Azure Graph API Trigger 2FA/MFA Auth Request
Using Azure Graph API how do I trigger a 2FA push?
For example, Duo has an API /auth/v2/auth which triggers a push/SMS/phone call/passcode request to a user. https://duo.com/docs/authapi#/auth
Twilio supports this via their "Verify v2" endpoint https://verify.twilio.com/v2/Services/{ServiceSid}/Verifications https://www.twilio.com/docs/verify/api/verification
Where is Microsofts?
Note that: MFA is a part of the user journey, and it cannot be triggered, it can only be enabled. Refer this Microsoft Q&A by Jai Verma. MFA is triggered every time when user logs in and if the Azure AD user has MFA enabled
- Only when a user tries to access an application configured to trigger MFA, MFA be triggered.
- Or if the user is enabled MFA.
- MFA cannot be triggered from Azure AD side remotely.
You can enable MFA either by Azure Portal, PowerShell or Conditional Policy.
For sample, using PowerShell you can enable MFA:
$mf= New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement
$mf.RelyingParty = "*"
$mfa = @($mf)
Set-MsolUser -UserPrincipalName "ruk@xxx.onmicrosoft.com" -StrongAuthenticationRequirements $mfa
When I tried to login with the user, got MFA prompt:
References:
Trigger/Invoke MFA request for specific user via PowerShell or other tool? - Microsoft Community Hub by ChrisAyers
Rest API to enable MFA - Microsoft Q&A by AmanpreetSingh-MSFT
- Cannot add data to a ComplexField using Python SDK for Azure AI Search
- letsencrypt cert request failing for AKS ingress
- Playwright Test execution on Azure Windows machine fails in pipeline with error as No test found, It works perfectly with same command
- How to Combining PowerShell Output from multiple server to Single csv
- How can I find all Azure app registrations with API permissions to a specific app registration?
- Azure Deployment Groups vs Agent Pools
- I cannot extract .sql CREATE TABLEs for each table in my Azure SQL Database in my Azure Repo
- Can not read blobs through BlobContainerClient for blobs with empty folder prefixes
- Are task logs deleted when the node is deleted due to autoscaling in Azure Batch service?
- Azure Function Blob Storage Monitor
- I want to fetch Azure SQL table data from ADF to use as input in copy activity
- How to access code of my Azure website?
- Run JMeter script in AzureDevOps - Bearer Access Token generation
- Azure Function - HTTP trigger request length exceeded
- How and where to define an environment variable on Azure
- Stream Analytics doesn't output the data to SQL but does to a blob storage
- While Hierarchical namespace enabled cannot upload blob with metadata hdi_isfolder
- Cannot log in to Visual Studio Account in VS 2022
- SchemaColumnConvertNotSupportedException: column: [Col_Name], physicalType: INT64, logicalType: string
- create Azure Keyvault secret without exposing values
- Can you create 'User Flows' in Azure with a pay-as-you-go account
- Deploy ARM template at management group scope with Azure DevOps Pipeline
- How to make an azure function that deploys my bicep script from Azure Storage Account
- Basic SQL commands in Terraform
- Can we Deploy Web Application in Azure OpenAI of Production Level
- Get-MgGroupMember by display name instead of userID
- Azure DevOps REST API parent relation link to existing work item error
- What should be put to 'repoOwners' in Managed Identity Federated Credentials policy?
- How to get list of users from CSV file whose LastSignInDate column has a date that is before 90 days from current date or is empty?
- Langchain cannot connect with Azure SQL Database