Possibility to enable/disable multi-factor authentication for a user via the Graph API

We would like to be able to set MFA for users from a custom application, by using Graph API or Azure AD SDK.

70 votes

(thinking…)

Microsoft

Forgot password?

Create a password

Signed in as (Sign out)

We’ll send you updates on this idea

Cyril Berber shared this idea · February 06, 2017 · Flag idea as inappropriate… · Admin →

started ·

Azure AD Team responded · April 18, 2018

We’re in the process of building APIs for both conditional access policies and authentication method registration. Between the two, you’ll be able to programmatically register your users’ auth methods (sms, voice, etc) and also create and edit conditional access policies to require MFA.

Michael

12 comments

Add a comment…

(thinking…)

Microsoft

Forgot password?

Create a password

Signed in as (Sign out)

Submitting...

An error occurred while saving the comment

Anonymous commented · August 20, 2019 02:11 · Flag as inappropriate

What is the ETA for this? Almost 3 years gone

Submitting...
Jeffrey commented · April 04, 2019 16:27 · Flag as inappropriate

Can't believe it's been 2 years without progress on this, MFA is becoming increasingly common and Microsoft hasn't incorporated basic setter and getter methods into their Azure v2 Graph API.

Submitting...
Anonymous commented · April 03, 2019 11:56 · Flag as inappropriate

Hey Guys
Is there really no news on this? MFA with PowerShell is a no go. We need a GA account with NO mfa to access PS progamatically.

Submitting...
ray xiao commented · March 18, 2019 07:00 · Flag as inappropriate

REST API should be provided for an app to enable the multi-factor authentication.

Submitting...
Anonymous commented · February 25, 2019 15:27 · Flag as inappropriate

This system should allow for the strong authentication methods for a user to be reset forcing a re-enroll.

Thanks,
Derrick

Submitting...
Ryan Miles commented · February 08, 2019 11:16 · Flag as inappropriate

Hi Michael, Any updates on this feature? I'm assuming it will also be able to GET a users MFA enrollment status.

Submitting...
Anonymous commented · November 19, 2018 08:17 · Flag as inappropriate

@Azure AD Team, can we get this data now? Or is there a way to know this?

Submitting...
Emil Krotki commented · October 10, 2018 00:59 · Flag as inappropriate

EU data privacy regulations require system vendors to allow "forget me" feature. This means, user should be able to delete all the data related to her/him, including MFA registration information.
Please add this feature, or Azure MFA may be pointed as non-compliant with EU data privacy rules.
API would allow Identity management solutions (MIM for instance) to delete this registration at request from user, or decommissioning process.

Submitting...
Fredrik Kindstrand commented · October 20, 2017 00:51 · Flag as inappropriate

+1 for Gururaj's comment!

Submitting...
Patrick Norman commented · October 17, 2017 05:41 · Flag as inappropriate

+1 for Gururaj's requirements.

Submitting...
Adam Smith commented · May 02, 2017 05:36 · Flag as inappropriate

+1 for Gururaj's requirements.

Submitting...
Gururaj Pandurangi commented · April 10, 2017 19:14 · Flag as inappropriate

+1
We need a ability to Get, Set MFA at
1) Domain - all users
2) Role - say users in Azure subscription 'Owner' roles
3) Users accessing a particular application - say Azure AD App

Very critical for us to enable MFA for compliance reasons, for O365 and Azure subscription tied AAD (either separately or tied together)

Submitting...