Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
PATCH https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/fido2
Content-Type: application/json
{
"@odata.type": "#microsoft.graph.fido2AuthenticationMethodConfiguration",
"id": "Fido2",
"state": "disabled",
"isSelfServiceRegistrationAllowed": true,
"isAttestationEnforced": true,
"keyRestrictions": {
"isEnforced": false,
"enforcementType": "block",
"aaGuids": []
},
"includeTargets": [
{
"targetType": "group",
"id": "all_users",
"isRegistrationRequired": false,
"allowedPasskeyProfiles": [
"00000000-0000-0000-0000-000000000001"
]
}
],
"excludeTargets": [],
"passkeyProfiles": [
{
"id": "00000000-0000-0000-0000-000000000001",
"name": "Default passkey profile",
"passkeyTypes": "deviceBound,synced",
"attestationEnforcement": "disabled",
"keyRestrictions": {
"isEnforced": false,
"enforcementType": "allow",
"aaGuids": [
]
}
}
]
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new Fido2AuthenticationMethodConfiguration
{
OdataType = "#microsoft.graph.fido2AuthenticationMethodConfiguration",
Id = "Fido2",
State = AuthenticationMethodState.Disabled,
IsSelfServiceRegistrationAllowed = true,
IsAttestationEnforced = true,
KeyRestrictions = new Fido2KeyRestrictions
{
IsEnforced = false,
EnforcementType = Fido2RestrictionEnforcementType.Block,
AaGuids = new List<string>
{
},
},
IncludeTargets = new List<PasskeyAuthenticationMethodTarget>
{
new PasskeyAuthenticationMethodTarget
{
TargetType = AuthenticationMethodTargetType.Group,
Id = "all_users",
IsRegistrationRequired = false,
AllowedPasskeyProfiles = new List<Guid?>
{
Guid.Parse("00000000-0000-0000-0000-000000000001"),
},
},
},
ExcludeTargets = new List<ExcludeTarget>
{
},
PasskeyProfiles = new List<PasskeyProfile>
{
new PasskeyProfile
{
Id = "00000000-0000-0000-0000-000000000001",
Name = "Default passkey profile",
PasskeyTypes = PasskeyTypes.DeviceBound | PasskeyTypes.Synced,
AttestationEnforcement = AttestationEnforcement.Disabled,
KeyRestrictions = new Fido2KeyRestrictions
{
IsEnforced = false,
EnforcementType = Fido2RestrictionEnforcementType.Allow,
AaGuids = new List<string>
{
},
},
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Policies.AuthenticationMethodsPolicy.AuthenticationMethodConfigurations["{authenticationMethodConfiguration-id}"].PatchAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewAuthenticationMethodConfiguration()
id := "Fido2"
requestBody.SetId(&id)
state := graphmodels.DISABLED_AUTHENTICATIONMETHODSTATE
requestBody.SetState(&state)
isSelfServiceRegistrationAllowed := true
requestBody.SetIsSelfServiceRegistrationAllowed(&isSelfServiceRegistrationAllowed)
isAttestationEnforced := true
requestBody.SetIsAttestationEnforced(&isAttestationEnforced)
keyRestrictions := graphmodels.NewFido2KeyRestrictions()
isEnforced := false
keyRestrictions.SetIsEnforced(&isEnforced)
enforcementType := graphmodels.BLOCK_FIDO2RESTRICTIONENFORCEMENTTYPE
keyRestrictions.SetEnforcementType(&enforcementType)
aaGuids := []string {
}
keyRestrictions.SetAaGuids(aaGuids)
requestBody.SetKeyRestrictions(keyRestrictions)
passkeyAuthenticationMethodTarget := graphmodels.NewPasskeyAuthenticationMethodTarget()
targetType := graphmodels.GROUP_AUTHENTICATIONMETHODTARGETTYPE
passkeyAuthenticationMethodTarget.SetTargetType(&targetType)
id := "all_users"
passkeyAuthenticationMethodTarget.SetId(&id)
isRegistrationRequired := false
passkeyAuthenticationMethodTarget.SetIsRegistrationRequired(&isRegistrationRequired)
allowedPasskeyProfiles := []uuid.UUID {
uuid.MustParse("00000000-0000-0000-0000-000000000001"),
}
passkeyAuthenticationMethodTarget.SetAllowedPasskeyProfiles(allowedPasskeyProfiles)
includeTargets := []graphmodels.PasskeyAuthenticationMethodTargetable {
passkeyAuthenticationMethodTarget,
}
requestBody.SetIncludeTargets(includeTargets)
