Possibility to enable/disable multi-factor authentication for a user via the Graph API
We would like to be able to set MFA for users from a custom application, by using Graph API or Azure AD SDK.

We’re in the process of building APIs for both conditional access policies and authentication method registration. Between the two, you’ll be able to programmatically register your users’ auth methods (sms, voice, etc) and also create and edit conditional access policies to require MFA.
Michael
12 comments
-
Anonymous commented
What is the ETA for this? Almost 3 years gone
-
Jeffrey commented
Can't believe it's been 2 years without progress on this, MFA is becoming increasingly common and Microsoft hasn't incorporated basic setter and getter methods into their Azure v2 Graph API.
-
Anonymous commented
Hey Guys
Is there really no news on this? MFA with PowerShell is a no go. We need a GA account with NO mfa to access PS progamatically. -
ray xiao commented
REST API should be provided for an app to enable the multi-factor authentication.
-
Anonymous commented
This system should allow for the strong authentication methods for a user to be reset forcing a re-enroll.
Thanks,
Derrick -
Ryan Miles commented
Hi Michael, Any updates on this feature? I'm assuming it will also be able to GET a users MFA enrollment status.
-
Anonymous commented
@Azure AD Team, can we get this data now? Or is there a way to know this?
-
Emil Krotki commented
EU data privacy regulations require system vendors to allow "forget me" feature. This means, user should be able to delete all the data related to her/him, including MFA registration information.
Please add this feature, or Azure MFA may be pointed as non-compliant with EU data privacy rules.
API would allow Identity management solutions (MIM for instance) to delete this registration at request from user, or decommissioning process. -
Fredrik Kindstrand commented
+1 for Gururaj's comment!
-
Patrick Norman commented
+1 for Gururaj's requirements.
-
Adam Smith commented
+1 for Gururaj's requirements.
-
Gururaj Pandurangi commented
+1
We need a ability to Get, Set MFA at
1) Domain - all users
2) Role - say users in Azure subscription 'Owner' roles
3) Users accessing a particular application - say Azure AD AppVery critical for us to enable MFA for compliance reasons, for O365 and Azure subscription tied AAD (either separately or tied together)