Jet Mariano

Provisioning a User in Azure with Email, MFA, and E3 License

Written by

jetnmariano

in

Introduction

Provisioning users in Azure AD ensures security and compliance, especially with Multi-Factor Authentication (MFA) and proper licensing. This guide walks through setting up a new user with M365 E3 licensing using PowerShell.

Prerequisites

✔ PowerShell installed
✔ Azure AD module installed (Install-Module AzureAD)
✔ Global Admin or User Admin role in Azure

PowerShell Script

powershellCopyEdit# Connect to Azure AD
Connect-AzureAD

# Create a new user
$PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile
$PasswordProfile.Password = "P@ssw0rd!"

New-AzureADUser -UserPrincipalName "[email protected]" `
                -DisplayName "New User" `
                -PasswordProfile $PasswordProfile `
                -MailNickName "newuser" `
                -AccountEnabled $true

# Assign Microsoft 365 E3 License
$license = Get-AzureADSubscribedSku | Where-Object {$_.SkuPartNumber -eq "ENTERPRISEPACK"}
Set-AzureADUserLicense -ObjectId "[email protected]" -AddLicenses @(@{SkuId=$license.SkuId})

# Enable MFA
$StrongAuthRequirement = New-Object -TypeName Microsoft.Open.AzureAD.Model.StrongAuthenticationRequirement
$StrongAuthRequirement.RelyingParty = "*"
$StrongAuthRequirement.State = "Enabled"
Set-MsolUser -UserPrincipalName "[email protected]" -StrongAuthenticationRequirements @($StrongAuthRequirement)

Write-Host "User provisioned successfully with MFA and E3 license."

Done! Your new user is now provisioned with an E3 license and MFA enforced.

More posts

error: Content is protected !!