excludeTargets := []graphmodels.ExcludeTargetable {
}
requestBody.SetExcludeTargets(excludeTargets)
passkeyProfile := graphmodels.NewPasskeyProfile()
id := "00000000-0000-0000-0000-000000000001"
passkeyProfile.SetId(&id)
name := "Default passkey profile"
passkeyProfile.SetName(&name)
passkeyTypes := graphmodels.DEVICEBOUND,SYNCED_PASSKEYTYPES
passkeyProfile.SetPasskeyTypes(&passkeyTypes)
attestationEnforcement := graphmodels.DISABLED_ATTESTATIONENFORCEMENT
passkeyProfile.SetAttestationEnforcement(&attestationEnforcement)
keyRestrictions := graphmodels.NewFido2KeyRestrictions()
isEnforced := false
keyRestrictions.SetIsEnforced(&isEnforced)
enforcementType := graphmodels.ALLOW_FIDO2RESTRICTIONENFORCEMENTTYPE
keyRestrictions.SetEnforcementType(&enforcementType)
aaGuids := []string {
}
keyRestrictions.SetAaGuids(aaGuids)
passkeyProfile.SetKeyRestrictions(keyRestrictions)
passkeyProfiles := []graphmodels.PasskeyProfileable {
passkeyProfile,
}
requestBody.SetPasskeyProfiles(passkeyProfiles)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
authenticationMethodConfigurations, err := graphClient.Policies().AuthenticationMethodsPolicy().AuthenticationMethodConfigurations().ByAuthenticationMethodConfigurationId("authenticationMethodConfiguration-id").Patch(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
Fido2AuthenticationMethodConfiguration authenticationMethodConfiguration = new Fido2AuthenticationMethodConfiguration();
authenticationMethodConfiguration.setOdataType("#microsoft.graph.fido2AuthenticationMethodConfiguration");
authenticationMethodConfiguration.setId("Fido2");
authenticationMethodConfiguration.setState(AuthenticationMethodState.Disabled);
authenticationMethodConfiguration.setIsSelfServiceRegistrationAllowed(true);
authenticationMethodConfiguration.setIsAttestationEnforced(true);
Fido2KeyRestrictions keyRestrictions = new Fido2KeyRestrictions();
keyRestrictions.setIsEnforced(false);
keyRestrictions.setEnforcementType(Fido2RestrictionEnforcementType.Block);
LinkedList<String> aaGuids = new LinkedList<String>();
keyRestrictions.setAaGuids(aaGuids);
authenticationMethodConfiguration.setKeyRestrictions(keyRestrictions);
LinkedList<PasskeyAuthenticationMethodTarget> includeTargets = new LinkedList<PasskeyAuthenticationMethodTarget>();
PasskeyAuthenticationMethodTarget passkeyAuthenticationMethodTarget = new PasskeyAuthenticationMethodTarget();
passkeyAuthenticationMethodTarget.setTargetType(AuthenticationMethodTargetType.Group);
passkeyAuthenticationMethodTarget.setId("all_users");
passkeyAuthenticationMethodTarget.setIsRegistrationRequired(false);
LinkedList<UUID> allowedPasskeyProfiles = new LinkedList<UUID>();
allowedPasskeyProfiles.add(UUID.fromString("00000000-0000-0000-0000-000000000001"));
passkeyAuthenticationMethodTarget.setAllowedPasskeyProfiles(allowedPasskeyProfiles);
includeTargets.add(passkeyAuthenticationMethodTarget);
authenticationMethodConfiguration.setIncludeTargets(includeTargets);
LinkedList<ExcludeTarget> excludeTargets = new LinkedList<ExcludeTarget>();
authenticationMethodConfiguration.setExcludeTargets(excludeTargets);
LinkedList<PasskeyProfile> passkeyProfiles = new LinkedList<PasskeyProfile>();
PasskeyProfile passkeyProfile = new PasskeyProfile();
passkeyProfile.setId("00000000-0000-0000-0000-000000000001");
passkeyProfile.setName("Default passkey profile");
passkeyProfile.setPasskeyTypes(EnumSet.of(PasskeyTypes.DeviceBound, PasskeyTypes.Synced));
passkeyProfile.setAttestationEnforcement(AttestationEnforcement.Disabled);
Fido2KeyRestrictions keyRestrictions1 = new Fido2KeyRestrictions();
keyRestrictions1.setIsEnforced(false);
keyRestrictions1.setEnforcementType(Fido2RestrictionEnforcementType.Allow);
LinkedList<String> aaGuids1 = new LinkedList<String>();
keyRestrictions1.setAaGuids(aaGuids1);
passkeyProfile.setKeyRestrictions(keyRestrictions1);
