https://docs.microsoft.com/en-us/graph/api/resources/authenticationmethods-overview?view=graph-rest-beta#what-authentication-methods-can-be-managed-in-microsoft-graph
There is a serious need in the company to add/change/remove MFA login methods to users!
There is a problem, for example:
1. If the administrator adds a phone number for the user. And the global policy will specify that the phone call only method is allowed.
2. The user will get an error when trying to log in to resources via the NPS extension for RDG (because he will receive a text message), and when trying to log in to resources restricted by the policy (for example office.com) he will be asked to add the MFA method and redirected to his personal account https://mysignins.microsoft.com/security-info
3. After successfully logging in to your personal account https://mysignins.microsoft.com/security-info its phone call method will work correctly.
It is very necessary to be able to set the default MFA method for users throught administrators' API.
Without this feature, it is impossible to automate the process for extending NPS to RDG, or to manual access policies for cloud services.
4 Comments
Yes MS please add this capability. We should be able to default our users to the most modern and secure MFA option instead of SMS/Phone Call. Due to this limitation we are disabling the SMS/Phone options and will instead provide hardware tokens for those that can't use the MS Authenticator app.
Hello everyone It seems that I managed to solve the problem in a non-standard way - "How to change the default authentication method for an azure user".
The source code can be downloaded here https://github.com/isKUL/AAAC
Same, we need this to push our users (if they have a working auth app registered) to set it as default.
Hello!
I keep waiting for an opportunity!
"Change a user's default MFA method" from Graph API
