Setting Users MFA phone number on the back end

Christian Hans
Christian Hans used Ask the Experts™
on
Is there a way to set an Office 365 users mobile device phone number into MFA prior to the user onboarding?

Get-msoluser -UserPrincipalName <userprincipalname> | Select-Object -ExpandProperty StrongAuthenticationUserDetails

ExtensionData          : System.Runtime.Serialization.ExtensionDataObject
AlternativePhoneNumber : +1 12398736545
Email                  :
OldPin                 :
PhoneNumber            : +1 1233258741
Pin                    :


Set the strongauthenticationuserdetails.phonenumber variable perhaps?

$user=Get-MsolUser -UserPrincipalName <UserPrincipalName> | select UserPrincipalName,StrongAuthenticationUserDetails
$user.strongauthenticationuserdetails.phonenumber

Set-MsolUser -UserPrincipalName <UserPrincipalName> -StrongAuthenticationUserDetails   ?
Set-MsolUser -UserPrincipalName <UserPrincipalName> -strongauthenticationuserdetails.phonenumber "+1 8001239876"



Thanks in advance.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Most Valuable Expert 2015
Distinguished Expert 2018
Commented:
You cannot do this via the method outlined above, as the property is set to read-only. The only possible workaround currently is to use the mobilephone/alternateemail properties as detailed here: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-authenticationdata

In the coming months, we should finally have an API that allows us to manage MFA programmatically, but for now the above is your only option.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial