Comments on: The Importance of Standardizing Microsoft 365 Account Creation

By:

Tony Redmond

The Real Person!

Author Tony Redmond acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.

Tony Redmond — Mon, 22 Jan 2024 11:00:48 +0000

In reply to Harry.

The Graph SDK doesn’t support per-user MFA assignment. Use a conditional access policy instead and make sure that the users are included within the scope of the policy. https://practical365.com/conditional-access-policies-powershell/

By: Harry

Harry — Mon, 22 Jan 2024 09:26:56 +0000

Hi sir,

Thanks for your quick reply. while running this script MFA not enabled sir. How to enable MFA for few users (per-user).

#MFA
}
$Users | ForEach-Object {
New-MgUserAuthenticationPhoneMethod -UserId $_.UPN -phoneType “mobile” -phoneNumber $_.Mobilephone
If($?)
{
Write-Host $_.UPN “Success” -ForegroundColor Green
} Else
{
Write-Host $_.UPN “Error” -ForegroundColor Red
}
}

By:

Tony Redmond

The Real Person!

Author Tony Redmond acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.

Tony Redmond — Thu, 18 Jan 2024 13:09:33 +0000

In reply to Harry.

Why are you using AzureAD cmdlets to add people to groups? You can do that perfectly well with the Graph SDK. https://office365itpros.com/2022/03/29/create-entra-id-group/

By: Harry

Harry — Thu, 18 Jan 2024 12:47:22 +0000

Hi Sir,

I am using below script for creating users and adding MFA and groups at a time. But MFA and group part not working. Please guide me sir.
Install-Module Microsoft.Graph
Import-Module Microsoft.Graph.Users
Import-Module Microsoft.Graph.Groups
Connect-MgGraph -Scopes User.ReadWrite.All,Group.ReadWrite.All,Organization.Read.All,Directory.ReadWrite.All, UserAuthenticationMethod.ReadWrite.All, User.ReadWrite.All -NoWelcome
$Users = Import-Csv C:\newuser.csv
$Users | ForEach-Object {$PasswordProfile = @{
Password = $_.Password
}
New-MgUser -DisplayName $_.DisplayName -PasswordProfile $PasswordProfile -AccountEnabled -MailNickName $_.mailNickname -UserPrincipalName $_.UPN -JobTitle $_.Jobtitle -EmployeeHireDate $_.Employeehiredate -UsageLocation $_.UsageLocation -Country $_.Country -GivenName $_.firstname -Surname $_.Surname -EmployeeId $_.Employeeid -Department $_.Department -MobilePhone $_.Mobilephone -City $_.City -PostalCode $_.postalcode
#Assign Lisenses to users
$EmsSku = Get-MgSubscribedSku -All | Where SkuPartNumber -eq $_.license
$addLicenses = @(
@{SkuId = $EmsSku.SkuId
}
)
Set-MgUserLicense -UserID $_.UPN -AddLicenses $addLicenses -RemoveLicenses @()
If($?)
{
Write-Host $_.UPN “Success” -ForegroundColor Green
} Else
{
Write-Host $_.UPN “Error” -ForegroundColor Red
}
#MFA
}
$Users | ForEach-Object {
New-MgUserAuthenticationPhoneMethod -UserId $_.UPN -phoneType “mobile” -phoneNumber $_.Mobilephone
If($?)
{
Write-Host $_.UPN “Success” -ForegroundColor Green
} Else
{
Write-Host $_.UPN “Error” -ForegroundColor Red
}
}

#Install-Module AzureAD
Connect-AzureAD
$Users | ForEach{$Manager = (get-AzureADuser -ObjectId $_.Manager).ObjectId
$gmember = (get-AzureADuser -ObjectId $_.UPN).ObjectId
Set-AzureADUserManager -ObjectId $_.UPN -RefObjectId $Manager
Add-AzureADGroupMember -ObjectId “group ID” -RefObjectId $gmember
Add-AzureADGroupMember -ObjectId “group ID” -RefObjectId $gmember}
Disconnect-MgGraph
Disconnect-AzureAD

Comments on: The Importance of Standardizing Microsoft 365 Account Creation

By: Tony Redmond The Real Person! Author Tony Redmond acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.

By: Harry

By: Tony Redmond The Real Person! Author Tony Redmond acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.

By: Harry

By:

Tony Redmond

The Real Person!

Author Tony Redmond acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.

By:

Tony Redmond

The Real Person!

Author Tony Redmond acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.