azure ad b2c MFA

Question

Hello,

In B2C built-in policy, if I have TURNED ON MFA, then we know that while user is signin-up, he will undergo MFA registration.
For eg., if phone-based MFA is turned on, then user will verify his phone-number by getting SMS
Subsequently, whenever he tries to sign-into that app, app will redirect him to B2C to complete the first-factor (through email/password) and second-factor through phone.

I want to know, where is the registered phone number stored in B2C tenant ??
Is it part of the standard "Azure AD authentication methods" that we can access through graph API for eg., GET /users{userId/authentication/phoneMethods/

Thanks.

Answer 1

Hello @testuser7 , Azure AD B2C consumer user accounts MFA information is accessible through PowerShell.

Use the following script:

   Connect-MsolService  
   (Get-MsolUser -ObjectId <CONSUMER USER ACCOUNT ID>).StrongAuthenticationUserDetails  

The MS Graph List phoneMethods operation is not available for B2C users.

Let us know if this answer was helpful to you or if you need additional assistance. If it was helpful, please remember to accept it so that others in the community with similar questions can more easily find a solution.

Answer 2

@Alfredo Revilla - Upwork Top Talent | IAM SWE SWA yes, keyVault is a good option.

I have one question, though.
In the event of any error message to be shown to the user, we know that Self-asserted UI is the place.
However, if there is NO Self-asserted UI currently displayed, then B2C engine will use the redirect-uri to update the app about the error.

My question is, in which scenario, B2C engine will use the global-exception datauri ??
The doc says that <ContentDefinition Id="api.error"> content definition is to render an error page that displays unhandled errors.

Can you elaborate this unhandled errors and in which situation B2C will take help of APP-REDIRECT-URI VS global-exception URI ??

Thanks.