With Microsoft retiring MSOL, I've run into an issue with the script located at "C:Program FilesMicrosoftAzureMfaConfigAzureMfaNpsExtnConfigSetup.ps1". This script relies on commands like Connect-MsolService and New-MsolServicePrincipalCredential, which no longer work even for Global Administrators. I'm looking for the best way to renew these certificates now since this method has been my go-to for all environments.
4 Answers
It looks like Microsoft isn't making it easier on us... You'll need to update the script using the Graph module instead. The command you want to use is "Add-MgServicePrincipalKey" instead of the old commands. Check out the cmdlet mapping details here: https://learn.microsoft.com/en-us/powershell/microsoftgraph/azuread-msoline-cmdlet-map?view=graph-powershell-1.0&pivots=msonline.
If you've got a certificate expiring soon, it's definitely worth addressing this quick! You don’t want to be caught out.
If you’re running into issues, definitely make sure you've updated. After updating the NPS extension, the script worked perfectly for me! Just remember to uninstall the older version before you install the new one.
I just upgraded to the latest NPS extension, and it did fix the issues I was having. The script now supports MS Graph! Just a heads up, if your version is really old, you might need to set the registry key OVERRIDE_NUMBER_MATCHING_WITH_OTP = FALSE to avoid issues. Here are more details: https://learn.microsoft.com/en-us/entra/identity/authentication/howto-mfa-nps-extension.
Yeah, I'm starting to feel the pressure myself!