Update identitySecurityDefaultsEnforcementPolicy

Namespace: microsoft.graph

Update the properties of an identitySecurityDefaultsEnforcementPolicy object.


One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permission type Permissions (from least to most privileged)
Delegated (work or school account) Policy.Read.All and Policy.ReadWrite.ConditionalAccess
Delegated (personal Microsoft account) Not supported.
Application Policy.Read.All and Policy.ReadWrite.ConditionalAccess

HTTP request

PATCH /policies/identitySecurityDefaultsEnforcementPolicy

Request headers

Name Description
Authorization Bearer {token}. Required.
Content-type application/json. Required.

Request body

In the request body, supply the values for relevant fields that should be updated. Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values. For best performance, don't include existing values that haven't changed.

Property Type Description
isEnabled Boolean If set to true, Azure Active Directory security defaults is enabled for the tenant.


If successful, this method returns a 204 No Content response code. It does not return anything in the response body.



The following is an example of the request.

PATCH https://graph.microsoft.com/v1.0/policies/identitySecurityDefaultsEnforcementPolicy
Content-type: application/json

  "isEnabled": false


The following is an example of the response.

HTTP/1.1 204 No Content