FederatedIdpMfaBehavior cannot be empty

Question

Hello

I executed New-MgDomainFederationConfiguration and tried to federate my Microsoft 365 custom domain to my third party IdP.

New-MgDomainFederationConfiguration -DomainId "my.custom.domain" ` 
-ActiveSignInUri "https://signinurl.of.idp" `   
-DisplayName "ServiceNameofidp" `  
-IssuerUri "https://issuer.of.idp" `   
-MetadataExchangeUri "https://url.from.idp" `   
-PassiveSignInUri "https://url.from.idp" `   
-SignOutUri "https://login.microsoftonline.com/logout.srf" `   
-SigningCertificate "MII_idp_signing_cert=="  | Format-List  

Then I saw below error message

New-MgDomainFederationConfiguration : FederatedIdpMfaBehavior cannot be empty 
Status: 400 (BadRequest) 
ErrorCode: Request_BadRequest  

I found the document about FederatedIdpMfaBehavior.

The document says that FederatedIdpMfaBehavior is used to configure who process the MFA(in my case, third party IdP or Entra ID).

https://learn.microsoft.com/en-us/graph/api/resources/internaldomainfederation?view=graph-rest-1.0#federatedidpmfabehavior-values

And FederatedIdpMfaBehavior is a successor of SupportsMfa of MsolDomainAuthentication command, which is planned to be obsoleted.

When I use MsolDomainAuthentication, SupportsMfa is not a required option. The command works well without SupportsMfa option.

According to below document, FederatedIdpMfaBehavior is not a required option too(Required: False).

https://learn.microsoft.com/en-us/powershell/module/microsoft.graph.identity.directorymanagement/new-mgdomainfederationconfiguration?view=graph-powershell-1.0

I could find below forum post, but I could not find the method to surpress or bypass the error message above.

https://techcommunity.microsoft.com/t5/microsoft-entra/problems-configuring-federation-to-saml-idp/m-p/4098212

Does anyone know if FederatedIdpMfaBehavior is a required or not?

If it is not requied, how can we execute New-MgDomainFederationConfiguration without FederatedIdpMfaBehavior?

Thanks in advance.