Azure Graph API Trigger 2FA/MFA Auth Request
Using Azure Graph API how do I trigger a 2FA push?
For example, Duo has an API /auth/v2/auth which triggers a push/SMS/phone call/passcode request to a user. https://duo.com/docs/authapi#/auth
Twilio supports this via their "Verify v2" endpoint https://verify.twilio.com/v2/Services/{ServiceSid}/Verifications https://www.twilio.com/docs/verify/api/verification
Where is Microsofts?
Note that: MFA is a part of the user journey, and it cannot be triggered, it can only be enabled. Refer this Microsoft Q&A by Jai Verma. MFA is triggered every time when user logs in and if the Azure AD user has MFA enabled
- Only when a user tries to access an application configured to trigger MFA, MFA be triggered.
- Or if the user is enabled MFA.
- MFA cannot be triggered from Azure AD side remotely.
You can enable MFA either by Azure Portal, PowerShell or Conditional Policy.
For sample, using PowerShell you can enable MFA:
$mf= New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement
$mf.RelyingParty = "*"
$mfa = @($mf)
Set-MsolUser -UserPrincipalName "[email protected]" -StrongAuthenticationRequirements $mfa
When I tried to login with the user, got MFA prompt:
References:
Trigger/Invoke MFA request for specific user via PowerShell or other tool? - Microsoft Community Hub by ChrisAyers
Rest API to enable MFA - Microsoft Q&A by AmanpreetSingh-MSFT
- Azure Service Plan - Convert Consumption App to Premium App
- No PK or FK when exporting SQL Server database
- Assigning a Token Lifetime Policy to an application in Microsoft EntraID seems to have no effect
- How to create a dataset for Azure custom speech using spx (speechCLI)
- Azure App Service Autoscale Fails to Scale In
- Azure Scale Out on Memory keeps flapping (not scaling in)
- Setting a server minimum for Azure Web App when using automatic scaling, from Bicep
- A keyvault created with access policy using BICEP creates compound identity
- Azure Loadbalancer with public IP forward traffic to Container Apps
- How to grant a Managed Identity permissions to an Azure SQL Database using IaC?
- What means skipNegotiation in SignalR HubConnection?
- Azure ClientCertificateCredential - Using SNI
- Azure AI Search MultiIndex / Conditional Semantic search
- MSAL Node service & The Partner Center API
- Load Registered Component in Azure ML for Pipeline using Python sdk v2
- Azure Blob:- How to automate Azure Archive Storage to Cool/Hot tier conversion, send download link once it's avaible , and re-archive after 72 hours?
- Azure App Service Custom Backup to Firewall Enabled Storage Account not working as expected
- How to take max value and replace it in drived column in data factory
- Synapse/ ADF - How to Truncate table if dynamic config column is True in pre-copy script
- Azure Cost Management - track costs associated with Databricks job
- Error: "OrganizationFromTenantGuidNotFound" (even with Microsoft 365 subscription)
- How to check Debug.Writeline() output in VS code?
- C# API - Provide download of files from Azure Blobstorage
- localhost:300/api is not working : "This page isn’t working"
- Creating an Azure Linux VM with Ubuntu 20.04 with Terraform
- Failed to deploy path that does not exist
- Using Azure WAF for my server(not in Azure)
- How and where to define an environment variable on Azure
- Azure Data Factory - Unable to preview data
- Azure yaml trigger pipeline every 14 days on a Saturday