May 09 2021 10:21 PM
I was trying to update our company user phones through the Exchange Online Module Set-User cmdlet. Something easy like:
Set-User -Identity $_.Identity -Phone $_.BusinessPhone
Set-User -Identity $_.Identity -MobilePhone $_.Mobile
Until not so long ago, it worked without issues, but recently we are getting the error below, impossible to get through it (other parameters update without issues).
Phone and Mobile Phone for users with Recipient Type Details "UserMailbox" cannot be updated in Exchange Online for security reason. Please do it in Azure Active Directory.
The only other entry I've found on Google is this one, but it seems unrelated to our issues since both tenants I'm working with are "native" AAD/O365, never had any connection with any AD.
Anyone knows a way around this ?
Or do we now need to connect to the Azure modules to do it ?
Also wonder when did this change happen, and whether Microsoft documented it somewhere.
May 10 2021 08:09 AM - edited May 10 2021 08:10 AM
Hey @dgr4it
Thanks for Sharing this is interesting !
So it appears that MS has moved a few attributes from set-user to set-msoluser, like for example 'phonenumber' and 'mobilephone' i was able to change via Set-msoluser post connecting to Msolservice (connect-msolservice). However 'set-user' still works for other attributes which are not available in Set-Msoluser, for example -HomePhone and -OtherTelephone are still available to be updated via Set-User. It appears that -Phonenumber and -Mobilephone were conflicting atrributes between set-user and set-msoluser and now they are available only with Msoluser.
Sorry no documentation found.
Thanks
May 10 2021 09:13 AM
May 10 2021 06:46 PM
@harveer singh Thanks for your input.
I know you can go through the Azure ActiveDirectory (MSOnline) module, (or I guess the 2.0 version of it), but that also requires new admin roles permissions, scripting, testing, etc.
What I'm trying to figure out is:
May 11 2021 04:04 AM
Hey @dgr4it
AFIK Set-user is the only exchange command which would allow you to make the desired change, What is interesting though is I was able to update the phone number/mobile phone number via the new Exchange admin center https://admin.exchange.microsoft.com/ using an Exchange Admin account (worked for me; please test in your tenant). So theoretically it looks like the attributes are still available for update via exchange. May be for the time being you can use the new Exchange admin center to make the changes and get a ticket going with MS to confirm the changes around set-user. Lets see if Vasil can find something.
Thanks