| title | Update authentication method states |
|---|---|
| description | Update the properties of a user's authentication states, such as their sign-in preferences (system-preferred MFA) and per-user MFA state. |
| author | jpettere |
| ms.reviewer | intelligentaccesspm |
| ms.localizationpriority | medium |
| ms.subservice | entra-sign-in |
| doc_type | apiPageType |
| ms.date | 10/22/2024 |
Namespace: microsoft.graph
[!INCLUDE beta-disclaimer]
Update the properties of a user's authentication method states. Use this API to update the following information:
- A user's signInPreferences (system-preferred MFA)
- A user's strongAuthenticationRequirements (per-user MFA)
[!INCLUDE national-cloud-support]
Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
[!INCLUDE permissions-table]
[!INCLUDE rbac-authentication-methods-apis-write-others]
[!INCLUDE permissions-table]
[!INCLUDE permissions-table]
[!INCLUDE rbac-authentication-methods-policy-apis-write]
To update the sign-in preferences (system-preferred MFA) for a user:
PATCH /users/{id | userPrincipalName}/authentication/signInPreferencesTo update the per-user multifactor authentication state for the signed-in user:
PATCH /me/authentication/requirements[!INCLUDE me-apis-sign-in-note]
To update the per-user multifactor authentication state for a user:
PATCH /users/{id | userPrincipalName}/authentication/requirements| Name | Description |
|---|---|
| Authorization | Bearer {token}. Required. Learn more about authentication and authorization. |
| Content-Type | application/json. Required. |
[!INCLUDE table-intro]
| Property | Type | Description |
|---|---|---|
| isSystemPreferredAuthenticationMethodEnabled | Boolean | Indicates whether the credential preferences of the system are enabled. |
| userPreferredMethodForSecondaryAuthentication | userDefaultAuthenticationMethodType | The default second-factor method used by the user when signing in. If a user is enabled for system-preferred authentication, then this value is ignored except for a few scenarios where a user is authenticating via NPS extension or ADFS adapter. Possible values are push, oath, voiceMobile, voiceAlternateMobile, voiceOffice, sms, and unknownFutureValue |
| perUserMfaState | perUserMfaState | The user's state for per-user multifactor authentication. Possible values are enforced, enabled and disabled. |
If successful, this method returns a 204 No Content response code.
The following example shows a request.
PATCH https://graph.microsoft.com/beta/users/071cc716-8147-4397-a5ba-b2105951cc0b/authentication/signInPreferences
Content-Type: application/json
{
"userPreferredMethodForSecondaryAuthentication": "oath"
}[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
HTTP/1.1 204 No ContentThe following example shows a request.
PATCH https://graph.microsoft.com/beta/users/071cc716-8147-4397-a5ba-b2105951cc0b/authentication/requirements
Content-Type: application/json
{
"perUserMfaState": "disabled"
}[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
HTTP/1.1 204 No Content