How to use Microsoft managed settings - Authentication Methods Policy
In addition to configuring Authentication Methods Policy settings to be either Enabled or Disabled, IT admins can configure some settings to be Microsoft managed. A setting that is configured as Microsoft managed allows Azure AD to enable or disable the setting.
The option to let Azure AD manage the setting is a convenient way for an organization to allow Microsoft to enable or disable a feature by default. Organizations can more easily improve their security posture by trusting Microsoft to manage when a feature should be enabled by default. By configuring a setting as Microsoft managed (named default in Graph APIs), IT admins can trust Microsoft to enable a security feature they have not explicitly disabled.
Settings that can be Microsoft managed
The following table lists settings that can be set to Microsoft managed and whether it is enabled or disabled.
|Additional context in Microsoft Authenticator notifications||Disabled|