passkeyProfiles.add(passkeyProfile);
authenticationMethodConfiguration.setPasskeyProfiles(passkeyProfiles);
AuthenticationMethodConfiguration result = graphClient.policies().authenticationMethodsPolicy().authenticationMethodConfigurations().byAuthenticationMethodConfigurationId("{authenticationMethodConfiguration-id}").patch(authenticationMethodConfiguration);
const options = {
authProvider,
};
const client = Client.init(options);
const authenticationMethodConfiguration = {
'@odata.type': '#microsoft.graph.fido2AuthenticationMethodConfiguration',
id: 'Fido2',
state: 'disabled',
isSelfServiceRegistrationAllowed: true,
isAttestationEnforced: true,
keyRestrictions: {
isEnforced: false,
enforcementType: 'block',
aaGuids: []
},
includeTargets: [
{
targetType: 'group',
id: 'all_users',
isRegistrationRequired: false,
allowedPasskeyProfiles: [
'00000000-0000-0000-0000-000000000001'
]
}
],
excludeTargets: [],
passkeyProfiles: [
{
id: '00000000-0000-0000-0000-000000000001',
name: 'Default passkey profile',
passkeyTypes: 'deviceBound,synced',
attestationEnforcement: 'disabled',
keyRestrictions: {
isEnforced: false,
enforcementType: 'allow',
aaGuids: [
]
}
}
]
};
await client.api('/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/fido2')
.version('beta')
.update(authenticationMethodConfiguration);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\Fido2AuthenticationMethodConfiguration;
use Microsoft\Graph\Beta\Generated\Models\AuthenticationMethodState;
use Microsoft\Graph\Beta\Generated\Models\Fido2KeyRestrictions;
use Microsoft\Graph\Beta\Generated\Models\Fido2RestrictionEnforcementType;
use Microsoft\Graph\Beta\Generated\Models\PasskeyAuthenticationMethodTarget;
use Microsoft\Graph\Beta\Generated\Models\AuthenticationMethodTargetType;
use Microsoft\Graph\Beta\Generated\Models\ExcludeTarget;
use Microsoft\Graph\Beta\Generated\Models\PasskeyProfile;
use Microsoft\Graph\Beta\Generated\Models\PasskeyTypes;
use Microsoft\Graph\Beta\Generated\Models\AttestationEnforcement;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new Fido2AuthenticationMethodConfiguration();
$requestBody->setOdataType('#microsoft.graph.fido2AuthenticationMethodConfiguration');
$requestBody->setId('Fido2');
$requestBody->setState(new AuthenticationMethodState('disabled'));
$requestBody->setIsSelfServiceRegistrationAllowed(true);
$requestBody->setIsAttestationEnforced(true);
$keyRestrictions = new Fido2KeyRestrictions();
$keyRestrictions->setIsEnforced(false);
$keyRestrictions->setEnforcementType(new Fido2RestrictionEnforcementType('block'));
$keyRestrictions->setAaGuids([ ]);
$requestBody->setKeyRestrictions($keyRestrictions);
$includeTargetsPasskeyAuthenticationMethodTarget1 = new PasskeyAuthenticationMethodTarget();
$includeTargetsPasskeyAuthenticationMethodTarget1->setTargetType(new AuthenticationMethodTargetType('group'));
$includeTargetsPasskeyAuthenticationMethodTarget1->setId('all_users');
$includeTargetsPasskeyAuthenticationMethodTarget1->setIsRegistrationRequired(false);
$includeTargetsPasskeyAuthenticationMethodTarget1->setAllowedPasskeyProfiles(['00000000-0000-0000-0000-000000000001', ]);
$includeTargetsArray []= $includeTargetsPasskeyAuthenticationMethodTarget1;
$requestBody->setIncludeTargets($includeTargetsArray);
$requestBody->setExcludeTargets([]);
$passkeyProfilesPasskeyProfile1 = new PasskeyProfile();
$passkeyProfilesPasskeyProfile1->setId('00000000-0000-0000-0000-000000000001');
$passkeyProfilesPasskeyProfile1->setName('Default passkey profile');
$passkeyProfilesPasskeyProfile1->setPasskeyTypes(new PasskeyTypes('deviceBound,synced'));
$passkeyProfilesPasskeyProfile1->setAttestationEnforcement(new AttestationEnforcement('disabled'));
$passkeyProfilesPasskeyProfile1KeyRestrictions = new Fido2KeyRestrictions();
$passkeyProfilesPasskeyProfile1KeyRestrictions->setIsEnforced(false);
