az ad user update
command to update the user’s MFA settings.az ad user update --id <user-id> --force-change-password-next-login true
az ad policy password update
command to update the password policy settings.az ad policy password update --id <policy-id> --password-lifetime 90 --password-history-count 5
az ad pim update
command to enable PIM for a specific role.az ad pim update --id <role-id> --enabled true
<user-id>
, <policy-id>
, and <role-id>
placeholders should be replaced with the actual IDs or names of the users, policies, or roles you want to modify.
azure-identity
library to authenticate with Azure Active Directory.azure-mgmt-graphrbac
library to interact with Azure Active Directory.GraphRbacManagementClient
class to create an instance of the Graph RBAC Management Client.users
object to get the user by their object ID.update_user_password
method to reset the user’s password.azure-identity
library to authenticate with Azure Active Directory.azure-mgmt-graphrbac
library to interact with Azure Active Directory.GraphRbacManagementClient
class to create an instance of the Graph RBAC Management Client.users
object to get the user by their object ID.update_user
method to enable MFA for the user.azure-identity
library to authenticate with Azure Active Directory.azure-mgmt-graphrbac
library to interact with Azure Active Directory.GraphRbacManagementClient
class to create an instance of the Graph RBAC Management Client.users
object to get the user by their object ID.groups
object to get the group by its object ID.add_member
method to add the user to the group.azure-identity
and azure-mgmt-graphrbac
) before running these scripts.