Hello Everyone
I am trying to write a script that temporarily activated a PIM Role to my account...the issue is, that my account is secured with MFA, so this does not work:
$roleDisplayName = "License Administrator"
$roleDefinitionID = (Get-AzureADMSRoleDefinition -Filter "DisplayName eq '$roleDisplayName'").Id
$targetuserID = (Get-AzureADUser -ObjectId admgabriel@wingd.com).ObjectId # Replace user ID
$schedule = New-Object Microsoft.Open.MSGraph.Model.AzureADMSPrivilegedSchedule
$schedule.Type = "Once"
$schedule.StartDateTime = (Get-Date).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ss.fffZ")
$schedule.EndDateTime = ((Get-Date).AddDays(1)).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ss.fffZ")
# Create temporary active role assignment
Open-AzureADMSPrivilegedRoleAssignmentRequest -ProviderId 'aadRoles' -ResourceId $tenantID -RoleDefinitionId $roleDefinitionID -SubjectId $targetuserID -Type 'adminAdd' -AssignmentState 'Active' -schedule $schedule -reason "testing" -MFA
What can I do to activate it with MFA? The only solution I have found is to adjust my locations in the conditional access policy, but I don't want to do that.
Thank you for your help.
Kind regards,
Gabriel