gabeluci's avatar
gabeluci
Iron Contributor
Jan 14, 2022
Status:
New

Microsoft Graph: Add support for "Require re-register MFA"

Currently, "Require re-register MFA" can only be set https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userdevicesettings#manage-user-authentication-options, or via PowerShell using:

 

Set-MsolUser -UserPrincipalName username -StrongAuthenticationMethods @()

 

Please add support for this in the Microsoft Graph API.

Microsoft Graph

34 Comments

Sort By
Show More
  • KoflT's avatar
    KoflT
    Brass Contributor
    Apr 24, 2023

    Still waiting for the feature for editing/setting as in the GUI

  • Syedbilalshah999's avatar
    Syedbilalshah999
    Copper Contributor
    Apr 19, 2023

    RESPECTED MICROSOFT CUMMUNTIY TEAM I DO MY BEST EFFORT TO RESLOVE MY CAMPANY ISSUE BUT  RIGHT NOW I AM  UPSET BCOZ  I DONT UNDERSTAND CODEING AND HOW DEVELPORE WORK I NEED SUPPORT IFANYONE HELP ME  

    THANKS

    SYED BILAL SHAH

    THE ROYAL EXPRESS TRAVELS

    +923228471198

  • MattTheSysAdmin's avatar
    MattTheSysAdmin
    Brass Contributor
    Apr 19, 2023

    Over a year on, and still waiting for this relatively basic feature.

     

    Currently we're using MSOL, which is being depreciated as of June this year. C'mon Microsoft!

  • Ron Ron's avatar
    Ron Ron
    Brass Contributor
    Mar 07, 2023

    MarkF70 Thank you, but that is only to read or clear all information. We want to set an private authentication email for provisioning, when entering our school as a student or employee so the user is able to reset their own password. 
    It is working at the moment with API calls but we want it to be completely native graph commands.

  • NidalT's avatar
    NidalT
    Brass Contributor
    Mar 06, 2023

    You would think that they would come up with an easy way to do this...

    I mean, in the Azure Portal you have simple button for "Require re-register multifactor authentication".

    Why not make this exact same behavior available with Grahp cmdlet?

  • MarkF70's avatar
    MarkF70
    Copper Contributor
    Mar 06, 2023

    Hi Ron Ron ,

    Read auth methods:

    Get-MgUserAuthenticationMethod

     

    Remove auth methods (have to use correct cmdlet for each auth type) e.g.:

    Remove-MgUserAuthenticationMicrosoftAuthenticatorMethod

     

    If you remove all MFA capable auth factors then the user is prompted for new MFA at next login.

    The default method can only be removed if it is the last MFA auth method.  Get-MgUserAuthenticationMethod doesn't identify the default method* so either check for that error being returned or run the delete operation twice.

     

    *Get-MgReportAuthenticationMethodUserRegistrationDetail can tell you the default method but it isn't updated immediately when an auth factor is added or removed.

     

  • erwatkin's avatar
    erwatkin
    Copper Contributor
    Feb 14, 2023

    I could really do with this. preventing some automation cases I am working on. is there an ETA for this being added?