Azure Graph API Trigger 2FA/MFA Auth Request
Using Azure Graph API how do I trigger a 2FA push?
For example, Duo has an API /auth/v2/auth which triggers a push/SMS/phone call/passcode request to a user. https://duo.com/docs/authapi#/auth
Twilio supports this via their "Verify v2" endpoint https://verify.twilio.com/v2/Services/{ServiceSid}/Verifications https://www.twilio.com/docs/verify/api/verification
Where is Microsofts?
Note that: MFA is a part of the user journey, and it cannot be triggered, it can only be enabled. Refer this Microsoft Q&A by Jai Verma. MFA is triggered every time when user logs in and if the Azure AD user has MFA enabled
- Only when a user tries to access an application configured to trigger MFA, MFA be triggered.
- Or if the user is enabled MFA.
- MFA cannot be triggered from Azure AD side remotely.
You can enable MFA either by Azure Portal, PowerShell or Conditional Policy.
For sample, using PowerShell you can enable MFA:
$mf= New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement
$mf.RelyingParty = "*"
$mfa = @($mf)
Set-MsolUser -UserPrincipalName "ruk@xxx.onmicrosoft.com" -StrongAuthenticationRequirements $mfa
When I tried to login with the user, got MFA prompt:
References:
Trigger/Invoke MFA request for specific user via PowerShell or other tool? - Microsoft Community Hub by ChrisAyers
Rest API to enable MFA - Microsoft Q&A by AmanpreetSingh-MSFT
- Azure PowerShell command to list all Azure VM SKU Sizes enabled for Confidential Computing Azure ACC
- Create Azure TimerTrigger Durable Function in python
- Azure File Share: Cannot map network drive
- RBAC with bicep
- ADF expression to convert array to comma separated string
- How to get status of Azure machine learning service pipeline run using Rest Api?
- How do I deploy a Nuxt 3 solution to an Azure Node Web App
- Azure Blob Upload not working in ASP .Net Core Application
- How to clear a Cosmos DB database or delete all items using Azure portal
- Using script commands, how to add multiple scale rules to an Azure Container App?
- User Assigned Managed Identity: No User Assigned or Delegated Managed Identity found for specified ClientId/ResourceId/PrincipalId
- Generate resources dynamically from another group of dynamically generated resources in Terraform
- Column reordering in ADF
- Logic App AuthorizationFailure - vnet integration needed
- Azure blob, controlling filename on download
- Azure VNet peering with Private Link
- Get Private FQDNs, IPs, Names of the Private Endpoints for the Azure resources deployed in an Virtual Network using PowerShell Script
- How to configure appsettings on a auto-generated preview environment
- Using Azure DevOps, how do I migrate a release pipeline to code, similar to build pipeline yml?
- Root login Ubuntu VM on Azure
- Filtering azure devops release build based upon build tag with "Continuous deployment trigger"
- Azure WebApp autoscale
- How to handle long startup times in Azure App Service deployment
- Frontend not available when front and back on same Web App Azure
- Use Salesforce Connectors from Hosted Azure Logic App in VSCode?
- What is considered an ingestion request in Azure Data Explorer?
- Provisioning (SCIM) by Entra/Azure: Why can I not select the "groups" attribute in my attribute mapping?
- Azure function verbose trace logging to Application Insights
- Azure function app GraphServiceClient create list
- Cypress tests fail to run in parallel mode due to mismatched specs between different runs