The script enables MFA in Microsoft 365 for the target user with phone number applied. It can be used in a business rule, custom command or scheduled task configured for the User object type.
To use the script, install Microsoft.Graph on the computer where Adaxes service runs.
Parameters:
- $phoneType - specifies the phone type for multi-factor authentication.
- $phoneNumberProperty - specifies the name of the property containing the required phone number. The name of the property should be as it is in the directory schema.
PowerShell
$phoneType = "mobile" # TODO: modify me
$phoneNumberPropertyName = "telephoneNumber" # TODO: modify me
# Get phone number
try
{
$phoneNumber = $Context.TargetObject.Get($phoneNumberPropertyName)
}
catch
{
$Context.LogMessage("Phone number is not specified", "Warning")
return
}
if ($NULL -eq $Context.TargetObject.AzureId)
{
$Context.LogMessage("The user doesn't have an account in Microsoft 365", "Warning")
return
}
try
{
# Connect to Microsoft Graph
$token = $Context.CloudServices.GetAzureAuthAccessToken("https://graph.microsoft.com")
$token = $token | ConvertTo-SecureString -AsPlainText -Force
Connect-MgGraph -AccessToken $token
# Enable the authentication method
try
{
New-MgUserAuthenticationPhoneMethod -UserId $Context.TargetObject.AzureId -PhoneType $phoneType -PhoneNumber $phoneNumber -ErrorAction Stop
}
catch
{
throw $_.Exception
}
}
finally
{
# Release resources
Disconnect-MgGraph
}