How to remove Temporary Access Pass from Microsoft Entra ID for Customers authentication methods?

Eric D 11 Reputation points
2024-03-18T16:38:37.8533333+00:00

As requested by https://learn.microsoft.com/en-us/entra/external-id/customers/how-to-multifactor-authentication-customers, I am trying to remove the Temporary Access Pass authentication method from our Microsoft Entra ID for Customers instance and am receiving a failure. How can this be disabled?

User's image

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
{count} votes

1 answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 37,206 Reputation points Microsoft Employee Moderator
    2024-03-18T22:27:27.54+00:00

    Hi @Eric D ,

     

    If you are seeing the "policy did not save" error, one possibility is that the policy size is too large. You can check the response from Graph to see more details about why the save is failing. If you have too many objects (groups and users) excluded for the registration campaign, you will need to downsize the policy.

    You can check the audit logs and the response from Graph to get more details.

    Request:

    PATCH https://graph.microsoft.com/beta/policies/authenticationmethodspolicy/authenticationMethodConfigurations/Fido2 HTTP/2.0

     

    When you change the policy, you may also see this error if there is a reason required to disable/enable and you have not selected that reason.

    If the first solution does not help I would recommend sharing the more detailed error from the audit logs so that we can better isolate the issue and troubleshoot.

    If the information helped you, please Accept the answer. This will help us as well as others in the community who may be researching similar questions.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.