Microsoft.Graph.Users module New-MgUser "-Authentication" parameter

Question

Hello,

I have tried adding an email authentication method while creating a new user via the New-MgUser command. At the current time, it looks like this:

New-MgUser -DisplayName 'Test User' -Surname 'User' -GivenName 'Test' -AccountEnabled -OtherMails '******@something.eu' -UserPrincipalName 'test.user@something.online' -PasswordProfile $PasswordProfile -MailNickname 'test.user'

No matter what I tried I could not set an email authentication method via -Authentication parameter... I have tried adding brackets and reordering but nothing worked. I do not fully understand the notes regarding this parameter which can be found in the documentation and moreover, there is no example of how to do this. Therefore, I settled on using this command instead so far:

New-MgUserAuthenticationEmailMethod -UserId 'test.user@something.online' -EmailAddress '******@something.eu'

This one works perfectly, but I would still like to condense everything into one command which I can execute at once. Would you please give me an example of how is the command supposed to look?

Thank you

Answer 1

@Gregor Anton Grinč Thank you for reaching out to us, As I understand you want to use Authentication parameter within New-Mguser cmdlet, I have tested this requirement in my lab and below is the script which you can use to achieve your ask.

##Import the Microsoft Graph Users module
Import-Module Microsoft.Graph.Users

##Connect to Microsoft Graph with the user read/write permission
Connect-MgGraph -scope "User.ReadWrite.All,UserAuthenticationMethod.ReadWrite.All"

##Define the password profile settings within a hash table
$PasswordProfile = @{
    Password = "Helo123!"
    ForceChangePasswordNextSignIn = $true
    ForceChangePasswordNextSignInWithMfa = $true
}

$params = @{
	emailAddress = "******@text.com"
}

$userid = New-MgUser -DisplayName "New User2" -PasswordProfile $PasswordProfile -AccountEnabled -MailNickName "nuser2" -UserPrincipalName "******@M365xXXXXXXX.onmicrosoft.com" 

Get-mguser -UserId $userid.id

New-MgUserAuthenticationEmailMethod -UserId $userid.id -BodyParameter $params						

However I did tried to use Authentication switch along with New-Mguser as mentioned here - https://learn.microsoft.com/en-us/powershell/module/microsoft.graph.users/new-mguser?view=graph-powershell-1.0 when ran the same encountered with the below error

Which says, during the initial post, authentication switch cannot be used and set the same in subsequent patch request, I will check with my team on this internally about this behavior and update the documentation accordingly.

Also make sure you have one of the roles assigned to the user Authentication Administrator or Privileged Authentication Administrator who is performing this task.

Reference: https://learn.microsoft.com/en-us/graph/api/authentication-post-emailmethods?view=graph-rest-1.0&tabs=http

Let me know if you have any further questions, feel free to post back.

Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.

Answer 2

Hi，

According to the help file, you need to provide a hash table containing the appropriate properties for the Authentication parameter, like

 @{
    EmailMethods = @{
		EmailAddress = '******@something.eu'
	}
}

Details of all the properties are listed in the NOTES section.

https://learn.microsoft.com/en-us/powershell/module/microsoft.graph.users/new-mguser?view=graph-powershell-1.0#notes

Best Regards,

Ian Xue

---

If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.