Currently, "Require re-register MFA" can only be set in the Azure Portal, or via PowerShell using:
Set-MsolUser -UserPrincipalName username -StrongAuthenticationMethods @()
Please add support for this in the Microsoft Graph API.
Need graph API to achieve non interactive logins to prevent possible brute force attack and basic authentication
Need this feature in Graph API as well in order to make administration module services without user interaction in the Azure Portal or Powershell.
This is an absolute must! Since this is currently only possible in the v1 MSOnline module and since that module does not support authentication using an app registration, once basic auth goes away, this will no longer be possible to automate.
Our organization, like many, has experienced considerable flux in our IT infrastructure these last couple of years. While it is possible that some change in vendors or licensing of products may remediate some of the utility that a change like this requested feature would provide; it is still absolutely a missing feature hindering efforts to stabilize our user management processes in the shifting landscape we find ourselves in. I have no practice with or even well defined lines of communication into developer communities, but I wanted to at least add my thought here, somewhere, anywhere, with my little squeak of consternation into the void.
Thank you for your consideration,
Come on Microsoft, you want to get rid of basic auth, so the way with MSOnline is not an option anymore. Get a Graph API going for this.
We want to be able to do this with PowerShell, GUI isn't an option.
This should be highest priority for Microsoft regardless of how many votes it gets here as MSOnline will stop working in October when basic authentication stops working leaving us with no alternative. between now and October Microsoft should have an alternative (such as Graph or V2 AzureAD module). We already updated all our scripts to Graph and V2 AzureAD commands using app registration. We're about 3 months away from the deadline and I'm not going to go back and use basic authentication in order to automate require re-registration for MFA. I'd rather not automate it temporarily and wait for Microsoft to provide a better alternative. Why isn't this a priority for Microsoft when they know the deadline is October is a mystery to me.
We need this for our support team needs.
Other on same topic:
Graph API to trigger registered MFA verification steps. - Microsoft Tech Community
Please add API for set or change sign-in default method MFA
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
| Jul 13 2022
| Jul 06 2022
| Jun 21 2022