Azure AD Graph and MSOnline PowerShell set to retire
Does anyone know how we are supposed to do the things that MgGraph doesn't do yet? Last I checked, this includes:
- Dealing with password expiration stuff for Azure AD Connect (does O365 enforce expiration on synced users, who's exempt, etc)
- Change a user's default MFA methods
- You can add/remove methods in MgGraph and not MSOnline - but you can only set one as default in MSOnline! And if the NPS extension is being used, default is all that matters.
- Enforce per-user MFA on a user
- I know, I know... we'd be on conditional access if it was in the SMB plans (Business Standard), and would be using Security Defaults if it let us set exceptions for a couple service accounts... but as of now, per-user MFA is the only thing MS offers for our size and use case.
- Can be done in the GUI for now, but is safest as part of an onboarding script where it can't get missed.
