cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Include support for viewing and changing the default authentication method in Graph API

Include support for viewing and changing the default authentication method in Graph API
7

Upvotes

Upvote
 Jan 17 2022
1 Comments (1 New)
New

Right now, the Graph API can list the Authentication methods configured for a user, but does not return which the user has configured as the default and does not allow setting of the default method. (And, even as the tenant global admin, you cannot view this through the Azure portal.)

This causes the helpdesk extra work. When configuring the Authenticator app as a user, you can create an auth method simply by signing into the app, but it doesn't give you the option of setting or changing your default method. So the helpdesk ends up having to talk people through signing into the My Security Info portal, and setting the default method that way. Would be much easier if our helpdesk app could shows that the user's managed to configure the right auth methods, then go in and set the default for them.

Comment
Comments
gashford
Copper Contributor
‎Mar 21 2022 06:46 AM
‎Mar 21 2022 06:46 AM

Strong agree.

 

This feature has been listed as "not yet supported" in the documentation seemingly forever: https://docs.microsoft.com/en-us/graph/api/resources/authenticationmethods-overview?view=graph-rest-...

 

Setting the default authentication method can be done using Powershell module MSOnline as follows, but besides MSOL being a terrible module to use with automation, this method will no longer be supported come June 30, 2022.

# TwoWayVoiceAlternateMobile           DEFAULT
$TwoWayVoiceAlternateMobile = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationMethod
$TwoWayVoiceAlternateMobile.MethodType = "TwoWayVoiceAlternateMobile"
$TwoWayVoiceAlternateMobile.IsDefault  = $true
# TwoWayVoiceMobile                    NON-DEFAULT
$TwoWayVoiceMobile = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationMethod
$TwoWayVoiceMobile.MethodType          = "TwoWayVoiceMobile"
$TwoWayVoiceMobile.IsDefault           = $false
Set-MsolUser -UserPrincipalName $UPN –StrongAuthenticationMethods @($TwoWayVoiceMobile,$TwoWayVoiceAlternateMobile)

 

Microsoft needs to support setting the default authentication method via MS Graph.

Similar Ideas
No similar ideas