here, was taken from the above page (all credits to the author):
Next click the record button and click the HTML element you want to
automate. Then stop the WatIN recorder and click copy code to
clipboard icon. This will produce some C# code that just needs to be
translated into PowerShell:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
// Windows WatiN.Core.IE window = new WatiN.Core.IE(); // Frames Frame frame_sd_scoreboard = window.Frame(Find.ByName("sd") && Find.ByName("scoreboard")); // Model Element __imgBtn0_button = frame_sd_scoreboard.Element(Find.ByName("imgBtn0_button")); // Code __imgBtn0_button.Click(); window.Dispose(); |
So, I now know the name of the button and that it is 3 frames deep. A
little WatIN object exploration later, I came up with the follow
script, which clicks a button every 50 mintues.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
#Requires -version 2.0 #powershell.exe -STA [Reflection.Assembly]::LoadFrom( "$ProfileDirLibrariesWatiN.Core.dll" ) | out-null $ie = new-object WatiN.Core.IE("https://sd.acme.com/CAisd/pdmweb.exe") $scoreboard = $ie.frames | foreach {$_.frames } | where {$_.name –eq ‘sd’} | foreach {$_.frames } | where {$_.name –eq ‘scoreboard’} $button = $scoreboard.Element("imgBtn0_button") while ($true) { $button.Click() #Sleep for 50 minutes [System.Threading.Thread]::Sleep(3000000) } |