Configure Per-user MFA settings via powershell or microsoft graph api

MSOL PowerShell module is retiring on 31st March 2023
azure-ad-license-management-extension

With this it looks like there is still no possibility to set MFA status per user using PowerShell or graph API, only manual GUI option by visiting multifactorverification.aspx
Previous method of setting MFA status per user was something like in the code bellow

$user = "******@sometenant.onmicrosoft.com  
$auth = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement  
$auth.RelyingParty = "*"  
$auth.State = "Enforced"  
$authst = @($auth)  
Set-MsolUser -UserPrincipalName $user -StrongAuthenticationRequirements $authst  

Yes you can force the user to register MFA methods by deleting all previously registered MFA methods, but this is if the user had previously set MFA status to enforced.
This is not the case for newly created users that have MFA status by default set to "Disabled"
Security defaults is not the option if there is a need to have per user MFA enforcement and not for all tenants users.

Hello Michev,

Thank you for your answer!
We will automatically create thousands of tenants, for security reasons, we want to disable the app password once the tenant is created.
As you mentioned, there is no way to change this setting with powershell or Microsoft Graph API :(.
we want this option unavailable to use but automatically because we cannot connect to each tenant and change it manually.

Best regards.

Which settings exactly? App passwords cannot be configured outside of the portal, and that's a user level operation. That said, it's 2021 and you should have no need to use app passwords anymore, update your clients!
If you want to toggle the MFA state for a given user, you can do so via PowerShell and the Set-MsolUser cmdlet. Check for example this article: https://office365itpros.com/2018/11/21/reporting-mfa-enabled-accounts/