question

Sakthi-7699 avatar image
0 Votes"
Sakthi-7699 asked Sakthi-7699 commented

Not able to update mobilePhone and otherMails with empty strings using Graph API C# Azure AD-B2C

Hi, When we try to remove the user's mobilePhone or otherMails by passing an empty string, we are getting the below errors.

Message: The mobilePhone should be between 1 and 64 characters.
Message: The otherMails should be between 1 and 256 characters.

I have tried passing null, but it doesn't replace the existing values and I don't want to save " " in the mobilePhone or email as we use these values for MFA.

@amanpreetsingh-msft, Can you please suggest / guide on how can we remove the user's mobilePhone or otherMails using Graph API.

Thank you

azure-ad-b2c
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered Sakthi-7699 commented

Hi @Sakthi-7699 • Thank you for reaching out.

This is a problem with Graph SDK as the SDK is discarding the null attribute. This is not specific to mobilePhone attribute. If you set any other attribute like Country or City to null, you will experience the same behavior.

When we set a specific value to the country attribute, the patch request looks like this:

{"country":"US","@odata.type":"microsoft.graph.user"}

If we set the country to null, the patch request will look like this:

{@odata.type":"microsoft.graph.user"}

This is why the previously assigned value doesn't get changed as the patch call doesn't include any information about the attribute you are trying to set as null.

I would suggest you post feedback at msgraph-sdk-dotnet so that the team working on the SDK can help you address the issue.

Setting any attribute to null using Graph Explorer works. The problem occurs only when the null value is being set using Graph SDK.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

· 7
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@amanpreetsingh-msft Thank you! I have raised a bug here https://github.com/microsoftgraph/msgraph-sdk-dotnet/issues/1453 for this.

Also, I have another question,

If the user has lost his mobile and would like to change his MFA from Authenticator app to Authenticator app. Do we have an option to delete the authenticator app from the authentication method of a user using custom policies or Graph API or powershell script.

I read that Graph API provides the delete auth authentication method but it's available only in Beta version, however, we need this for production. Can you please suggest if there is any way?

0 Votes 0 ·

@Sakthi-7699 • Thanks for reporting the bug. In the meantime, you can try using the "core" SDK instead of the full SDK which is essentially a Graph-optimized REST client upon which the full SDK is built. Presumably, you can issue any valid REST request to MS Graph that way, including those that seem to be impaired by the full SDK: github.com/microsoftgraph/msgraph-sdk-dotnet-core

1 Vote 1 ·

@Sakthi-7699 • You can use the below cmdlets for this purpose:

 Install-module msonline
 Connect-MsolService
 Set-MsolUser -ObjectID object_id_of_the_user -StrongAuthenticationMethods @()

This will clear the MFA methods set for the given user.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

0 Votes 0 ·
Sakthi-7699 avatar image Sakthi-7699 amanpreetsingh-msft ·

Thank you so much @amanpreetsingh-msft for your prompt response.

I have couple of follow-up questions on this.

1) Can you please refer me to a document or guide me on how can we connect to B2C tenant using Connect-MsolService?
2) Can we completely automate running this script so that MFA is reset programmatically using C#? Any reference or guide would be of great help.
3) When we run these cmdlets we are prompted to login, can we make this non-interactive by getting token and authorizing to execute the commands?
4) What minimum role is required to run these cmdlets to clear the MFA method.

Kindly share relevant documentation/guide for the above questions. It would be of great help! Thanks

0 Votes 0 ·
Show more comments