$passkeyProfilesPasskeyProfile1KeyRestrictions->setEnforcementType(new Fido2RestrictionEnforcementType('allow'));
$passkeyProfilesPasskeyProfile1KeyRestrictions->setAaGuids([]);
$passkeyProfilesPasskeyProfile1->setKeyRestrictions($passkeyProfilesPasskeyProfile1KeyRestrictions);
$passkeyProfilesArray []= $passkeyProfilesPasskeyProfile1;
$requestBody->setPasskeyProfiles($passkeyProfilesArray);
$result = $graphServiceClient->policies()->authenticationMethodsPolicy()->authenticationMethodConfigurations()->byAuthenticationMethodConfigurationId('authenticationMethodConfiguration-id')->patch($requestBody)->wait();
Import-Module Microsoft.Graph.Beta.Identity.SignIns
$params = @{
"@odata.type" = "#microsoft.graph.fido2AuthenticationMethodConfiguration"
id = "Fido2"
state = "disabled"
isSelfServiceRegistrationAllowed = $true
isAttestationEnforced = $true
keyRestrictions = @{
isEnforced = $false
enforcementType = "block"
aaGuids = @(
)
}
includeTargets = @(
@{
targetType = "group"
id = "all_users"
isRegistrationRequired = $false
allowedPasskeyProfiles = @(
"00000000-0000-0000-0000-000000000001"
)
}
)
excludeTargets = @(
)
passkeyProfiles = @(
@{
id = "00000000-0000-0000-0000-000000000001"
name = "Default passkey profile"
passkeyTypes = "deviceBound,synced"
attestationEnforcement = "disabled"
keyRestrictions = @{
isEnforced = $false
enforcementType = "allow"
aaGuids = @(
)
}
}
)
}
Update-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration -AuthenticationMethodConfigurationId $authenticationMethodConfigurationId -BodyParameter $params
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.fido2_authentication_method_configuration import Fido2AuthenticationMethodConfiguration
from msgraph_beta.generated.models.authentication_method_state import AuthenticationMethodState
from msgraph_beta.generated.models.fido2_key_restrictions import Fido2KeyRestrictions
from msgraph_beta.generated.models.fido2_restriction_enforcement_type import Fido2RestrictionEnforcementType
from msgraph_beta.generated.models.passkey_authentication_method_target import PasskeyAuthenticationMethodTarget
from msgraph_beta.generated.models.authentication_method_target_type import AuthenticationMethodTargetType
from msgraph_beta.generated.models.exclude_target import ExcludeTarget
from msgraph_beta.generated.models.passkey_profile import PasskeyProfile
from msgraph_beta.generated.models.passkey_types import PasskeyTypes
from msgraph_beta.generated.models.attestation_enforcement import AttestationEnforcement
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = Fido2AuthenticationMethodConfiguration(
odata_type = "#microsoft.graph.fido2AuthenticationMethodConfiguration",
id = "Fido2",
state = AuthenticationMethodState.Disabled,
is_self_service_registration_allowed = True,
is_attestation_enforced = True,
key_restrictions = Fido2KeyRestrictions(
is_enforced = False,
enforcement_type = Fido2RestrictionEnforcementType.Block,
aa_guids = [
],
),
include_targets = [
PasskeyAuthenticationMethodTarget(
target_type = AuthenticationMethodTargetType.Group,
id = "all_users",
is_registration_required = False,
allowed_passkey_profiles = [
UUID("00000000-0000-0000-0000-000000000001"),
],
),
],
exclude_targets = [
],
passkey_profiles = [
PasskeyProfile(
id = "00000000-0000-0000-0000-000000000001",
name = "Default passkey profile",
passkey_types = PasskeyTypes.DeviceBound | PasskeyTypes.Synced,
attestation_enforcement = AttestationEnforcement.Disabled,
key_restrictions = Fido2KeyRestrictions(
is_enforced = False,
enforcement_type = Fido2RestrictionEnforcementType.Allow,
aa_guids = [
],
),
),
],
)
result = await graph_client.policies.authentication_methods_policy.authentication_method_configurations.by_authentication_method_configuration_id('authenticationMethodConfiguration-id').patch(request_body)