807 votes118 comments · Azure Active Directory » Multi-factor Authentication · Flag idea as inappropriate… · Admin →
We’re really pleased to let you know that we’ve released the first authentication method APIs to public preview:
So far there are APIs for managing phone numbers and password resets. When phone numbers are set with the API, the user can use that number for MFA and SSPR (as allowed by your tenant’s policy).
The team is hard at work at building out APIs for all of the other authentication methods, and we’ll update the response here as they’re released.Kenneth Butler supported this idea ·
An error occurred while saving the commentKenneth Butler commented
Edit from my previous comment: this does work but not when you set state to "Disabled"
Also this feature is seemingly broken now in MSOnline PowerShell module, made the call exactly as shown in the documentation with a Global Admin on the directory logged in and got the following error...
Set-MsolUser : Invalid value for parameter. Parameter Name: StrongAuthenticationRequirements.
Commands per usage instructions in the documentation:
$st = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement
$st.RelyingParty = "*"
$st.State = “Enabled”
$sta = @($st)
Set-MsolUser -UserPrincipalName firstname.lastname@example.org -StrongAuthenticationRequirements $sta