Events
Mar 17, 9 PM - Mar 21, 10 AM
Join the meetup series to build scalable AI solutions based on real-world use cases with fellow developers and experts.
Register nowMicrosoft Entra authentication methods policies API overview
Namespace: microsoft.graph
Important
APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
Authentication methods policies define authentication methods and the users that are allowed to use them to sign in and perform multifactor authentication (MFA) in Microsoft Entra ID. Authentication methods policies that can be managed in Microsoft Graph include FIDO2 Security Keys and Passwordless Phone Sign-in with Microsoft Authenticator app.
The authentication method policies APIs are used to manage policy settings. For example:
- Define the types of FIDO2 security keys that can be used in the Microsoft Entra tenant.
- Define the users or groups of users who are allowed to use FIDO2 Security Keys or Passwordless Phone Sign-in to sign in to Microsoft Entra ID.
- Define the users or groups of users who should be reminded to set up the Microsoft Authenticator for MFA using push notifications.
Note
Requests to the authentication methods policies APIs time-out after 60 seconds.
| Authentication method policy | Description |
|---|---|
| emailauthenticationmethodconfiguration | Define users who can use email OTP on the Microsoft Entra tenant. |
| externalauthenticationmethodconfiguration (preview) | Define users who can use an external authentication method to satisfy the second factor of Microsoft Entra ID multifactor authentication requirements. |
| fido2authenticationmethodconfiguration | Define FIDO2 security key restrictions and users who can use them to sign in to Microsoft Entra ID. |
| hardwareOathAuthenticationMethodConfiguration | Define users who can use hardware OATH tokens to sign in to Microsoft Entra ID. |
| hardwareOathAuthenticationMethodDevice | Manage the inventory of hardware OATH tokens, e.g. create, delete and get tokens. |
| microsoftauthenticatorauthenticationmethodconfiguration | Define users who can use Microsoft Authenticator on the Microsoft Entra tenant. |
| smsAuthenticationMethodConfiguration | Define users who can use Text Message on the Microsoft Entra tenant. |
| softwareOathAuthenticationMethodConfiguration | Define users who can use a third-party software OATH authentication method. |
| temporaryaccesspassauthenticationmethodconfiguration | Define users who can use Temporary Access Pass to sign in to Microsoft Entra ID. |
| voiceAuthenticationMethodConfiguration | Define users or groups that are enabled to use the voice call authentication method. |
| x509CertificateAuthenticationMethodConfiguration | Define users who can use X.509 certificate to sign in to Microsoft Entra ID. |
| Policy | Description |
|---|---|
| authenticationMethodsRegistrationCampaign | Define users who should be reminded to set up an authentication method (only supported for the Microsoft Authenticator). |
- Try the API in the Graph Explorer.