Azure AD authentication methods policies API overview
Authentication methods policies define authentication methods and the users that are allowed to use them to sign in and perform multi-factor authentication (MFA) in Azure Active Directory (Azure AD). Authentication methods policies that can be managed in Microsoft Graph include FIDO2 Security Keys and Passwordless Phone Sign-in with Microsoft Authenticator app.
The authentication method policies APIs are used to manage policy settings. For example:
- Define the types of FIDO2 security keys that can be used in the Azure AD tenant.
- Define the users or groups of users who are allowed to use FIDO2 Security Keys or Passwordless Phone Sign-in to sign in to Azure AD.
What authentication methods policies can be managed in Microsoft Graph?
|Authentication method policy||Description|
|fido2authenticationmethodconfiguration||Define FIDO2 security key restrictions and users who can use them to sign in to Azure AD.|
|microsoftauthenticatorauthenticationmethodconfiguration||Define users who can use Microsoft Authenticator on the Azure AD tenant.|
|emailauthenticationmethodconfiguration||Define users who can use email OTP on the Azure AD tenant.|
- Try the API in the Graph Explorer.