Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
PATCH https://graph.microsoft.com/v1.0/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/fido2
Content-Type: application/json
{
"@odata.type": "#microsoft.graph.fido2AuthenticationMethodConfiguration",
"id": "Fido2",
"state": "disabled",
"isSelfServiceRegistrationAllowed": true,
"isAttestationEnforced": true,
"keyRestrictions": {
"isEnforced": false,
"enforcementType": "block",
"aaGuids": []
},
"includeTargets": [
{
"targetType": "group",
"id": "all_users",
"isRegistrationRequired": false,
"allowedPasskeyProfiles": [
"00000000-0000-0000-0000-000000000001"
]
}
],
"excludeTargets": [],
"passkeyProfiles": [
{
"id": "00000000-0000-0000-0000-000000000001",
"name": "Default passkey profile",
"passkeyTypes": "deviceBound,synced",
"attestationEnforcement": "disabled",
"keyRestrictions": {
"isEnforced": false,
"enforcementType": "allow",
"aaGuids": [
]
}
}
]
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
using Microsoft.Kiota.Abstractions.Serialization;
var requestBody = new Fido2AuthenticationMethodConfiguration
{
OdataType = "#microsoft.graph.fido2AuthenticationMethodConfiguration",
Id = "Fido2",
State = AuthenticationMethodState.Disabled,
IsSelfServiceRegistrationAllowed = true,
IsAttestationEnforced = true,
KeyRestrictions = new Fido2KeyRestrictions
{
IsEnforced = false,
EnforcementType = Fido2RestrictionEnforcementType.Block,
AaGuids = new List<string>
{
},
},
IncludeTargets = new List<AuthenticationMethodTarget>
{
new AuthenticationMethodTarget
{
TargetType = AuthenticationMethodTargetType.Group,
Id = "all_users",
IsRegistrationRequired = false,
AdditionalData = new Dictionary<string, object>
{
{
"allowedPasskeyProfiles" , new List<string>
{
"00000000-0000-0000-0000-000000000001",
}
},
},
},
},
ExcludeTargets = new List<ExcludeTarget>
{
},
AdditionalData = new Dictionary<string, object>
{
{
"passkeyProfiles" , new List<object>
{
new UntypedObject(new Dictionary<string, UntypedNode>
{
{
"id", new UntypedString("00000000-0000-0000-0000-000000000001")
},
{
"name", new UntypedString("Default passkey profile")
},
{
"passkeyTypes", new UntypedString("deviceBound,synced")
},
{
"attestationEnforcement", new UntypedString("disabled")
},
{
"keyRestrictions", new UntypedObject(new Dictionary<string, UntypedNode>
{
{
"isEnforced", new UntypedBoolean(false)
},
{
"enforcementType", new UntypedString("allow")
},
{
"aaGuids", new UntypedArray(new List<UntypedNode>
{
})
},
})
},
}),
}
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Policies.AuthenticationMethodsPolicy.AuthenticationMethodConfigurations["{authenticationMethodConfiguration-id}"].PatchAsync(requestBody);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
Fido2AuthenticationMethodConfiguration authenticationMethodConfiguration = new Fido2AuthenticationMethodConfiguration();
authenticationMethodConfiguration.setOdataType("#microsoft.graph.fido2AuthenticationMethodConfiguration");
authenticationMethodConfiguration.setId("Fido2");
authenticationMethodConfiguration.setState(AuthenticationMethodState.Disabled);
authenticationMethodConfiguration.setIsSelfServiceRegistrationAllowed(true);
authenticationMethodConfiguration.setIsAttestationEnforced(true);
Fido2KeyRestrictions keyRestrictions = new Fido2KeyRestrictions();
keyRestrictions.setIsEnforced(false);
keyRestrictions.setEnforcementType(Fido2RestrictionEnforcementType.Block);
LinkedList<String> aaGuids = new LinkedList<String>();
keyRestrictions.setAaGuids(aaGuids);
authenticationMethodConfiguration.setKeyRestrictions(keyRestrictions);
LinkedList<AuthenticationMethodTarget> includeTargets = new LinkedList<AuthenticationMethodTarget>();
AuthenticationMethodTarget authenticationMethodTarget = new AuthenticationMethodTarget();
authenticationMethodTarget.setTargetType(AuthenticationMethodTargetType.Group);
authenticationMethodTarget.setId("all_users");
authenticationMethodTarget.setIsRegistrationRequired(false);
HashMap<String, Object> additionalData = new HashMap<String, Object>();
LinkedList<String> allowedPasskeyProfiles = new LinkedList<String>();
allowedPasskeyProfiles.add("00000000-0000-0000-0000-000000000001");
additionalData.put("allowedPasskeyProfiles", allowedPasskeyProfiles);
authenticationMethodTarget.setAdditionalData(additionalData);
includeTargets.add(authenticationMethodTarget);
authenticationMethodConfiguration.setIncludeTargets(includeTargets);
LinkedList<ExcludeTarget> excludeTargets = new LinkedList<ExcludeTarget>();
authenticationMethodConfiguration.setExcludeTargets(excludeTargets);
HashMap<String, Object> additionalData1 = new HashMap<String, Object>();
LinkedList<Object> passkeyProfiles = new LinkedList<Object>();
property1 = new ();
property1.setId("00000000-0000-0000-0000-000000000001");
property1.setName("Default passkey profile");
property1.setPasskeyTypes("deviceBound,synced");
property1.setAttestationEnforcement("disabled");
keyRestrictions1 = new ();
keyRestrictions1.setIsEnforced(false);
keyRestrictions1.setEnforcementType("allow");
LinkedList<Object> aaGuids1 = new LinkedList<Object>();
keyRestrictions1.setAaGuids(aaGuids1);
property1.setKeyRestrictions(keyRestrictions1);
passkeyProfiles.add(property1);
additionalData1.put("passkeyProfiles", passkeyProfiles);
authenticationMethodConfiguration.setAdditionalData(additionalData1);
AuthenticationMethodConfiguration result = graphClient.policies().authenticationMethodsPolicy().authenticationMethodConfigurations().byAuthenticationMethodConfigurationId("{authenticationMethodConfiguration-id}").patch(authenticationMethodConfiguration);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
const options = {
authProvider,
};
const client = Client.init(options);
const authenticationMethodConfiguration = {
'@odata.type': '#microsoft.graph.fido2AuthenticationMethodConfiguration',
id: 'Fido2',
state: 'disabled',
isSelfServiceRegistrationAllowed: true,
isAttestationEnforced: true,
keyRestrictions: {
isEnforced: false,
enforcementType: 'block',
aaGuids: []
},
includeTargets: [
{
targetType: 'group',
id: 'all_users',
isRegistrationRequired: false,
allowedPasskeyProfiles: [
'00000000-0000-0000-0000-000000000001'
]
}
],
excludeTargets: [],
passkeyProfiles: [
{
id: '00000000-0000-0000-0000-000000000001',
name: 'Default passkey profile',
passkeyTypes: 'deviceBound,synced',
attestationEnforcement: 'disabled',
keyRestrictions: {
isEnforced: false,
enforcementType: 'allow',
aaGuids: [
]
}
}
]
};
await client.api('/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/fido2')
.update(authenticationMethodConfiguration);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\Fido2AuthenticationMethodConfiguration;
use Microsoft\Graph\Generated\Models\AuthenticationMethodState;
use Microsoft\Graph\Generated\Models\Fido2KeyRestrictions;
use Microsoft\Graph\Generated\Models\Fido2RestrictionEnforcementType;
use Microsoft\Graph\Generated\Models\AuthenticationMethodTarget;
use Microsoft\Graph\Generated\Models\AuthenticationMethodTargetType;
use Microsoft\Graph\Generated\Models\ExcludeTarget;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new Fido2AuthenticationMethodConfiguration();
$requestBody->setOdataType('#microsoft.graph.fido2AuthenticationMethodConfiguration');
$requestBody->setId('Fido2');
$requestBody->setState(new AuthenticationMethodState('disabled'));
$requestBody->setIsSelfServiceRegistrationAllowed(true);
$requestBody->setIsAttestationEnforced(true);
$keyRestrictions = new Fido2KeyRestrictions();
$keyRestrictions->setIsEnforced(false);
$keyRestrictions->setEnforcementType(new Fido2RestrictionEnforcementType('block'));
$keyRestrictions->setAaGuids([ ]);
$requestBody->setKeyRestrictions($keyRestrictions);
$includeTargetsAuthenticationMethodTarget1 = new AuthenticationMethodTarget();
$includeTargetsAuthenticationMethodTarget1->setTargetType(new AuthenticationMethodTargetType('group'));
$includeTargetsAuthenticationMethodTarget1->setId('all_users');
