Our O365 tenant does not use Conditional Access or I wouldn't need to use power automate for this reason ...
Therefore, when HR creates a new O365 user via a Power Automate button, a O365 global admin has to manually turn on MFA for that new user. I am looking for a way to build a power automate action that will enable MFA on an account and force the user to configure MFA signup. Is this possible?
I was hoping for a cleaner way, but with the use of an Azure runbook I was able to build a powershell script that I could call from my power automate flow to successfully set MFA on a single user.
I credit this article/author here for the push in the right direction: https://practical365.com/microsoft-365/how-to-run-powershell-scripts-to-automate-manual-processes-in...
Param ( [string] $Employee = "" ) $credObject = Get-AutomationPSCredential -AutomatedAccountName "ScriptServiceAccount" Connect-MsolService -Credential $credObject $auth = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement $auth.RelyingParty = "*" $auth.State = "Enabled" $auth.RememberDevicesNotIssuedBefore = (Get-Date) Set-MsolUser -UserPrincipalName $Employee -StrongAuthenticationRequirements $auth
I think I may have found a cleaner option for you. Create a Security Group that will assign the MFA attribute to the members. Then the Azure AD connector will be able to assign the new user to the Security Group and it should assign them the MFA attribute. I do not have an MFA environment to test this on so I cannot confirm this but it was suggested here for license assignment but MFA service can also be assigned through group membership. https://powerusers.microsoft.com/t5/Power-Automate-Ideas/Action-Assign-Office-365-license/idi-p/3820...
We are excited to announce the launch of Power Virtual Agents Community. Check it out now!
We've updated and improved the layout and uploading format of the Power Automate Cookbook!
Fill out a quick form to claim your user group badge now!