Functionality for Enabling/Enforcing/Disabling Per-User MFA in Microsoft Graph

Question

I've seen this question asked on numerous forums but haven't found anything on this one in particular. With Microsoft decommissioning the MSOL module on Jan 1st 2023, is there a plan in place for tenants who use per-user MFA and are enforced via script? Currently there is still no alternative for the MSOL module for setting users' MFA states. This is a function that is used daily by many technicians in my org and will be a big pain point if there is no alternative. We are working to implement conditional access but we are not at a point where we can rely on that.

Answer 1

@Davis Henckel Thank you for reaching out to us. As I understand you are looking for Per-User MFA status in MSOnline module replacement, under MSGraph.

Based on response with my team internally on this issue, the new direction is to move away from per-user enforcement, and to leverage Security Defaults or Conditional Access to enforce MFA.

Also we advise to leverage the Authentication Methods and Authentication Strengths policies to control what methods a user can and must use, both of which have corresponding MS Graph APIs and cmdlets.

As a result, we do not have a programmatic way to manage per-user MFA besides the legacy MSOnline module.

Let me know if you have any further questions, feel free to post back.

Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.