是否可以通过 Powershell 获取/设置身份验证电话?我发现一些旧文档说这可以通过旧的 MSOnline 模块实现,但我在新的 AzureAD 模块中找不到任何东西。
旧房产:StrongAuthenticationUserDetails
MSOnline 文档
答案1
使用以下代码,您可以获得具有身份验证电话号码的 MFA 启用用户列表。
$Result=""
$Results=@()
Get-MsolUser -All | where{$_.StrongAuthenticationRequirements.State -ne ""}
| foreach{
$DisplayName=$_.DisplayName
$MFAPhone=$_.StrongAuthenticationUserDetails.PhoneNumber
$Result=@{'DisplayName'=$DisplayName;'MFAPhone'=$MFAPhone}
$Results= New-Object PSObject -Property $Result
$Results | Select-Object DisplayName,MFAPhone | Export-CSV <FilePath> -Append -NoType
}
否则,您可以尝试下面的 PowerShell 脚本。
https://o365reports.com/2019/05/09/export-office-365-users-mfa-status-csv/
答案2
稍微重写一下Kathy 的回答
Get-MsolUser -All | where{
$_.StrongAuthenticationRequirements.State -ne ""
} | Select DisplayName,@{Name="MFAPhone";Expression={$_.StrongAuthenticationUserDetails.PhoneNumber}} | Export-CSV -NoType <Filename>
答案3
确实如此,但需要注意的是,AzureAD 模块还不够成熟,无法代替尚未完全包含 MSOnline (Msol) 模块。
要安装该模块,请参阅本页后面的部分:
https://docs.microsoft.com/en-us/office365/enterprise/powershell/connect-to-office-365-powershell
您需要创建一个强认证方法对象并使用Set-MsolUser
cmdlet,如下所示:
我编写了这个脚本,其中包含所有四种强身份验证方法。请根据需要进行调整。
# Check Msol module installed and imported
If ((Get-Module -Name MSOnline)[0] -eq $null) {
Install-Module -Name MSOnline -Force -AllowClobber
}
else
{
Import-Module -Name MSOnline
}
# Popup login page if not logged in
Connect-MsolService
# Define variables (or adjust script to read from data source and loop)
$UserPrincipalName = "[email protected]"
$MobileNumber = "+01 234 567 890"
$AlternateMobiles = @("+02 345 678 901", "+03 456 789 012")
# Create new SAM objects
<#
Supported SAM types:
OneWaySMS - Text code sent to mobile
PhoneAppOTP - Authenticator code
PhoneAppNotification - Push notification
TwoWayVoiceMobile - Phone call
Note: Probably not able to use the App methods unless enrolled
#>
$SAM1 = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationMethod
$SAM2 = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationMethod
$SAM3 = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationMethod
$SAM4 = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationMethod
# Configure as required
$SAM1.IsDefault = $true # <<<< Is default method
$SAM1.MethodType = "OneWaySMS"
$SAM2.IsDefault = $false
$SAM2.MethodType = "PhoneAppOTP"
$SAM3.IsDefault = $false
$SAM3.MethodType = "PhoneAppNotification"
$SAM4.IsDefault = $false
$SAM4.MethodType = "TwoWayVoiceMobile"
$SAMethods = @($SAM1, $SAM2, $SAM3, $SAM4)
Set-MsolUser -UserPrincipalName $UserPrincipalName -StrongAuthenticationMethods $SAMethods `
-MobilePhone $MobileNumber -AlternateMobilePhones $AlternateMobiles