Setting StrongAuthenticationUserDetails PhoneNumber for AzureAD via Powershell?

Question

That title really flows.

When setting up computers for use with Azure Active Directory, we would have IT do initial setup and config. This included the first sign in and joining to Azure Active Directory. When signing in it forces you to select a verification method. We would use our desk phone or cell phone for ease.

The time has come for us to update that second factor phone number. I know of a way to manually do it via the Azure AD Web UI, but I am looking for a scripted way to set that number in PowerShell.

Here is how I retrieve the number via PowerShell.

Get-msoluser -UserPrincipalName "[email protected]" | Select-Object -ExpandProperty StrongAuthenticationUserDetails

That code returns this info:

ExtensionData                     : System.Runtime.Serialization.ExtensionDataObject
AlternativePhoneNumber            :
Email                             :
OldPin                            :
PhoneNumber                       : +1 5554445555
Pin                               :

However, there seems to be no similar option for setting the StrongAuthenticationUserDetails.

All my searches just turned up how to bulk enable 2-factor authentication, which is not what I want to do. I want to leave the StrongAuthentication the same while only updating the phone number.

Answer 1

As I said in comment, it appears there is read-only access for powershell.

There is even opened ticket for that on Azure feedback.

There is a plan to do it, but no ETA. My guess is that you will have to wait if you want to use powershell only.

As workaround, you could use powershell & watir for .NET OR Watin with Watin recorder to automatize it via Internet Explorer. As I don't have a testing Azure; I can not create workable code for you.

Using Watin and powershell - you could check: https://cmille19.wordpress.com/2009/09/01/internet-explorer-automation-with-watin/

The following text and code, I wanted to backup it here, was taken from the above page (all credits to the author):

Next click the record button and click the HTML element you want to automate. Then stop the WatIN recorder and click copy code to clipboard icon. This will produce some C# code that just needs to be translated into PowerShell:

// Windows
WatiN.Core.IE window = new WatiN.Core.IE();

// Frames
Frame frame_sd_scoreboard = window.Frame(Find.ByName("sd") && Find.ByName("scoreboard"));

// Model
Element __imgBtn0_button = frame_sd_scoreboard.Element(Find.ByName("imgBtn0_button"));

// Code
__imgBtn0_button.Click();
window.Dispose();

So, I now know the name of the button and that it is 3 frames deep. A little WatIN object exploration later, I came up with the follow script, which clicks a button every 50 mintues.

#Requires -version 2.0
#powershell.exe -STA

[Reflection.Assembly]::LoadFrom( "$ProfileDirLibrariesWatiN.Core.dll" ) | out-null
$ie = new-object WatiN.Core.IE("https://sd.acme.com/CAisd/pdmweb.exe")
$scoreboard  = $ie.frames | foreach {$_.frames } | where {$_.name –eq ‘sd’} |  foreach {$_.frames } | where {$_.name –eq ‘scoreboard’}
$button = $scoreboard.Element("imgBtn0_button")

while ($true)
{
    $button.Click()
    #Sleep for 50 minutes
    [System.Threading.Thread]::Sleep(3000000)
}