How to Bulk Edit User 'Authentication Methods'

Question

Hello,

Is there a way to bulk remove all phone numbers tied to all accounts within Azure AD for the 'Authentication Methods' field?

We are using Intune and PingID so we do not require a Microsoft authenticator app or phone/text verification however it appears IF someone's account has a number in the phone field it will prompt them to enable 2FA and/or use phone/text verification.

I would like to strip the numbers off all accounts in bulk vs manually going into each account to remove the number and save the edits.

Answer 1

Hi RTB,

You can remove the phone numbers associated with Azure AD user accounts by using PowerShell and the AzureAD or the newer AzureADPreview module.

Here's a sample script to illustrate this. The script first retrieves all user accounts and then removes the phone numbers from the Authentication Contact Info.

# Install the AzureAD or AzureADPreview module if you haven't already
# Install-Module AzureAD

# Import the module
Import-Module AzureAD

# Connect to your Azure AD
Connect-AzureAD

# Get all users
$users = Get-AzureADUser -All $true

foreach ($user in $users) {
    Set-AzureADUser -ObjectId $user.ObjectId -MobilePhone $null -TelephoneNumber $null
}
	

This script sets the MobilePhone and TelephoneNumber attributes to null, effectively removing them. However, please be aware that this script could have implications depending on your organization's use of these fields. It might be a good idea to do a test run with a small subset of users to ensure it works as expected.

You should replace the placeholders (<>) with your actual values. And as always, be sure to thoroughly test any script in a non-production environment before running it on your production environment.

This script assumes you have the necessary permissions to modify Azure AD user attributes. If not, you'll need to ask your Azure AD administrator to either perform these operations or grant you the necessary permissions.