One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.
Permission type
Permissions (from least to most privileged)
Delegated (work or school account)
Policy.ReadWrite.AuthenticationMethod
Delegated (personal Microsoft account)
Not supported.
Application
Policy.ReadWrite.AuthenticationMethod
For delegated scenarios, the administrator needs the Authentication Policy AdministratorAzure AD role.
HTTP request
PATCH /policies/authenticationMethodsPolicy
Request headers
Name
Description
Authorization
Bearer {token}. Required.
Content-Type
application/json. Required.
Request body
In the request body, supply only the values for properties that should be updated. Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values.
The following table specifies the properties that can be updated.
// Code snippets are only available for the latest version. Current version is 5.x
var graphClient = new GraphServiceClient(requestAdapter);
var requestBody = new AuthenticationMethodsPolicy
{
RegistrationEnforcement = new RegistrationEnforcement
{
AuthenticationMethodsRegistrationCampaign = new AuthenticationMethodsRegistrationCampaign
{
SnoozeDurationInDays = 1,
State = AdvancedConfigState.Enabled,
ExcludeTargets = new List<ExcludeTarget>
{
},
IncludeTargets = new List<AuthenticationMethodsRegistrationCampaignIncludeTarget>
{
new AuthenticationMethodsRegistrationCampaignIncludeTarget
{
Id = "3ee3a9de-0a86-4e12-a287-9769accf1ba2",
TargetType = AuthenticationMethodTargetType.Group,
TargetedAuthenticationMethod = "microsoftAuthenticator",
},
},
},
},
};
var result = await graphClient.Policies.AuthenticationMethodsPolicy.PatchAsync(requestBody);
<?php
// THIS SNIPPET IS A PREVIEW VERSION OF THE SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new AuthenticationMethodsPolicy();
$registrationEnforcement = new RegistrationEnforcement();
$registrationEnforcementAuthenticationMethodsRegistrationCampaign = new AuthenticationMethodsRegistrationCampaign();
$registrationEnforcementAuthenticationMethodsRegistrationCampaign->setSnoozeDurationInDays(1);
$registrationEnforcementAuthenticationMethodsRegistrationCampaign->setState(new AdvancedConfigState('enabled'));
$registrationEnforcementAuthenticationMethodsRegistrationCampaign->setExcludeTargets([ ]);
$includeTargetsAuthenticationMethodsRegistrationCampaignIncludeTarget1 = new AuthenticationMethodsRegistrationCampaignIncludeTarget();
$includeTargetsAuthenticationMethodsRegistrationCampaignIncludeTarget1->setId('3ee3a9de-0a86-4e12-a287-9769accf1ba2');
$includeTargetsAuthenticationMethodsRegistrationCampaignIncludeTarget1->setTargetType(new AuthenticationMethodTargetType('group'));
$includeTargetsAuthenticationMethodsRegistrationCampaignIncludeTarget1->setTargetedAuthenticationMethod('microsoftAuthenticator');
$includeTargetsArray []= $includeTargetsAuthenticationMethodsRegistrationCampaignIncludeTarget1;
$registrationEnforcementAuthenticationMethodsRegistrationCampaign->setIncludeTargets($includeTargetsArray);
$registrationEnforcement->setAuthenticationMethodsRegistrationCampaign($registrationEnforcementAuthenticationMethodsRegistrationCampaign);
$requestBody->setRegistrationEnforcement($registrationEnforcement);
$result = $graphServiceClient->policies()->authenticationMethodsPolicy()->patch($requestBody)->wait();