We are using Azure AD B2C login in our web application. We want to be able to set MFA for a B2C user based on a setting in the application. From the documentation, I can see that custom policies are able to be applied. But can the custom policy hook in to the application to read a setting (eg whether MFA should be applied in this case)?
Another approach we are considering is to set MFA programmatically for the user, based on the application setting. I have read that MFA can be set on a per user basis, through the Azure Portal. Is there a way to do this programmatically? I have looked at the Graph API but have not seen anything obvious.
I have tried setting the MFA setting for a user via the Azure portal, but this is not working for me yet. Despite setting the user's MFA to Enforced, the user can still sign in without being challenged. I also find the portal confusing, and for many users there is no clear way of identifying them (the portal only shows display name as Unknown and email address as an internal identity rather than an external identity).
I have seen these following posts Can I apply MFA to each user in Azure ADB2C and Azure AD B2C MFA on a function which do provide some useful information, but I am still unclear on this.
Is this possible, and which approach (custom policy hooking in to the application to read setting, or setting the MFA for the specific user from the application) would be better?
