| title | Update authenticationMethodsPolicy |
|---|---|
| description | Update the properties of an authenticationMethodsPolicy object. |
| author | jpettere |
| ms.reviewer | intelligentaccesspm |
| ms.localizationpriority | medium |
| ms.subservice | entra-sign-in |
| doc_type | apiPageType |
| ms.date | 04/05/2024 |
Namespace: microsoft.graph
[!INCLUDE beta-disclaimer]
Update the properties of an authenticationMethodsPolicy object.
[!INCLUDE national-cloud-support]
Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
[!INCLUDE permissions-table]
[!INCLUDE rbac-authentication-methods-policy-apis-write]
PATCH /policies/authenticationMethodsPolicy| Name | Description |
|---|---|
| Authorization | Bearer {token}. Required. Learn more about authentication and authorization. |
| Content-Type | application/json. Required. |
In the request body, supply a JSON representation of the registrationEnforcement object to prompt users to set up targeted authentication methods.
| Property | Type | Description |
|---|---|---|
| registrationEnforcement | registrationEnforcement | Enforce registration at sign-in time. This property can be used to prompt users to set up targeted authentication methods. |
| reportSuspiciousActivitySettings | reportSuspiciousActivitySettings | Enable users to report voice or phone app multi-factor authentication notifications as suspicious. |
| systemCredentialPreferences | systemCredentialPreferences | Prompt users with their most-preferred credential for multifactor authentication. |
If successful, this method returns a 200 OK response code.
PATCH https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy
Content-Type: application/json
{
"registrationEnforcement": {
"authenticationMethodsRegistrationCampaign": {
"snoozeDurationInDays": 1,
"enforceRegistrationAfterAllowedSnoozes": true,
"state": "enabled",
"excludeTargets": [],
"includeTargets": [
{
"id": "3ee3a9de-0a86-4e12-a287-9769accf1ba2",
"targetType": "group",
"targetedAuthenticationMethod": "microsoftAuthenticator"
}
]
}
},
"reportSuspiciousActivitySettings": {
"state": "enabled",
"includeTarget": {
"targetType": "group",
"id": "all_users"
},
"voiceReportingCode": 0
}
}[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
Note: The response object shown here might be shortened for readability.
HTTP/1.1 200 OK
Content-Type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#authenticationMethodsPolicy",
"id": "authenticationMethodsPolicy",
"displayName": "Authentication Methods Policy",
"description": "The tenant-wide policy that controls which authentication methods are allowed in the tenant, authentication method registration requirements, and self-service password reset settings",
"lastModifiedDateTime": "2021-05-25T01:08:08.6712279Z",
"policyVersion": "1.4",
"registrationEnforcement": {
"authenticationMethodsRegistrationCampaign": {
"snoozeDurationInDays": 1,
"nforceRegistrationAfterAllowedSnoozes": true,
"state": "enabled",
"excludeTargets": [],
"includeTargets": [
{
"id": "3ee3a9de-0a86-4e12-a287-9769accf1ba2",
"targetType": "group",
"targetedAuthenticationMethod": "microsoftAuthenticator"
}
]
}
},
"reportSuspiciousActivitySettings": {
"state": "enabled",
"includeTarget": {
"targetType": "group",
"id": "all_users"
},
"voiceReportingCode": 0
},
"systemCredentialPreferences": {
"@odata.type": "#microsoft.graph.systemCredentialPreferences",
"excludeTargets": [],
"includeTargets": [
{
"id": "all_users",
"targetType": "group"
}
],
"state": "enabled"
}
}