Enable/Disable per-user MFA with Microsoft graph powershell SDK

Enable/Disable per-user MFA with Microsoft graph powershell SDK



 Jan 10 2022
4 Comments (4 New)


The equivalent to enable / disable per-user MFA using Microsoft graph powershell SDK:

Create the StrongAuthenticationRequirement Object

$sa = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement
$sa.RelyingParty = "*"
$sa.State = "Enabled"
$sar = @($sa)

Enable MFA for the user

Set-MsolUser -UserPrincipalName $user -StrongAuthenticationRequirements $sar


Copper Contributor

As a backup product, it is a security hole if we do not restore the MFA settings. With the deprecation of Basic Authentication, there is no way to restore MFA settings if they were previously set on the object being restored.   It makes sense that this ability is further restricted to backup products only to ensure no additional exposure while still maintaining security during a restore operation.

Brass Contributor

We need this feature ASAP.

Not everyone has Conditional Access Configured. (Business Premium License required)

Security defaults also cannot be used in combination with a Breakglass Account...

Copper Contributor
Copper Contributor

Please implement this in Graph we need to be able to query current status and change the status in a non-interactive session, so MSOnline cannot be used.