This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 93%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMF%3C/text%3E%3C/svg%3E)
I am facing a problem with the following
Users and admins be able to delete phone number from MFA, I am trying this API and getting this error
DELETE /users/{id | userPrincipalName}/authentication/phoneMethods/{phoneMethodId}
"innerError": {
"message": "The requested authentication method id of {{user id}} matches the user's current default authentication method, and cannot be deleted until the default authentication method is changed",
I have searched through the documentation and getting assertive answer on how to change the default MFA method and then delete the phone number
Kindly let me if this is supported or a workaround? Thanks!
Also how we set authenticator app as a default method for all users?
You cannot delete the default method, so you have to set another one as default first. There's no good coverage for the latter operation via the Graph API though, best you can do is use the signInPreferences resource: https://www.michev.info/blog/post/5662/configure-users-default-mfa-method-via-the-graph-api
Hi @Mohammad Farooqi
I did some research and it doesn't seem possible to do this using the Graph API. According to the documentation, there is currently only support for managing the details of the default method using the StrongAuthenticationMethods property via the MSOL Get-MsolUser and Set-MsolUser cmdlets.
Hope this helps.
If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.
Hi Guys,
Thanks for getting back to me. @Vasil Michev I tried GET and got this response
{
"@odata.type": "#microsoft.graph.phoneAuthenticationMethod",
"id": "3179e48a-750b-4051-897c-87b9720928f7",
"phoneNumber": "+1 571-------",
"phoneType": "mobile",
"smsSignInState": "notAllowedByPolicy"
},
{
"@odata.type": "#microsoft.graph.passwordAuthenticationMethod",
"id": "28c10230-6103-485e-b985-444c60001490",
"password": null,
"createdDateTime": "2024-11-15T15:59:12Z"
},
{
"@odata.type": "#microsoft.graph.softwareOathAuthenticationMethod",
"id": "7ac0a75c-05a4-4525-af81-fb3f5534702e",
"secretKey": null
}
]
}
And then when I am trying to GET following
https://graph.microsoft.com/beta/users/{{UserId}}/authentication/signInPreferences
got this response
"isSystemPreferredAuthenticationMethodEnabled": true,
"userPreferredMethodForSecondaryAuthentication": "sms",
"systemPreferredAuthenticationMethod": "Sms"
}
And when I try to Patch with body
{
"userPreferredMethodForSecondaryAuthentication": "oath"
}
{
"error": {
"code": "badRequest",
"message": "Invalid user default authentication method request.",
"innerError": {
"message": "Invalid user default authentication method request.",
"date": "2024-11-15T17:36:33",
"request-id": "7b*************************",
"client-request-id": "7b***********************"
}
}
}
Question:
I am working on azure ad b2c custom policies, I have searched for the documentation and didn't clear answer on how they system-preferred method works, as of now it is set to "Microsoft Managed" if I change that to disable option would that work?
Thank you so much for your help