編輯

共用方式為


Microsoft Entra authentication methods policies API overview

Namespace: microsoft.graph

Authentication methods policies define authentication methods and the users that are allowed to use them to sign in and perform multi-factor authentication (MFA) in Microsoft Entra ID. Authentication methods policies that can be managed in Microsoft Graph include FIDO2 Security Keys and Passwordless Phone Sign-in with Microsoft Authenticator app.

The authentication method policies APIs are used to manage policy settings. For example:

  • Define the types of FIDO2 security keys that can be used in the Microsoft Entra tenant.
  • Define the users or groups of users who are allowed to use FIDO2 Security Keys or Passwordless Phone Sign-in to sign in to Microsoft Entra ID.
  • Define the users or groups of users who should be reminded to set up the Microsoft Authenticator for MFA using push notifications.

What authentication methods policies can be managed in Microsoft Graph?

Authentication method policy Description
emailauthenticationmethodconfiguration Define users who can use email OTP on the Microsoft Entra tenant.
fido2authenticationmethodconfiguration Define FIDO2 security key restrictions and users who can use them to sign in to Microsoft Entra ID.
microsoftauthenticatorauthenticationmethodconfiguration Define users who can use Microsoft Authenticator on the Microsoft Entra tenant.
smsAuthenticationMethodConfiguration Defines users who can use Text Message on the Microsoft Entra tenant.
softwareOathAuthenticationMethodConfiguration Defines users who can use a third-party software OATH authentication method.
temporaryaccesspassauthenticationmethodconfiguration Defines users who can use Temporary Access Pass to sign in to Microsoft Entra ID.
voiceAuthenticationMethodConfiguration Defines users or groups that are enabled to use the voice call authentication method.
x509CertificateAuthenticationMethodConfiguration Defines users who can use X.509 certificate to sign in to Microsoft Entra ID.

Policies available for authentication methods registration campaign

Policy Description
authenticationMethodsRegistrationCampaign Define users who should be reminded to set up an authentication method (currently only supported for the Microsoft Authenticator).

Next steps