We are working on a use case in Azure AD B2C space, where we need to access the user’s MFA phone number (as shown in image below) entered while registering through the signup user flow or policy.
We tried exploring the graph endpoint https://learn.microsoft.com/en-us/graph/api/phoneauthenticationmethod-get?view=graph-rest-1.0&tabs=http#http-request to read this information, however, noticed that it doesn’t work well and the documentation also confirms that it should not be used for azure ad b2c.
We attempted to raise a support case with Microsoft and were told that it is by design and currently nothing the support team could do in this regard.
We also came across a few similar posts that goes several years back such as Azure AD B2C, get MFA verified phone number programmatically and surprisingly even after many years later, the issue still exists and remains unsolved.
Out of curiosity, we found that even Azure ad b2c portal makes use of the legacy graph.windows.net API to fetch and display this information on the user interface!
We would appreciate if anyone is aware of a potential workaround for this?
Many thanks in advance!
2
Answers
After attempting multiple ways and contacting Microsoft Azure support, we had to stop because currently MS graph api cannot access the mfa phone numbers of the users that are stored either using the default user flows or using the custom policies in azure ad b2c.
Though this is a known issue that is hopefully on the product group's roadmap, however, the timeframe for the fix is not available at this point.
I tried to reproduce the same in my environment and got the results like below:
I created an Azure AD B2C user and enabled MFA:
Now, I added Authentication method for the B2C user like below:
To fetch the authentication methods or MFA phone number of Azure AD b2c user using MS graph API use the below query: