how to enable/enforce MFA for individual users in AD B2C

0
votes

Our asp.net mvc application has a concept of several "accounts". Each account can have multiple users. Some accounts will have MFA enforced, others will have it enabled and will leave it to users to enable for themselves individually, and yet, some will have it disabled/unavailable.

First of all, is it possible from within my application, to use graph API in order to enforce MFA for certain users if an account setting in our application changes it to enforce it? We currently use Auth0 and it has nice functionality to allow us to just update the user's MFA settings by calling their endpoint. I am not seeing this for AD B2C. Where would I start?

1
asp.net-mvcazure-ad-b2cmulti-factor-authentication
You don't want to enable MFA through the Azure AD B2C portal, but instead want to force MFA to be enabled for users through MS graph api?Carl Zhao
yes. Based on the user settings in my application, I want to automate MFA settings per user in AD. I am guessing this would be something graph API or some other API should be able to accomplish since the Azure portal itself has this ability for me to manually do it.Riz

1 Answers

0
votes

Currently this is not available in Microsoft Graph API. If you need to automate Azure MFA management, I think MSOnline PowerShell is a good choice:

To enable user MFA in batches:

$users = "[email protected]","[email protected]","[email protected]"

foreach ($user in $users)
{
    $st = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement
    $st.RelyingParty = "*"
    $st.State = "Enabled"
    $sta = @($st)
    Set-MsolUser -UserPrincipalName $user -StrongAuthenticationRequirements $sta
}