Automatic transfer of users' phone numbers from 'Active Directory on-premises' to MFA field in Azure Active Directory
In my organization we're running a kind of hybrid environment - we use both Active Directory on-premises and Azure AD. We'd like to use MFA functionality in AAD and enter employee phone numbers in 'Authentication method' HERE Employees phone numbers are already present on users' cards in AD on-premises (General or Telephones tab). HERE
Therefore, I have the following questions:
- Does anyone know a way to automatically transfer data from AD on-premises to the appropriate MFA field in AAD? Via Power Automate, Powershell, whatever - the technology doesn't matter, the point is not to manually flip the data :)
- If there is no chance to transfer such data from AD on-premises, maybe there is an option to treat creating a new user's account as a trigger to the action of copying his/her number from this field: Phone number on general tab - for example to MFA here
I'd be incredibly grateful - for any advice :)
If you have any ideas other than Microsoft.Graph.Identity.Signins
https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userdevicesettings
which unfortunately didn't work in this case, that would be awesome :)
Automatic transfer of users' phone numbers from 'Active Directory on-premises' to MFA field in Azure Active Directory
As per MS DOC it is not possible do directly sync the Authentication contact information from On-Prem AD to Azure AD, as these attributes are cloud only attributes, Follow the Authentication contact info
In order to update the On-prem users phone number to Azure AD Authentication method.you can follow below steps.
Export On-prem AD user details to CSV file using below powershell code.
Import-Module ActiveDirectory Get-ADUser -Filter * -Properties * | Select-Object Name, SamAccountName, EmailAddress, Description | Export-Csv -Path C:\Users.csv -NoTypeInformation
Output:
Once export the user details, you can use below powershell code to update Authentication contact information to Azure AD.
Install-Module Microsoft.Graph -Force
connect-graph -Scopes @("UserAuthenticationMethod.Read.All";"UserAuthenticationMethod.ReadWrite.All")
$inputfile = "/home/mt/EnableMFA.csv"
$data=Import-Csv -Path $inputfile
foreach ($user in $data)
{
$upn = $user.upn
$phone = $user.phonenumber
try
{
New-MgUserAuthenticationPhoneMethod -UserId $upn -PhoneNumber $phone -PhoneType "mobile"
Write-Host "Phone number $phone updated successfully for user $upn."
}
catch
{
Write-Host "Error updating phone number $phone for user $upn"
}
}
Output:
Once ran the above code Phone numbers are updated in Azure AD.
- Access Sharepoint Online Files from .NET Worker Service via Microsoft Graph/OAuth - Unauthorized or Access Denied error (401)
- Get-RemoteDomain in powershell exchange online error : The term 'Get-RemoteDomain' is not recognized as the name of a cmdlet
- Is there a query to run so I can get a list of users who has NOT logged in, in the past 30 days?
- Azure Storage accounts container public access level has dissabled
- How to get "exp" from jwt token and compare with it current time to check if token is expired
- How to refresh client assertion in ConfidentialClientApplication?
- Enforce MFA for specific API called from SPFx via AADTokenProvider (Even with SPO MFA)
- How to extract TLS 1.X of all app services/web app running Azure
- Why Can't I See Roles Assigned to an App Registration in Azure?
- Connect C# ASP.NET Core web app to Microsoft Graph calendar
- Is there a way to find out all users of a particular group in AzureAD?
- MSAL Redirect on Failure AADSTS50105
- Microsoft Power BI REST API PowerBINotAuthorizedException
- AzureAD SAML SSO through AWS Cognito - doesn't match requested authentication method
- How to get username after logged in?.I am trying with MSAL (@azure/msal-angular) for Azure Signin
- Display all the user's files using Microsoft Graph API not working
- Get Access Token from Microsoft Graph for ClientId with delegated permissions
- How to call Microsoft Graph API from ASP.NET Core Web API that is called by SPA
- add-kdsrootkey error the request is not supported
- AADSTS50011: The redirect URI http does not match the redirect URIs
- Access Token Issuer from Azure AD is sts.windows.net Instead Of login.microsoftonline.com
- Getting user data through an Azure AD OAuth login - React Native Expo App
- HTTP request to update Service Principal Entra
- on-behalf-of flow, getting error AADSTS50013 while acquiring obo token
- Azure AD B2C Password Reset
- ASP.NET Core 5 WebAPI - Azure AD - Call Graph API Using Azure Ad Access Token
- Programmatically Assign Exchange Roles to a Group in Azure AD using Microsoft Graph API
- "AADSTS900144: The request body must contain the following parameter: 'grant_type'.?
- Signature validation of my Azure access-token, Private-key?
- Entra ID OIDC Failed Auth Attempt Logs