cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Please add API for set or change sign-in default method MFA

Please add API for set or change sign-in default method MFA
20

Upvotes

Upvote
 Jun 07 2021
4 Comments (4 New)
New

Default method - The following authentication methods are not yet supported in Microsoft Graph beta 

There is a serious need in the company to add/change/remove MFA login methods to users!
There is a problem, for example:
1. If the administrator adds a phone number for the user. And the global policy will specify that the phone call only method is allowed.
2. The user will get an error when trying to log in to resources via the NPS extension for RDG (because he will receive a text message), and when trying to log in to resources restricted by the policy (for example office.com) he will be asked to add the MFA method and redirected to his personal account https://mysignins.microsoft.com/security-info
3. After successfully logging in to your personal account https://mysignins.microsoft.com/security-info its phone call method will work correctly.
It is very necessary to be able to set the default MFA method for users throught administrators' API.
Without this feature, it is impossible to automate the process for extending NPS to RDG, or to manual access policies for cloud services.

Default sign-in method.png

 

Comment
Comments
_isKUL
Brass Contributor
‎Jul 26 2021 11:09 PM
‎Jul 26 2021 11:09 PM

Hello!
I keep waiting for an opportunity!
"Change a user's default MFA method" from Graph API

default.PNG

J-Ludowese
Copper Contributor
‎Aug 18 2021 11:23 AM
‎Aug 18 2021 11:23 AM

Same, we need this to push our users (if they have a working auth app registered) to set it as default.

_isKUL
Brass Contributor
‎Sep 03 2021 04:58 AM
‎Sep 03 2021 04:58 AM

Hello everyone It seems that I managed to solve the problem in a non-standard way - "How to change the default authentication method for an azure user".

The source code can be downloaded here https://github.com/isKUL/AAAC 

lmoore101
Brass Contributor
‎Nov 02 2021 05:21 PM
‎Nov 02 2021 05:21 PM

Yes MS please add this capability. We should be able to default our users to the most modern and secure MFA option instead of SMS/Phone Call. Due to this limitation we are disabling the SMS/Phone options and will instead provide hardware tokens for those that can't use the MS Authenticator app.

Similar Ideas
No similar ideas