functions/Remove-AzureADUserAuthenticationMethod.ps1

function Remove-AzureADUserAuthenticationMethod {
    <#
    .SYNOPSIS
        Removes an authentication method from the user.
    .DESCRIPTION
        Removes an authentication method from the user.
        Use to remove an existing authentication method for the user.
    .EXAMPLE
        PS C:\>Remove-AzureADUserAuthenticationMethod -Phone -PhoneType mobile user@contoso.com
        Removes the mobile phone authentication method for the user.
    #>

    [CmdletBinding()]
    param (
            
        [Parameter(Mandatory = $True, ParameterSetName = 'phone')]
        [switch]
        $Phone,
        
        [Parameter(Mandatory = $True, ParameterSetName = 'email')]
        [switch]
        $Email,
        
        [Parameter(Mandatory = $True, ParameterSetName = 'password')]
        [switch]
        $Password,
        
        [Parameter(Mandatory = $True, ParameterSetName = 'FIDO2')]
        [switch]
        $FIDO2,

        [Parameter(Mandatory = $True, ParameterSetName = 'MicrosoftAuthenticator')]
        [switch]
        $MicrosoftAuthenticator,

        [Parameter(Mandatory = $True, ParameterSetName = 'WindowsHelloForBusiness')]
        [switch]
        $WindowsHelloForBusiness,
        
        [Parameter(Mandatory = $True, ParameterSetName = 'FIDO2')]
        [Parameter(Mandatory = $True, ParameterSetName = 'MicrosoftAuthenticator')]
        [Parameter(Mandatory = $True, ParameterSetName = 'WindowsHelloForBusiness')]
        [Parameter(Mandatory = $True, ParameterSetName = 'temporaryAccessPass')]
        [Parameter(Mandatory = $True, ParameterSetName = 'softwareOath')]
        [string]
        $MethodId,
        
        [Parameter(Mandatory = $True, ParameterSetName = 'securityQuestion')]
        [switch]
        $SecurityQuestion,
        
        [Alias('UserId', 'UPN', 'UserPrincipalName')]
        [Parameter(Mandatory = $True, Position = 1, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)]
        [string]
        $ObjectId,
        
        [Parameter(Mandatory = $True, ParameterSetName = 'phone')]
        [ValidateSet("mobile", "alternateMobile", "office")]
        [string]
        $PhoneType,
        
        [Parameter(Mandatory = $True, ParameterSetName = 'securityQuestion')]
        [string]
        $Question,

        [Parameter(Mandatory = $True,ParameterSetName = 'temporaryAccessPass')]
        [switch]$TemporaryAccessPass,

        [Parameter(Mandatory = $True,ParameterSetName = 'softwareOath')]
        [switch]$SoftwareOath
        
    )
    
    begin {
        Assert-GraphConnection -Cmdlet $PSCmdlet
    }
    process {
        switch ($PSCmdlet.ParameterSetName) {
            "phone" {
                $methodId = switch ($PhoneType) {
                    'alternateMobile' { 'b6332ec1-7057-4abe-9331-3d72feddfe41' }
                    'mobile' { '3179e48a-750b-4051-897c-87b9720928f7' }
                    'office' { 'e37fc753-ff3b-4958-9484-eaa9425c82bc' }
                }
                Invoke-AzureAdRequest -Method DELETE -Query "users/$ObjectId/authentication/phoneMethods/$methodId"
                break
            }
            "email" {
                Invoke-AzureAdRequest -Method DELETE -Query "users/$ObjectId/authentication/emailMethods/3ddfcfc8-9383-446f-83cc-3ab9be4be18f"
                break
            }
            "FIDO2" {
                Invoke-AzureAdRequest -Method DELETE -Query "users/$ObjectId/authentication/fido2Methods/$MethodId"
                break
            }
            "MicrosoftAuthenticator" {
                Invoke-AzureAdRequest -Method DELETE -Query "users/$ObjectId/authentication/MicrosoftAuthenticatorMethods/$MethodId"
                break
            }
            "WindowsHelloForBusiness" {
                Invoke-AzureAdRequest -Method DELETE -Query "users/$ObjectId/authentication/windowsHelloForBusinessMethods/$MethodId"
                break
            }
            "temporaryAccessPass" {
                Invoke-AzureAdRequest -Method DELETE -Query "users/$ObjectId/authentication/temporaryAccessPassMethods/$MethodId"
                break
            }
            "softwareOath" {
                Invoke-AzureAdRequest -Method DELETE -Query "users/$ObjectId/authentication/softwareOathMethods/$MethodId"
                break
            }
            default {
                throw "Removing the $($PSCmdlet.ParameterSetName) method is not yet supported."
            }
        }
    }
}