I suggest you ...

← Microsoft Graph Feature Requests

Possibility to enable/disable multi-factor authentication for a user via the Graph API

We would like to be able to set MFA for users from a custom application, by using Graph API or Azure AD SDK.

92 votes
Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Cyril Berber shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
started  ·  Azure AD Team responded  · 

We’re in the process of building APIs for both conditional access policies and authentication method registration. Between the two, you’ll be able to programmatically register your users’ auth methods (sms, voice, etc) and also create and edit conditional access policies to require MFA.

Michael

14 comments

Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Toni Pohl commented  ·   ·  Flag as inappropriate

    MSOL PS is so much outdated, and third party apps and tools NEED the Graph API to manage MFA for users. Hope this feature gets priority after such a long time...!

  • Anonymous commented  ·   ·  Flag as inappropriate

    Any progress or update on this issue; would be very helpful to do this via API rather than powershell

  • Jeffrey commented  ·   ·  Flag as inappropriate

    Can't believe it's been 2 years without progress on this, MFA is becoming increasingly common and Microsoft hasn't incorporated basic setter and getter methods into their Azure v2 Graph API.

  • Anonymous commented  ·   ·  Flag as inappropriate

    Hey Guys
    Is there really no news on this? MFA with PowerShell is a no go. We need a GA account with NO mfa to access PS progamatically.

  • ray xiao commented  ·   ·  Flag as inappropriate

    REST API should be provided for an app to enable the multi-factor authentication.

  • Anonymous commented  ·   ·  Flag as inappropriate

    This system should allow for the strong authentication methods for a user to be reset forcing a re-enroll.

    Thanks,
    Derrick

  • Ryan Miles commented  ·   ·  Flag as inappropriate

    Hi Michael, Any updates on this feature? I'm assuming it will also be able to GET a users MFA enrollment status.

  • Emil Krotki commented  ·   ·  Flag as inappropriate

    EU data privacy regulations require system vendors to allow "forget me" feature. This means, user should be able to delete all the data related to her/him, including MFA registration information.
    Please add this feature, or Azure MFA may be pointed as non-compliant with EU data privacy rules.
    API would allow Identity management solutions (MIM for instance) to delete this registration at request from user, or decommissioning process.

  • Gururaj Pandurangi commented  ·   ·  Flag as inappropriate

    +1
    We need a ability to Get, Set MFA at
    1) Domain - all users
    2) Role - say users in Azure subscription 'Owner' roles
    3) Users accessing a particular application - say Azure AD App

    Very critical for us to enable MFA for compliance reasons, for O365 and Azure subscription tied AAD (either separately or tied together)

Microsoft Graph Feature Requests: Users

Categories

Feedback and Knowledge Base

(thinking…)