How can StrongAuthenticationMethods be set as the default using Powershell?

edit

To set StrongAuthenticationMethods as the default using PowerShell, you can use the following command:

Set-ADFSRelyingPartyTrust -TargetName "RelyingPartyName" `
-ClaimsProviderName @("Active Directory") `
-AuthenticationMethod @("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport") `
-AlternateAuthenticationMethods @("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport","http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/windows") `
-Enabled $true `
-SigningCertificateThumbprint "CertificateThumbprint" `
-EncryptionCertificateThumbprint "EncryptionCertificateThumbprint"

Replace "RelyingPartyName" with the name of the relying party trust you want to update, "CertificateThumbprint" with the thumbprint of the signing certificate specified in the relying party trust, and "EncryptionCertificateThumbprint" with the thumbprint of the encryption certificate specified in the relying party trust.

This command sets StrongAuthenticationMethods as the default authentication method for the relying party trust by specifying it as the first value in the AlternateAuthenticationMethods array. This ensures that users are prompted for MFA before falling back to other authentication methods.