MFA locations automation

Siegmund Bosmans 1 Reputation point
2020-03-19T14:33:58.847+00:00

hi,
I would like to know how we can automate or script the update of the defined locations for MFA/CA in Azure.
the issue is we have around 160 locations that are AAD joined and have no static IP addresses, as their IP addresses come from their ISP
I have found that it is not yet possible to update the location in MFA using powershell, so what about using :

  • log analytics
  • syslogs
  • a runbook
  • use netscaler to help (it is currently doing the VPN)

or other means of keeping the list of known locations up to date with as minimal human interaction as possible.. ?

the solution would ofc also need alerting

not a simple task, but what would be the best way forward?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,094 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 35,616 Reputation points Microsoft Employee
    2020-03-20T00:17:09.4+00:00

    Right now there is a work item out for this and the team is working to create the functionality to automate this, but there is nothing out of the box available so far. You could try to copy the list of trusted locations from the Azure MFA service settings but it's just the list of IPs.

    Otherwise you can upvote and check the feedback page for updates.

    https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/34274437-ability-to-update-named-locations-using-powershell

    (Sorry there isn't a better functionality available yet!)

    0 comments No comments