Currently, "Require re-register MFA" can only be set https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userdevicesettings#manage-user-authentication-options, or via Pow...
Hi Ron Ron ,
Read auth methods:
Get-MgUserAuthenticationMethod
Remove auth methods (have to use correct cmdlet for each auth type) e.g.:
Remove-MgUserAuthenticationMicrosoftAuthenticatorMethod
If you remove all MFA capable auth factors then the user is prompted for new MFA at next login.
The default method can only be removed if it is the last MFA auth method. Get-MgUserAuthenticationMethod doesn't identify the default method* so either check for that error being returned or run the delete operation twice.
*Get-MgReportAuthenticationMethodUserRegistrationDetail can tell you the default method but it isn't updated immediately when an auth factor is added or removed.