Pre-Provision MFA "StrongAuthenticationUserDetails" via PowerShell?
We have over 12,000 users we need to provision for MFA.
I know we can enable MFA via PowerShell, but there doesn't seem to be a way to update the "StrongAuthenticationUserDetails" attribute (Alt. Phone, Email, etc.) programmatically.
This is turning out to be a huge pain for us. Does anyone have a timeline for when we'll be able to do this?
Case was open 2 years ago... Still Waiting...
Justin Horne commented
What's worse is that even reading this data requires the now-deprecated MSOnline module.
For exmaple: Get-MsolUser -EnabledFilter EnabledOnly -All | Select UserPrincipalName, DisplayName, MobilePhone, AlternateEmailAddresses, AlternateMobilePhones -ExpandProperty StrongAuthenticationUserDetails
There is STILL no way to access StrongAuthenticationUserDetails via the newer AzureAD module via Get-AzureADuser.
Ron Houet commented
Come on Microsoft, please add this possibility asap. Provisioning Phone and Alternate e-mail can't be used: Every user can read this info, isn't allowed with GDPR (AVG in the Netherlands)
Please add a way for us to update StrongAuthenticationUserDetails PhoneNumber via powershell. It will solve a LOT of problems for our university. Biggest one is upper administration doesn't want phone number showing up in Directory, so populating mobile phone is not an option. StrongAuthenticationUserDetails solves this problem. PLEASE ADD functionality soon! Thanks.
Do we have any progress on updating "StrongAuthenticationUserDetails" though Powershell ?
The inability to bulk enrol StrongAuthentication data into Azure AD MFA is driving us to look at other vendor solutions for device management.
Please come up with a solution! I'd rather simplify the tech landscape and reduce the number of vendors we deal with, but this capability gap is causing us to look elsewhere
Although this is possible now by populating the correlated fields on the Azure AD user object - see this article - https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-authenticationdata
It still is a concern for us, because the strongauthenticationuserdetails is secured so that only the user and admins can see it, where the AlternateEmail and MobilePhone fields on the object itself are viewable directory data, which we don't want populated for our users, because other users could possibly see this data.
Tim McLaughlin commented
Oh yes, please. We're looking to do this for all of our users going forward, and not being able to do so in automation will be... well, not doable.
I'd like to see some traction on this. We want to pre-populate the "StrongAuthenticationUserDetails" via powershell to alleviate the users to validate the phone number. We already have their phone number in local systems. We can edit these fields via Azure gui/portal, why can't the permissions be set so we can do the same via powershell?
Any ETA on this feature? I can create the object in Powershell but I'm unable write/apply it to the Azure user.
jyoti prasad commented
please make this feature available soon as there are many users requesting to update the contact details for a batch of users .
Patiently waiting for this
Cha Yang commented
I strongly support this for our company.
We have over 200 000 users in our tenant, we need to clear all "StrongAuthenticationUserDetails"
We need powershell/ ADSYNC engine to populate info directly into this attributes StrongAuthenticationUserD
Tre`Von McKay commented
Please let us know if there are any updates to share or an estimated timeline. This has a huge impact on our decision to select a new Identity Management solution.