在Azure活动目录MFA中强制执行电话号码 [英] Enforcing phone number in azure active directory MFA

问题描述

我有一个Azure Active Directory实例，在其中我使用短信启用了MFA.

I have an Azure Active Directory instance where I enabled MFA using Text Messages.

我尝试使用在其个人资料中设置了电话号码的用户登录，并在提示对话框中包含该用户的电话号码.

I tried logging-in using a user that has a phone number set in their profile, and was prompted with a dialog containing the user's phone number.

问题是该对话框使用户可以编辑此号码，而不是强迫他们使用配置文件中配置的号码.

The problem is that this dialog enables the user to edit this number, instead for forcing them to use the one configured in the profile.

如何使此对话框仅使用用户的电话号码?

How can I make this dialog just use the user's phone number?

这是认证部分中的配置:

This is the configuration in the authentication section:

登录过程:(注意如何更改电话号码)

Login process: (notice how the phone number can be changed)

推荐答案

这可以使用PowerShell完成(取自

This can be done using PowerShell (taken from here)

Install-Module -NameMSOnline
Connect-MsolService 
$UserPrincipalName = "j.brown@exchangelabs.nl"
$SMS = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationMethod
$SMS.IsDefault = $true
$SMS.MethodType = "OneWaySMS"
$Phone = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationMethod
$Phone.IsDefault = $false
$Phone.MethodType = "TwoWayVoiceMobile"
$PrePopulate = @($SMS, $Phone)
Set-MsolUser -UserPrincipalName $UserPrincipalName -StrongAuthenticationMethods $PrePopulate

我仍然不确定如何将其设置为所有用户的默认值.

I am still not sure how to make it the default for all users.

这篇关于在Azure活动目录MFA中强制执行电话号码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！