问题
We are testing MFA on Azure AD B2C using the sample found here: https://github.com/azure-ad-b2c/samples/tree/master/policies/mfa-unknown-devices
We know it can be done via the Azure Portal, but it is not an option for us to give customers access to our tenant (customer self service).
Previous posts pointed me to wait for an update from Graph API, and we are playing with the beta now: https://docs.microsoft.com/en-us/graph/api/resources/authenticationmethods-overview?view=graph-rest-beta
Running Get authenticationMethod only shows Azure AD B2C users with MFA enabled as having password authentication, no phone number.
Anyone been able to get the beta Graph API working with Azure AD B2C MFA or come up with a workaround clearing/updating phone numbers?
回答1:
Since Graph API does not appear to be the answer, we were able to find a sample Azure AD B2C custom policy that allows a user to edit their phone number. To get a "reset" functionality, we added a check for a claim that would designate the user needs to reenroll in MFA and then trigger this workflow.
https://github.com/azure-ad-b2c/samples/tree/master/policies/edit-mfa-phone-number
回答2:
MS Graph API does not support this operation for B2C. Please go through MSDN documentation which can give you more information about Microsoft Graph operations available for Azure AD B2C.
来源:https://stackoverflow.com/questions/62584656/how-do-i-programmatically-clear-or-update-a-phone-number-for-azure-ad-b2c-mfa