$includeTargetsAuthenticationMethodTarget1->setIsRegistrationRequired(false);
$additionalData = [
'allowedPasskeyProfiles' => [
'00000000-0000-0000-0000-000000000001', ],
];
$includeTargetsAuthenticationMethodTarget1->setAdditionalData($additionalData);
$includeTargetsArray []= $includeTargetsAuthenticationMethodTarget1;
$requestBody->setIncludeTargets($includeTargetsArray);
$requestBody->setExcludeTargets([]);
$additionalData = [
'passkeyProfiles' => [
[
'id' => '00000000-0000-0000-0000-000000000001',
'name' => 'Default passkey profile',
'passkeyTypes' => 'deviceBound,synced',
'attestationEnforcement' => 'disabled',
'keyRestrictions' => [
'isEnforced' => false,
'enforcementType' => 'allow',
'aaGuids' => [],
],
],
],
];
$requestBody->setAdditionalData($additionalData);
$result = $graphServiceClient->policies()->authenticationMethodsPolicy()->authenticationMethodConfigurations()->byAuthenticationMethodConfigurationId('authenticationMethodConfiguration-id')->patch($requestBody)->wait();
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
Import-Module Microsoft.Graph.Identity.SignIns
$params = @{
"@odata.type" = "#microsoft.graph.fido2AuthenticationMethodConfiguration"
id = "Fido2"
state = "disabled"
isSelfServiceRegistrationAllowed = $true
isAttestationEnforced = $true
keyRestrictions = @{
isEnforced = $false
enforcementType = "block"
aaGuids = @(
)
}
includeTargets = @(
@{
targetType = "group"
id = "all_users"
isRegistrationRequired = $false
allowedPasskeyProfiles = @(
"00000000-0000-0000-0000-000000000001"
)
}
)
excludeTargets = @(
)
passkeyProfiles = @(
@{
id = "00000000-0000-0000-0000-000000000001"
name = "Default passkey profile"
passkeyTypes = "deviceBound,synced"
attestationEnforcement = "disabled"
keyRestrictions = @{
isEnforced = $false
enforcementType = "allow"
aaGuids = @(
)
}
}
)
}
Update-MgPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration -AuthenticationMethodConfigurationId $authenticationMethodConfigurationId -BodyParameter $params
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.fido2_authentication_method_configuration import Fido2AuthenticationMethodConfiguration
from msgraph.generated.models.authentication_method_state import AuthenticationMethodState
from msgraph.generated.models.fido2_key_restrictions import Fido2KeyRestrictions
from msgraph.generated.models.fido2_restriction_enforcement_type import Fido2RestrictionEnforcementType
from msgraph.generated.models.authentication_method_target import AuthenticationMethodTarget
from msgraph.generated.models.authentication_method_target_type import AuthenticationMethodTargetType
from msgraph.generated.models.exclude_target import ExcludeTarget
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = Fido2AuthenticationMethodConfiguration(
odata_type = "#microsoft.graph.fido2AuthenticationMethodConfiguration",
id = "Fido2",
state = AuthenticationMethodState.Disabled,
is_self_service_registration_allowed = True,
is_attestation_enforced = True,
key_restrictions = Fido2KeyRestrictions(
is_enforced = False,
enforcement_type = Fido2RestrictionEnforcementType.Block,
aa_guids = [
],
),
include_targets = [
AuthenticationMethodTarget(
target_type = AuthenticationMethodTargetType.Group,
id = "all_users",
is_registration_required = False,
additional_data = {
"allowed_passkey_profiles" : [
"00000000-0000-0000-0000-000000000001",
],
}
),
],
exclude_targets = [
],
additional_data = {
"passkey_profiles" : [
{
"id" : "00000000-0000-0000-0000-000000000001",
"name" : "Default passkey profile",
"passkey_types" : "deviceBound,synced",
"attestation_enforcement" : "disabled",
"key_restrictions" : {
"is_enforced" : False,
"enforcement_type" : "allow",
"aa_guids" : [
],
},
},
],
}
)
result = await graph_client.policies.authentication_methods_policy.authentication_method_configurations.by_authentication_method_configuration_id('authenticationMethodConfiguration-id').patch(request_body)
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.