Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
Permission type
Least privileged permissions
Higher privileged permissions
Delegated (work or school account)
Policy.ReadWrite.ConditionalAccess
Policy.ReadWrite.AuthenticationMethod
Delegated (personal Microsoft account)
Not supported.
Not supported.
Application
Policy.ReadWrite.ConditionalAccess
Policy.ReadWrite.AuthenticationMethod
For delegated scenarios, the calling user must also be assigned at least the Conditional Access Administrator or Security AdministratorMicrosoft Entra role.
In the request body, supply only the values for properties that should be updated. Existing properties that aren't included in the request body maintains their previous values or be recalculated based on changes to other property values.
The following table specifies the properties that can be updated.
Property
Type
Description
appliesToCombinations
authenticationMethodModes collection
The combinations to which this configuration applies. The only possible value for fido2combinationConfigurations is fido2. Required.
Response
If successful, this method returns a 204 No Content response code.
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new AuthenticationCombinationConfiguration
{
AppliesToCombinations = new List<AuthenticationMethodModes?>
{
AuthenticationMethodModes.Fido2,
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Identity.ConditionalAccess.AuthenticationStrength.Policies["{authenticationStrengthPolicy-id}"].CombinationConfigurations["{authenticationCombinationConfiguration-id}"].PatchAsync(requestBody);
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AuthenticationCombinationConfiguration authenticationCombinationConfiguration = new AuthenticationCombinationConfiguration();
LinkedList<AuthenticationMethodModes> appliesToCombinations = new LinkedList<AuthenticationMethodModes>();
appliesToCombinations.add(AuthenticationMethodModes.Fido2);
authenticationCombinationConfiguration.setAppliesToCombinations(appliesToCombinations);
AuthenticationCombinationConfiguration result = graphClient.identity().conditionalAccess().authenticationStrength().policies().byAuthenticationStrengthPolicyId("{authenticationStrengthPolicy-id}").combinationConfigurations().byAuthenticationCombinationConfigurationId("{authenticationCombinationConfiguration-id}").patch(authenticationCombinationConfiguration);
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\AuthenticationCombinationConfiguration;
use Microsoft\Graph\Generated\Models\AuthenticationMethodModes;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new AuthenticationCombinationConfiguration();
$requestBody->setAppliesToCombinations([new AuthenticationMethodModes('fido2'), ]);
$result = $graphServiceClient->identity()->conditionalAccess()->authenticationStrength()->policies()->byAuthenticationStrengthPolicyId('authenticationStrengthPolicy-id')->combinationConfigurations()->byAuthenticationCombinationConfigurationId('authenticationCombinationConfiguration-id')->patch($requestBody)->wait();
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.