PowerShell and Graph API support for managing Multi-Factor Authentication
Currently, the only available option to automate Azure MFA administration appears to be the MSOnline PowerShell module, released back in 2015.
The MSOnline module's Set-MsolUser and Get-MsolUser cmdlets allow administrators to enable and disable MFA on a user object using PowerShell scripts.
Alas, the MSOnline module itself does not support MFA when connecting to Azure AD. Administrators hoping to make use of the MSOnline module cannot have MFA enabled on their accounts. In short, for an admin to manage MFA with PowerShell, the admin's account can't be protected by MFA.
The new AzureAD and AzureADPreview PowerShell modules support connecting to Azure AD w/MFA-enabled accounts, but they do not expose any StrongAuthentication data for viewing or editing.
The new Graph API does not expose any StrongAuthentication data. The old Azure AD Graph API doesn't, either.
Please fix this, or provide an update as to when it will be fixed.
The MFA team is currently working on adding get/set/read/delete abilities for StrongAuthentication data to the Graph API.
Andy Sutton commented
Its ridiculous that this has been under review for almost two years without any updates from the product team.
Tyler a Nadolski commented
Landon Roberts commented
Still waiting on an update
When when when?
Kalin Kutsarov commented
Any updates on this ?
Any update on this?
Disappointing when msonline module keeps telling me its depreciated.
Surely its less work to maintain one module than two.
Get the missing functionality into AzureAD and only then can you retire msonline
any update on this? We want access to MFA to be more programmable.
Ivan Fioravanti commented
Any news on this one?
Cédric Blomart commented
Any news on accessing mfa informations ?
Azharuddin, Sheikh commented
The inability to bulk enrol StrongAuthentication data into Azure AD MFA is driving us to look at other vendor solutions for device management.
Please come up with a solution! I'd rather simplify the tech landscape and reduce the number of vendors we deal with, but this capability gap is causing us to look elsewhere
Why is this taking to so long to release, this is a huge missing piece.
Christian Rodríguez Giménez commented
We really need an api to check this
Jeff B commented
I see some significant updates in the Azure Portal for managing MFA information. Hopefully the Graph API capability is coming soon. Any updates?
Ashley Steel commented
whyyyy are we waaaaaiting
"local account is based on a user name, then the email address is stored in a strong authentication detail property."
How I can store email address in strong authentication detail property while creating local user account through Graph API?. So I can get the email verification code.
Agree with comments below. Implementing StrongAuthentication management to the Graph API would be extremely useful. Thanks