Khaled40's avatar
Khaled40
Brass Contributor
Jan 10, 2022
Status:
New

Enable/Disable per-user MFA with Microsoft graph powershell SDK

Hello,

The equivalent to enable / disable per-user MFA using Microsoft graph powershell SDK:

Create the StrongAuthenticationRequirement Object

$sa = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement
$sa.RelyingParty = "*"
$sa.State = "Enabled"
$sar = @($sa)

Enable MFA for the user

Set-MsolUser -UserPrincipalName $user -StrongAuthenticationRequirements $sar

Regards,

4 Comments

  • EricZimmerman's avatar
    EricZimmerman
    Copper Contributor
    Jan 30, 2023

    Please implement this in Graph we need to be able to query current status and change the status in a non-interactive session, so MSOnline cannot be used.

  • Anwar Mahmood's avatar
    Anwar Mahmood
    Brass Contributor
    Nov 09, 2022

    see also

     

    https://github.com/microsoftgraph/microsoft-graph-docs/issues/17374

  • swissbuechi's avatar
    swissbuechi
    Brass Contributor
    May 31, 2022

    We need this feature ASAP.

    Not everyone has Conditional Access Configured. (Business Premium License required)

    Security defaults also cannot be used in combination with a Breakglass Account...

  • MikeWilson's avatar
    MikeWilson
    Copper Contributor
    Feb 18, 2022

    As a backup product, it is a security hole if we do not restore the MFA settings. With the deprecation of Basic Authentication, there is no way to restore MFA settings if they were previously set on the object being restored.   It makes sense that this ability is further restricted to backup products only to ensure no additional exposure while still maintaining security during a restore operation.