Enable/Disable per-user MFA with Microsoft graph powershell SDK

Enable/Disable per-user MFA with Microsoft graph powershell SDK
15

Upvotes

Upvote

 Jan 10 2022
4 Comments (4 New)
New

Hello,

The equivalent to enable / disable per-user MFA using Microsoft graph powershell SDK:

Create the StrongAuthenticationRequirement Object

$sa = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement
$sa.RelyingParty = "*"
$sa.State = "Enabled"
$sar = @($sa)

Enable MFA for the user

Set-MsolUser -UserPrincipalName $user -StrongAuthenticationRequirements $sar

Regards,

Comments
Copper Contributor

As a backup product, it is a security hole if we do not restore the MFA settings. With the deprecation of Basic Authentication, there is no way to restore MFA settings if they were previously set on the object being restored.   It makes sense that this ability is further restricted to backup products only to ensure no additional exposure while still maintaining security during a restore operation.

Brass Contributor

We need this feature ASAP.

Not everyone has Conditional Access Configured. (Business Premium License required)

Security defaults also cannot be used in combination with a Breakglass Account...

Brass Contributor
Copper Contributor

Please implement this in Graph we need to be able to query current status and change the status in a non-interactive session, so MSOnline cannot be used.