FederatedIdpMfaBehavior cannot be empty
Hello
I executed New-MgDomainFederationConfiguration and tried to federate my Microsoft 365 custom domain to my third party IdP.
New-MgDomainFederationConfiguration -DomainId "my.custom.domain" `
-ActiveSignInUri "https://signinurl.of.idp" `
-DisplayName "ServiceNameofidp" `
-IssuerUri "https://issuer.of.idp" `
-MetadataExchangeUri "https://url.from.idp" `
-PassiveSignInUri "https://url.from.idp" `
-SignOutUri "https://login.microsoftonline.com/logout.srf" `
-SigningCertificate "MII_idp_signing_cert==" | Format-List
Then I saw below error message
New-MgDomainFederationConfiguration : FederatedIdpMfaBehavior cannot be empty
Status: 400 (BadRequest)
ErrorCode: Request_BadRequest
I found the document about FederatedIdpMfaBehavior.
The document says that FederatedIdpMfaBehavior is used to configure who process the MFA(in my case, third party IdP or Entra ID).
And FederatedIdpMfaBehavior is a successor of SupportsMfa of MsolDomainAuthentication command, which is planned to be obsoleted.
When I use MsolDomainAuthentication, SupportsMfa is not a required option. The command works well without SupportsMfa option.
According to below document, FederatedIdpMfaBehavior is not a required option too(Required: False).
I could find below forum post, but I could not find the method to surpress or bypass the error message above.
Does anyone know if FederatedIdpMfaBehavior is a required or not?
If it is not requied, how can we execute New-MgDomainFederationConfiguration without FederatedIdpMfaBehavior?
Thanks in advance.