Change MFA Phone via Graph API

RB-MEID-ALL-PS1-ChangeMFAPhone-PROD-WE

 

param (
    [Parameter (Mandatory = $false)]
    [object] $Email,
    [Parameter (Mandatory = $false)]
    [object] $PhoneNumber
)

# Filter empty spaces
if($PhoneNumber.contains(" ")){
	$PhoneNumber = $PhoneNumber.replace(" ","")
}

$TenantId = "<yourtenantid>"
$ClientId = "<yourappregistrationid>"
$ClientSecret = "<yourclientsecret>"

$Body = @{
"tenant" = $TenantId
"client_id" = $ClientId
"scope" = "https://graph.microsoft.com/.default"
"client_secret" = $ClientSecret
"grant_type" = "client_credentials"
}

$Params = @{
"Uri" = "https://login.microsoftonline.com/$TenantId/oauth2/v2.0/token"
"Method" = "Post"
"Body" = $Body
"ContentType" = "application/x-www-form-urlencoded"
}

$AuthResponse = Invoke-RestMethod @Params

$Headers = @{
    "Authorization" = "Bearer $($AuthResponse.access_token)"
}


# Get User ID By UPN
$UsersResponse = Invoke-RestMethod -Method GET -Uri "https://graph.microsoft.com/v1.0/users/$email" -ContentType "Application/Json" -Headers $Headers
$UserId = $UsersResponse.id

# Change Phone Number for MFA

$PhoneMethod = @"
{
    "phoneNumber":"$PhoneNumber",
    "phoneType":"mobile"
}
"@
$MFAResponse = Invoke-RestMethod -Method PUT -Uri "https://graph.microsoft.com/beta/users/$UserId/authentication/phoneMethods/3179e48a-750b-4051-897c-87b9720928f7" -ContentType "Application/Json" -Body $PhoneMethod -Headers $Headers

Start-Sleep 30

# Compare Phone Numbers

$MFAMethod = Invoke-RestMethod -Method GET -Uri "https://graph.microsoft.com/beta/users/$UserId/authentication/phoneMethods" -ContentType "Application/Json" -Headers $Headers

$AzurePhoneNumber = $MFAMethod.value.phoneNumber.Replace(" ","")

if($AzurePhoneNumber -eq $PhoneNumber){
    Write-Output "success"
}else{
    Write-Output "Failed to compare Azure Phone Number to Input from SNOW."
}