Here is a PowerShell script I have developed which uses a user called AzMonkey@example.com to log into Azure and add every single member of all subscriptions to an Azure AD Group. The script is used within an Azure Automation Runbook but with a little bit of modification can be also executed from your machine. This scipt is useful when you want to make sure all users of Azure in your organization are members of a group and can then be added to a specific policy. i.e. Multi-Factor Authentication Policy
You will need to specify the Azure AD Group Object ID in the script below ($groupID). Please make sure the user (AzMonkey@example.com) is the owner of the Group and also has the Owner right to every subscription in your Azure environment.
Below are the steps on how to create an Automation Runbook which is scheduled to run the code above every day:
1- Add Automation to an Azure Resource Group:
2- Open the Automation resource and make sure you have the following Modules. Simply click Modules from the left menu and then click Browse gallery to import new ones:
3- On the left menu of the Automation blade click Credentials and add a new credential. Make sure it is called AzMonkey (as specified in the script) and add the username and password:
4- Create a new PowerShell Runbook, click Edit and paste the code above into it and then Save and Publish it.
5- On the Runbook blade, select Schedules and add a new schedule. Make sure it is a recurring task which happens at a specific time every day: