How to remove Temporary Access Pass from Microsoft Entra ID for Customers authentication methods?

Eric D 11 Reputation points
2024-03-18T16:38:37.8533333+00:00

As requested by https://learn.microsoft.com/en-us/entra/external-id/customers/how-to-multifactor-authentication-customers, I am trying to remove the Temporary Access Pass authentication method from our Microsoft Entra ID for Customers instance and am receiving a failure. How can this be disabled?

User's image

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,633 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 33,801 Reputation points Microsoft Employee
    2024-03-18T22:27:27.54+00:00

    Hi @Eric D ,

     

    If you are seeing the "policy did not save" error, one possibility is that the policy size is too large. You can check the response from Graph to see more details about why the save is failing. If you have too many objects (groups and users) excluded for the registration campaign, you will need to downsize the policy.

    You can check the audit logs and the response from Graph to get more details.

    Request:

    PATCH https://graph.microsoft.com/beta/policies/authenticationmethodspolicy/authenticationMethodConfigurations/Fido2 HTTP/2.0

     

    When you change the policy, you may also see this error if there is a reason required to disable/enable and you have not selected that reason.

    If the first solution does not help I would recommend sharing the more detailed error from the audit logs so that we can better isolate the issue and troubleshoot.

    If the information helped you, please Accept the answer. This will help us as well as others in the community who may be researching similar questions.