Share via

Rest API to enable MFA

dev-4859 6 Reputation points
2022-06-07T04:33:33.177+00:00

Hello,
I am working on C# project, I need to know is there any REST API to enable or disable MFA in O365?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,807 questions
Microsoft Partner Center API
Microsoft Partner Center API
Microsoft Partner Center: A Microsoft website for partners that provides access to product support, a partner community, and other partner services.API: A software intermediary that allows two applications to interact with each other.
317 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,798 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. AmanpreetSingh-MSFT 56,316 Reputation points
    2022-06-07T06:59:11.28+00:00

    Hi @VIJAYBABUS-4859 • Thank you for reaching out.

    As of now, per-user MFA cannot be enabled via REST API and it has to be done by using Office/Azure Portal or using the Set-MSOLUser PowerShell Cmdlet.

    However, you can use Graph API to create a Conditional Access Policy that requires users to perform MFA when All or Specified Cloud Apps are accessed. Below is an example of how you can create a Conditional Access policy using C# Graph SDK.

    In the below example, members of the specified group need to perform MFA when they access Exchange Online using a Mobile/Desktop App or web browser from any location except the trusted locations. 

    GraphServiceClient graphClient = new GraphServiceClient( authProvider );  
  
var conditionalAccessPolicy = new ConditionalAccessPolicy  
{  
	DisplayName = "Access to EXO requires MFA",  
	State = ConditionalAccessPolicyState.Enabled,  
	Conditions = new ConditionalAccessConditionSet  
	{  
		ClientAppTypes = new List<ConditionalAccessClientApp>()  
		{  
			ConditionalAccessClientApp.MobileAppsAndDesktopClients,  
			ConditionalAccessClientApp.Browser  
		},  
		Applications = new ConditionalAccessApplications  
		{  
			IncludeApplications = new List<String>()  
			{  
				"00000002-0000-0ff1-ce00-000000000000"  
			}  
		},  
		Users = new ConditionalAccessUsers  
		{  
			IncludeGroups = new List<String>()  
			{  
				"ba8e7ded-8b0f-4836-ba06-8ff1ecc5c8ba"  
			}  
		},  
		Locations = new ConditionalAccessLocations  
		{  
			IncludeLocations = new List<String>()  
			{  
				"All"  
			},  
			ExcludeLocations = new List<String>()  
			{  
				"AllTrusted"  
			}  
		}  
	},  
	GrantControls = new ConditionalAccessGrantControls  
	{  
		Operator = "OR",  
		BuiltInControls = new List<ConditionalAccessGrantControl>()  
		{  
			ConditionalAccessGrantControl.Mfa  
		}  
	}  
};  
  
await graphClient.Identity.ConditionalAccess.Policies  
	.Request()  
	.AddAsync(conditionalAccessPolicy);

    Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.