ADSS is able to auto create users (quick enrollment) with some options, but they are not really quick. So I've request for a feature to allow using some API/script to enroll users.
In our environment, we use a script to create the user in Active Directory and the user has to create/reset his/her password in ADSS and we want to use the MFA for this first login on ADSS, but it is not possible due the need of the user already be there, enrolled.
So, the plan is to have this API that we could add this as part of our AD user creation to also enroll the user in ADSS, and when the users will access ADSS to reset their password, they can use the MFA in advance. We have similar approach for ManageEngine products, using APIs, etc... to facilitate and being proactive and this feature will be so important for all customers using the scenario or similar. The API call could be designed to be able to protect the source/origin by a white-list IP address, if the customer wants to set this even more secure.
This is the feature request number "3800437" opened on 09/25/2020 and nothing has been done yet.