Manage MFA on Custom Application using AzureAD signing

Question

Is there any API to call and manage Microsoft MFA to allow MFA enabled user to use the application. I have already enrolled the application as an enterprise application

Answer 1

Hello Umashankar Gupta,

Welcome to the Microsoft Q&A and thank you for posting your questions here.

I understand that you have already enrolled an application as an enterprise application, and you would need to know if there any API to call and manage Microsoft MFA to allow MFA enabled user to use the application.

YES! Microsoft Graph API provides an authentication methods API that allows you to manage a user's authentication methods. You can add, update, or delete phone numbers, FIDO2 security keys, Microsoft Authenticator registrations, and Windows Hello for Business registrations. https://learn.microsoft.com/en-us/graph/api/resources/authenticationmethods-overview?view=graph-rest-1.0

Though, there is not a publicly accessible API specifically for triggering a Microsoft Authenticator MFA challenge, you can explore alternative approaches by using PowerShell or REST API calls to simulate MFA challenges. https://www.entraneer.com/blog/entra/authentication/transactional-mfa-entra-id.

Accept Answer

I hope this is helpful! Do not hesitate to let me know if you have any other questions.

** Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful ** so that others in the community facing similar issues can easily find the solution.

Best Regards,

Sina Salam