gabeluci
Jan 14, 2022Iron Contributor
Status:
New
Microsoft Graph: Add support for "Require re-register MFA"
Currently, "Require re-register MFA" can only be set https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userdevicesettings#manage-user-authentication-options, or via Pow...
MarkF70
Mar 06, 2023Copper Contributor
Hi Ron Ron ,
Read auth methods:
Get-MgUserAuthenticationMethod
Remove auth methods (have to use correct cmdlet for each auth type) e.g.:
Remove-MgUserAuthenticationMicrosoftAuthenticatorMethod
If you remove all MFA capable auth factors then the user is prompted for new MFA at next login.
The default method can only be removed if it is the last MFA auth method. Get-MgUserAuthenticationMethod doesn't identify the default method* so either check for that error being returned or run the delete operation twice.
*Get-MgReportAuthenticationMethodUserRegistrationDetail can tell you the default method but it isn't updated immediately when an auth factor is added or removed.