Azure AD authentication methods policies API overview

Namespace: microsoft.graph

Authentication methods policies define authentication methods and the users that are allowed to use them to sign in and perform multi-factor authentication (MFA) in Azure Active Directory (Azure AD). Authentication methods policies that can be managed in Microsoft Graph include FIDO2 Security Keys and Passwordless Phone Sign-in with Microsoft Authenticator app.

The authentication method policies APIs are used to manage policy settings. For example:

  • Define the types of FIDO2 security keys that can be used in the Azure AD tenant.
  • Define the users or groups of users who are allowed to use FIDO2 Security Keys or Passwordless Phone Sign-in to sign in to Azure AD.

What authentication methods policies can be managed in Microsoft Graph?

Authentication method policy Description
fido2authenticationmethodconfiguration Define FIDO2 security key restrictions and users who can use them to sign in to Azure AD.
microsoftauthenticatorauthenticationmethodconfiguration Define users who can use Microsoft Authenticator on the Azure AD tenant.
emailauthenticationmethodconfiguration Define users who can use email OTP on the Azure AD tenant.

Next steps