Обновление authenticationMethodsPolicy

Статья
10/28/2023

Пространство имен: microsoft.graph

Важно!

API версии /beta в Microsoft Graph могут быть изменены. Использование этих API в производственных приложениях не поддерживается. Чтобы определить, доступен ли API в версии 1.0, используйте селектор версий.

Обновите свойства объекта authenticationMethodsPolicy .

Этот API доступен в следующих национальных облачных развертываниях.

Глобальная служба	Правительство США L4	Правительство США L5 (DOD)	Китай управляется 21Vianet
✅	✅	✅	✅

Разрешения

Выберите разрешение или разрешения, помеченные как наименее привилегированные для этого API. Используйте более привилегированное разрешение или разрешения только в том случае, если это требуется приложению. Дополнительные сведения о делегированных разрешениях и разрешениях приложений см. в разделе Типы разрешений. Дополнительные сведения об этих разрешениях см. в справочнике по разрешениям.

Тип разрешения	Разрешения с наименьшими привилегиями	Более высокие привилегированные разрешения
Делегированное (рабочая или учебная учетная запись)	Policy.ReadWrite.AuthenticationMethod	Недоступно.
Делегированные (личная учетная запись Майкрософт)	Не поддерживается.	Не поддерживается.
Для приложений	Policy.ReadWrite.AuthenticationMethod	Недоступно.

Для делегированных сценариев администратору требуется по крайней мере роль администратора политики проверки подлинностиMicrosoft Entra.

HTTP-запрос

PATCH /policies/authenticationMethodsPolicy

Заголовки запросов

Имя	Описание
Авторизация	Bearer {token}. Обязательно. Дополнительные сведения о проверке подлинности и авторизации.
Content-Type	application/json. Обязательно.

Текст запроса

В тексте запроса укажите представление объекта registrationEnforcement в формате JSON, чтобы предложить пользователям настроить целевые методы проверки подлинности.

Свойство	Тип	Описание
registrationEnforcement	registrationEnforcement	Принудительное выполнение регистрации во время входа. Это свойство можно использовать для запроса пользователей на настройку целевых методов проверки подлинности.
reportSuspiciousActivitySettings	reportSuspiciousActivitySettings	Разрешить пользователям сообщать о уведомлениях многофакторной проверки подлинности голосовых или телефонных приложений как подозрительных.
systemCredentialPreferences	systemCredentialPreferences	Запрашивайте у пользователей наиболее предпочтительные учетные данные для многофакторной проверки подлинности.

Отклик

В случае успешного выполнения этот метод возвращает код отклика 200 OK.

Примеры

Запрос

PATCH https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy
Content-Type: application/json

{
  "registrationEnforcement": {
    "authenticationMethodsRegistrationCampaign": {
        "snoozeDurationInDays": 1,
        "enforceRegistrationAfterAllowedSnoozes": true,
        "state": "enabled",
        "excludeTargets": [],
        "includeTargets": [
            {
                "id": "3ee3a9de-0a86-4e12-a287-9769accf1ba2",
                "targetType": "group",
                "targetedAuthenticationMethod": "microsoftAuthenticator"
            }
        ]
    }
  },
  "reportSuspiciousActivitySettings": {
      "state": "enabled",
      "includeTarget": {
          "targetType": "group",
          "id": "all_users"
      },
      "voiceReportingCode": 0
  }
}


// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Beta.Models;

var requestBody = new AuthenticationMethodsPolicy
{
	RegistrationEnforcement = new RegistrationEnforcement
	{
		AuthenticationMethodsRegistrationCampaign = new AuthenticationMethodsRegistrationCampaign
		{
			SnoozeDurationInDays = 1,
			EnforceRegistrationAfterAllowedSnoozes = true,
			State = AdvancedConfigState.Enabled,
			ExcludeTargets = new List<ExcludeTarget>
			{
			},
			IncludeTargets = new List<AuthenticationMethodsRegistrationCampaignIncludeTarget>
			{
				new AuthenticationMethodsRegistrationCampaignIncludeTarget
				{
					Id = "3ee3a9de-0a86-4e12-a287-9769accf1ba2",
					TargetType = AuthenticationMethodTargetType.Group,
					TargetedAuthenticationMethod = "microsoftAuthenticator",
				},
			},
		},
	},
	ReportSuspiciousActivitySettings = new ReportSuspiciousActivitySettings
	{
		State = AdvancedConfigState.Enabled,
		IncludeTarget = new IncludeTarget
		{
			TargetType = AuthenticationMethodTargetType.Group,
			Id = "all_users",
		},
		VoiceReportingCode = 0,
	},
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Policies.AuthenticationMethodsPolicy.PatchAsync(requestBody);

Важно!

