runbook-dynamicgroup-mfa
0.4
Azure Runbook - Dynamic Group - MFA State
This script is designed for an Azure Runbook to assign users to two Azure AD groups based on their MFA capability (capable / non-capable).
Before running the runbook, you need to set up an automation account with a managed identity.
The managed identity requires the following Graph Permissions:
- User.Read.All
- Group.
This script is designed for an Azure Runbook to assign users to two Azure AD groups based on their MFA capability (capable / non-capable).
Before running the runbook, you need to set up an automation account with a managed identity.
The managed identity requires the following Graph Permissions:
- User.Read.All
- Group.
Azure Runbook - Dynamic Group - MFA State
This script is designed for an Azure Runbook to assign users to two Azure AD groups based on their MFA capability (capable / non-capable).
Before running the runbook, you need to set up an automation account with a managed identity.
The managed identity requires the following Graph Permissions:
- User.Read.All
- Group.ReadWrite.All
- UserAuthenticationMethod.Read.All
- Mail.Send
The script requires the following modules:
- Microsoft.Graph.Authentication
- Microsoft.Graph.Groups
- Microsoft.Graph.Identity.SignIns
- Microsoft.Graph.Users
- Microsoft.Graph.Users.Actions
There are a few parameters which must be set for a job run:
- $groupid_capable -> The Object-ID of a EntraID (AzureAD) group where MFA capable uers's should be assigned
- $groupid_noncapable -> The Object-ID of a EntraID (AzureAD) group where MFA NON-capable uers's should be assigned
- $mailMode -> This controls the mail behavior. Enter the mode you want without using '
'always' - sends a mail on every run
'changes' - sends a mail only if there were any changes
'disabled' - never send a mail
- $mailSender -> The mail-alias from which the mail will be send (can be a user-account or a shared-mailbox)
- $mailRecipients -> The recipient(s) of the mail (internal or external). If you want more than one recipient, you can separate them with the character ; in between.
Show more
This script is designed for an Azure Runbook to assign users to two Azure AD groups based on their MFA capability (capable / non-capable).
Before running the runbook, you need to set up an automation account with a managed identity.
The managed identity requires the following Graph Permissions:
- User.Read.All
- Group.ReadWrite.All
- UserAuthenticationMethod.Read.All
- Mail.Send
The script requires the following modules:
- Microsoft.Graph.Authentication
- Microsoft.Graph.Groups
- Microsoft.Graph.Identity.SignIns
- Microsoft.Graph.Users
- Microsoft.Graph.Users.Actions
There are a few parameters which must be set for a job run:
- $groupid_capable -> The Object-ID of a EntraID (AzureAD) group where MFA capable uers's should be assigned
- $groupid_noncapable -> The Object-ID of a EntraID (AzureAD) group where MFA NON-capable uers's should be assigned
- $mailMode -> This controls the mail behavior. Enter the mode you want without using '
'always' - sends a mail on every run
'changes' - sends a mail only if there were any changes
'disabled' - never send a mail
- $mailSender -> The mail-alias from which the mail will be send (can be a user-account or a shared-mailbox)
- $mailRecipients -> The recipient(s) of the mail (internal or external). If you want more than one recipient, you can separate them with the character ; in between.
Installation Options
Owners
Copyright
2023 Dominik Gilgen. All rights reserved.
Package Details
Author(s)
- Dominik Gilgen
Tags
AzureAD EntraID MFA ConditionalAccess DynamicGroup Runbook
Functions
Dependencies
This script has no dependencies.
Release Notes
This script now supports email reporting, which requires the permission 'Mail.Send' and the Graph-Module Microsoft.Graph.Users.Actions.
Instead of variables it is now using parameters for the input.
FileList
- runbook-dynamicgroup-mfa.nuspec
- runbook-dynamicgroup-mfa.ps1
Version History
Version | Downloads | Last updated |
---|---|---|
0.4 (current version) | 529 | 10/12/2023 |
0.3 | 9 | 9/25/2023 |