Using update-mguser to add / update user's authentication email methods in powershell unattended script
I am attempting to use update-mguser in an unattended powershell script. I can't use New-MgUserAuthenticationEmail or update-MgUserAuthenticationEmail because they don't support application permissions types.
I'm trying to use the Notes complex paremeter properties section of the documentation section here: https://learn.microsoft.com/en-us/powershell/module/microsoft.graph.users/update-mguser?view=graph-powershell-1.0
I can't seem to get the syntax correct for updating the Entra user object's Authentication EmailMethods properties. I need to pass a hash table but when I do I am getting a 400 error. Below is snippet from Microsoft documentation for update-mguser page referenced above.
AUTHENTICATION : authentication [EmailMethods <IMicrosoftGraphEmailAuthenticationMethod- []>]: The email address registered to a user for authentication. [Id ]: The unique identifier for an entity. Read-only. [EmailAddress ]: The email address registered to this user.
I have tried various hash tables but no luck:
$authenticationMethods = @{
EmailMethods = @(
@{
EmailAddress = "newemail@example.com"
}
)
}
$authenticationMethods = @{
EmailMethods = @{
EmailAddress = "newemail@example.com"
}
}
$authenticationMethods = @{
EmailAddress = "newemail@example.com"
}
Update-MgUser -UserId $userId -Authentication $authenticationMethods
I agree with @user2250152, you can now update user's authentication methods with permissions of Application type.
Initially, I added UserAuthenticationMethod.ReadWrite.All permission of Application type with consent as below:
Now. I ran below PowerShell script to connect Microsoft Graph as a service principal and set user's authentication method:
$tenantID = "tenantId"
$appID = "appId"
$secretValue = "secret"
$ClientSecretPass = ConvertTo-SecureString -String $secretValue -AsPlainText -Force
$ClientSecretCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $appID, $ClientSecretPass
# Connect to Microsoft Graph with Client Secret
Connect-MgGraph -TenantId $TenantId -ClientSecretCredential $ClientSecretCredential
$userId = "userId"
$params = @{
emailAddress = "devi@M365xxxxxxxx.onmicrosoft.com"
}
New-MgUserAuthenticationEmailMethod -UserId $userId -BodyParameter $params
Response:
To confirm that, I checked the same in Portal where email authentication method added successfully as below:
To update this authentication method, I ran below PowerShell script:
$userId = "userId"
$emailAuthenticationMethodId = "3ddfcfc8-9383-446f-83cc-3ab9be4be18f"
$params = @{
emailAddress = "devi@contoso.com"
}
Update-MgUserAuthenticationEmailMethod -UserId $userId -EmailAuthenticationMethodId $emailAuthenticationMethodId -BodyParameter $params
Response:
Azure Portal:
Regarding this Microsoft article, it's currently showing New-MgUserAuthenticationEmailMethod cmdlet is not supported by Application permissions. We’ve informed our internal team, and they are actively working on updating it. The update should be available within a few days. Thank you for pointing it out!
- "Schema" property not found in Postgres Connector
- Downloading file from Azure blob storage via Memory Stream
- Reading env variable from template.yaml
- HTTP Error 500.30 - ASP.NET Core app failed to start - Azure
- Azure DevOps Pipelines: TerraformTaskV4: init with different subscription and Workflow Identity Federation
- Enabling HTTPS for a Azure blob static website
- How to search across many Azure Devops Git project and find all files which contain specific text AND which filename contains "Resource"
- Hosting SPA with Static Website option on Azure Blob Storage (clean URLs and Deep links)
- Using Managed Identity to Access Azure OpenAI Service
- Azure data factory not loading
- Transfer encrypted dataprotection keys from a windows vm to azure keyvault
- Refresh powerBI data with additional column
- Azure Application Insights AKS - How to Create 1 custom alert rule which will trigger multiple alerts, but with different names (per pod name)?
- gRPC and REST side by side in Azure App Service, Linux Container
- Connecting to a SignalR WSS stream but not getting the response i am looking for
- SignalR prevent user from opening multiple sessions in different tabs
- Application Insights -_logger.LogInformation
- CosmosDB is not allowing serverless capabalities to NoSQL, it says I must use CapacityMode
- Azure Webapp / Website Swap : HTTP Ping Error
- Microsoft Graph API - Update phoneMethods is no longer working
- Use Azure Key Vault secret in Header section of Web Activity
- Azure Storage blob getting the io.netty.channel.StacklessClosedChannelException while generating /downloading the from SasUrl
- How do I save and later load Azure AnalyzeResult object in python?
- Office 365 Exchange Online permission is not visible for registered application in azure active directory
- Azure ADF - HTTP : Table from list
- Self hosted azure devops build agent not getting tool from $PATH
- Azure devops pipeline stages template nesting
- Azure APIM is returning the incorrect HTTP response error when call is missing mandatory querystring parameter
- Azure DevOps build pipeline logid for a specific task - dynamically
- PS script to fetch the list non-compliance resource list with respect to policy from multiple subscriptions