Пакеты SDK для Microsoft Graph по умолчанию используют версию API версии 1.0 и поддерживают не все типы, свойства и API, доступные в бета-версии. Дополнительные сведения о доступе к бета-API с помощью SDK см. в статье Использование пакетов Microsoft Graph SDK с бета-API.

Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider, см. в документации по SDK.


// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc-beta policies authentication-methods-policy patch --body '{\
  "registrationEnforcement": {\
    "authenticationMethodsRegistrationCampaign": {\
        "snoozeDurationInDays": 1,\
        "enforceRegistrationAfterAllowedSnoozes": true,\
        "state": "enabled",\
        "excludeTargets": [],\
        "includeTargets": [\
            {\
                "id": "3ee3a9de-0a86-4e12-a287-9769accf1ba2",\
                "targetType": "group",\
                "targetedAuthenticationMethod": "microsoftAuthenticator"\
            }\
        ]\
    }\
  },\
  "reportSuspiciousActivitySettings": {\
      "state": "enabled",\
      "includeTarget": {\
          "targetType": "group",\
          "id": "all_users"\
      },\
      "voiceReportingCode": 0\
  }\
}\
'

Важно!

Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider, см. в документации по SDK.



import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
	  graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
	  //other-imports
)

graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)


requestBody := graphmodels.NewAuthenticationMethodsPolicy()
registrationEnforcement := graphmodels.NewRegistrationEnforcement()
authenticationMethodsRegistrationCampaign := graphmodels.NewAuthenticationMethodsRegistrationCampaign()
snoozeDurationInDays := int32(1)
authenticationMethodsRegistrationCampaign.SetSnoozeDurationInDays(&snoozeDurationInDays) 
enforceRegistrationAfterAllowedSnoozes := true
authenticationMethodsRegistrationCampaign.SetEnforceRegistrationAfterAllowedSnoozes(&enforceRegistrationAfterAllowedSnoozes) 
state := graphmodels.ENABLED_ADVANCEDCONFIGSTATE 
authenticationMethodsRegistrationCampaign.SetState(&state) 
excludeTargets := []graphmodels.ExcludeTargetable {

}
authenticationMethodsRegistrationCampaign.SetExcludeTargets(excludeTargets)


authenticationMethodsRegistrationCampaignIncludeTarget := graphmodels.NewAuthenticationMethodsRegistrationCampaignIncludeTarget()
id := "3ee3a9de-0a86-4e12-a287-9769accf1ba2"
authenticationMethodsRegistrationCampaignIncludeTarget.SetId(&id) 
targetType := graphmodels.GROUP_AUTHENTICATIONMETHODTARGETTYPE 
authenticationMethodsRegistrationCampaignIncludeTarget.SetTargetType(&targetType) 
targetedAuthenticationMethod := "microsoftAuthenticator"
authenticationMethodsRegistrationCampaignIncludeTarget.SetTargetedAuthenticationMethod(&targetedAuthenticationMethod) 

includeTargets := []graphmodels.AuthenticationMethodsRegistrationCampaignIncludeTargetable {
	authenticationMethodsRegistrationCampaignIncludeTarget,
}
authenticationMethodsRegistrationCampaign.SetIncludeTargets(includeTargets)
registrationEnforcement.SetAuthenticationMethodsRegistrationCampaign(authenticationMethodsRegistrationCampaign)
requestBody.SetRegistrationEnforcement(registrationEnforcement)
reportSuspiciousActivitySettings := graphmodels.NewReportSuspiciousActivitySettings()
state := graphmodels.ENABLED_ADVANCEDCONFIGSTATE 
reportSuspiciousActivitySettings.SetState(&state) 
includeTarget := graphmodels.NewIncludeTarget()
targetType := graphmodels.GROUP_AUTHENTICATIONMETHODTARGETTYPE 
includeTarget.SetTargetType(&targetType) 
id := "all_users"
includeTarget.SetId(&id) 
reportSuspiciousActivitySettings.SetIncludeTarget(includeTarget)
voiceReportingCode := int32(0)
reportSuspiciousActivitySettings.SetVoiceReportingCode(&voiceReportingCode) 
requestBody.SetReportSuspiciousActivitySettings(reportSuspiciousActivitySettings)

