| author | vimrang |
|---|---|
| ms.topic | include |
Important
To update the authenticationType property, the calling app must be assigned the Domain-InternalFederation.ReadWrite.All permission.
For delegated access using work or school accounts, the signed-in user must be assigned a supported Microsoft Entra role or a custom role that grants the permissions required for this operation. This operation supports the following built-in roles, which provide only the least privilege necessary:
- Domain Name Administrator
- External Identity Provider Administrator
- Hybrid Identity Administrator
- Security Administrator