authenticationMethodsPolicy, err := graphClient.Policies().AuthenticationMethodsPolicy().Patch(context.Background(), requestBody, nil)

Важно!

Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider, см. в документации по SDK.


// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

AuthenticationMethodsPolicy authenticationMethodsPolicy = new AuthenticationMethodsPolicy();
RegistrationEnforcement registrationEnforcement = new RegistrationEnforcement();
AuthenticationMethodsRegistrationCampaign authenticationMethodsRegistrationCampaign = new AuthenticationMethodsRegistrationCampaign();
authenticationMethodsRegistrationCampaign.setSnoozeDurationInDays(1);
authenticationMethodsRegistrationCampaign.setEnforceRegistrationAfterAllowedSnoozes(true);
authenticationMethodsRegistrationCampaign.setState(AdvancedConfigState.Enabled);
LinkedList<ExcludeTarget> excludeTargets = new LinkedList<ExcludeTarget>();
authenticationMethodsRegistrationCampaign.setExcludeTargets(excludeTargets);
LinkedList<AuthenticationMethodsRegistrationCampaignIncludeTarget> includeTargets = new LinkedList<AuthenticationMethodsRegistrationCampaignIncludeTarget>();
AuthenticationMethodsRegistrationCampaignIncludeTarget authenticationMethodsRegistrationCampaignIncludeTarget = new AuthenticationMethodsRegistrationCampaignIncludeTarget();
authenticationMethodsRegistrationCampaignIncludeTarget.setId("3ee3a9de-0a86-4e12-a287-9769accf1ba2");
authenticationMethodsRegistrationCampaignIncludeTarget.setTargetType(AuthenticationMethodTargetType.Group);
authenticationMethodsRegistrationCampaignIncludeTarget.setTargetedAuthenticationMethod("microsoftAuthenticator");
includeTargets.add(authenticationMethodsRegistrationCampaignIncludeTarget);
authenticationMethodsRegistrationCampaign.setIncludeTargets(includeTargets);
registrationEnforcement.setAuthenticationMethodsRegistrationCampaign(authenticationMethodsRegistrationCampaign);
authenticationMethodsPolicy.setRegistrationEnforcement(registrationEnforcement);
ReportSuspiciousActivitySettings reportSuspiciousActivitySettings = new ReportSuspiciousActivitySettings();
reportSuspiciousActivitySettings.setState(AdvancedConfigState.Enabled);
IncludeTarget includeTarget = new IncludeTarget();
includeTarget.setTargetType(AuthenticationMethodTargetType.Group);
includeTarget.setId("all_users");
reportSuspiciousActivitySettings.setIncludeTarget(includeTarget);
reportSuspiciousActivitySettings.setVoiceReportingCode(0);
authenticationMethodsPolicy.setReportSuspiciousActivitySettings(reportSuspiciousActivitySettings);
AuthenticationMethodsPolicy result = graphClient.policies().authenticationMethodsPolicy().patch(authenticationMethodsPolicy);

Важно!

Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider, см. в документации по SDK.


const options = {
	authProvider,
};

const client = Client.init(options);

const authenticationMethodsPolicy = {
  registrationEnforcement: {
    authenticationMethodsRegistrationCampaign: {
        snoozeDurationInDays: 1,
        enforceRegistrationAfterAllowedSnoozes: true,
        state: 'enabled',
        excludeTargets: [],
        includeTargets: [
            {
                id: '3ee3a9de-0a86-4e12-a287-9769accf1ba2',
                targetType: 'group',
                targetedAuthenticationMethod: 'microsoftAuthenticator'
            }
        ]
    }
  },
  reportSuspiciousActivitySettings: {
      state: 'enabled',
      includeTarget: {
          targetType: 'group',
          id: 'all_users'
      },
      voiceReportingCode: 0
  }
};

await client.api('/policies/authenticationMethodsPolicy')
	.version('beta')
	.update(authenticationMethodsPolicy);

Важно!

Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider, см. в документации по SDK.


<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\AuthenticationMethodsPolicy;
use Microsoft\Graph\Generated\Models\RegistrationEnforcement;
use Microsoft\Graph\Generated\Models\AuthenticationMethodsRegistrationCampaign;
use Microsoft\Graph\Generated\Models\ExcludeTarget;
use Microsoft\Graph\Generated\Models\AuthenticationMethodsRegistrationCampaignIncludeTarget;
use Microsoft\Graph\Generated\Models\ReportSuspiciousActivitySettings;
use Microsoft\Graph\Generated\Models\IncludeTarget;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new AuthenticationMethodsPolicy();
$registrationEnforcement = new RegistrationEnforcement();
$registrationEnforcementAuthenticationMethodsRegistrationCampaign = new AuthenticationMethodsRegistrationCampaign();
$registrationEnforcementAuthenticationMethodsRegistrationCampaign->setSnoozeDurationInDays(1);
$registrationEnforcementAuthenticationMethodsRegistrationCampaign->setEnforceRegistrationAfterAllowedSnoozes(true);
$registrationEnforcementAuthenticationMethodsRegistrationCampaign->setState(new AdvancedConfigState('enabled'));
$registrationEnforcementAuthenticationMethodsRegistrationCampaign->setExcludeTargets([	]);
$includeTargetsAuthenticationMethodsRegistrationCampaignIncludeTarget1 = new AuthenticationMethodsRegistrationCampaignIncludeTarget();
$includeTargetsAuthenticationMethodsRegistrationCampaignIncludeTarget1->setId('3ee3a9de-0a86-4e12-a287-9769accf1ba2');
$includeTargetsAuthenticationMethodsRegistrationCampaignIncludeTarget1->setTargetType(new AuthenticationMethodTargetType('group'));
$includeTargetsAuthenticationMethodsRegistrationCampaignIncludeTarget1->setTargetedAuthenticationMethod('microsoftAuthenticator');
$includeTargetsArray []= $includeTargetsAuthenticationMethodsRegistrationCampaignIncludeTarget1;
$registrationEnforcementAuthenticationMethodsRegistrationCampaign->setIncludeTargets($includeTargetsArray);

$registrationEnforcement->setAuthenticationMethodsRegistrationCampaign($registrationEnforcementAuthenticationMethodsRegistrationCampaign);
$requestBody->setRegistrationEnforcement($registrationEnforcement);
$reportSuspiciousActivitySettings = new ReportSuspiciousActivitySettings();
$reportSuspiciousActivitySettings->setState(new AdvancedConfigState('enabled'));
$reportSuspiciousActivitySettingsIncludeTarget = new IncludeTarget();
$reportSuspiciousActivitySettingsIncludeTarget->setTargetType(new AuthenticationMethodTargetType('group'));
$reportSuspiciousActivitySettingsIncludeTarget->setId('all_users');
$reportSuspiciousActivitySettings->setIncludeTarget($reportSuspiciousActivitySettingsIncludeTarget);
$reportSuspiciousActivitySettings->setVoiceReportingCode(0);
$requestBody->setReportSuspiciousActivitySettings($reportSuspiciousActivitySettings);

$result = $graphServiceClient->policies()->authenticationMethodsPolicy()->patch($requestBody)->wait();

Важно!

Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider, см. в документации по SDK.


Import-Module Microsoft.Graph.Beta.Identity.SignIns

$params = @{
	registrationEnforcement = @{
		authenticationMethodsRegistrationCampaign = @{
			snoozeDurationInDays = 1
			enforceRegistrationAfterAllowedSnoozes = $true
			state = "enabled"
			excludeTargets = @(
			)
			includeTargets = @(
				@{
					id = "3ee3a9de-0a86-4e12-a287-9769accf1ba2"
					targetType = "group"
					targetedAuthenticationMethod = "microsoftAuthenticator"
				}
			)
		}
	}
	reportSuspiciousActivitySettings = @{
		state = "enabled"
		includeTarget = @{
			targetType = "group"
			id = "all_users"
		}
		voiceReportingCode = 0
	}
}

Update-MgBetaPolicyAuthenticationMethodPolicy -BodyParameter $params

Важно!

Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider, см. в документации по SDK.


from msgraph import GraphServiceClient
from msgraph.generated.models.authentication_methods_policy import AuthenticationMethodsPolicy
from msgraph.generated.models.registration_enforcement import RegistrationEnforcement
from msgraph.generated.models.authentication_methods_registration_campaign import AuthenticationMethodsRegistrationCampaign
from msgraph.generated.models.exclude_target import ExcludeTarget
from msgraph.generated.models.authentication_methods_registration_campaign_include_target import AuthenticationMethodsRegistrationCampaignIncludeTarget
from msgraph.generated.models.report_suspicious_activity_settings import ReportSuspiciousActivitySettings
from msgraph.generated.models.include_target import IncludeTarget

graph_client = GraphServiceClient(credentials, scopes)

request_body = AuthenticationMethodsPolicy(
	registration_enforcement = RegistrationEnforcement(
		authentication_methods_registration_campaign = AuthenticationMethodsRegistrationCampaign(
			snooze_duration_in_days = 1,
			enforce_registration_after_allowed_snoozes = True,
			state = AdvancedConfigState.Enabled,
			exclude_targets = [
			],
			include_targets = [
				AuthenticationMethodsRegistrationCampaignIncludeTarget(
					id = "3ee3a9de-0a86-4e12-a287-9769accf1ba2",
					target_type = AuthenticationMethodTargetType.Group,
					targeted_authentication_method = "microsoftAuthenticator",
				),
			],
		),
	),
	report_suspicious_activity_settings = ReportSuspiciousActivitySettings(
		state = AdvancedConfigState.Enabled,
		include_target = IncludeTarget(
			target_type = AuthenticationMethodTargetType.Group,
			id = "all_users",
		),
		voice_reporting_code = 0,
	),
)

result = await graph_client.policies.authentication_methods_policy.patch(request_body)

Важно!

Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider, см. в документации по SDK.

Отклик

Примечание. Объект отклика, показанный здесь, может быть сокращен для удобочитаемости.

HTTP/1.1 200 OK
Content-Type: application/json

{
  "@odata.context": "https://graph.microsoft.com/beta/$metadata#authenticationMethodsPolicy",
  "id": "authenticationMethodsPolicy",
  "displayName": "Authentication Methods Policy",
  "description": "The tenant-wide policy that controls which authentication methods are allowed in the tenant, authentication method registration requirements, and self-service password reset settings",
  "lastModifiedDateTime": "2021-05-25T01:08:08.6712279Z",
  "policyVersion": "1.4",
  "registrationEnforcement": {
    "authenticationMethodsRegistrationCampaign": {
      "snoozeDurationInDays": 1,
      "nforceRegistrationAfterAllowedSnoozes": true,
      "state": "enabled",
      "excludeTargets": [],
      "includeTargets": [
        {
          "id": "3ee3a9de-0a86-4e12-a287-9769accf1ba2",
          "targetType": "group",
          "targetedAuthenticationMethod": "microsoftAuthenticator"
        }
      ]
    }
  },
    "reportSuspiciousActivitySettings": {
      "state": "enabled",
      "includeTarget": {
          "targetType": "group",
          "id": "all_users"
      },
      "voiceReportingCode": 0
  },
  "systemCredentialPreferences": {
    "@odata.type": "#microsoft.graph.systemCredentialPreferences",
    "excludeTargets": [],
    "includeTargets": [
      {
        "id": "all_users",
        "targetType": "group"
      }
    ],
    "state": "enabled"
  }
}

Обновление authenticationMethodsPolicy

Разрешения

HTTP-запрос

Заголовки запросов

Текст запроса

Отклик

Примеры

Запрос

Отклик

Обратная связь

Обратная связь

Дополнительные ресурсы