更新 authenticationMethodsPolicy
命名空间:microsoft.graph
更新 authenticationMethodsPolicy 对象 的属性。
权限
要调用此 API,需要以下权限之一。要了解详细信息,包括如何选择权限的信息,请参阅权限。
| 权限类型 |
权限(从最低特权到最高特权) |
| 委派(工作或学校帐户) |
Policy.ReadWrite.AuthenticationMethod |
| 委派(个人 Microsoft 帐户) |
不支持。 |
| 应用程序 |
Policy.ReadWrite.AuthenticationMethod |
对于委派方案,管理员需要以下角色Azure AD之一:
HTTP 请求
PATCH /policies/authenticationMethodsPolicy
| 名称 |
说明 |
| Authorization |
Bearer {token}。必需。 |
| Content-Type |
application/json. Required. |
请求正文
在请求正文中,提供 authenticationMethodConfigurations 对象的 JSON 表示形式,以提示用户设置目标身份验证方法。
响应
如果成功,此方法返回 204 No Content 响应代码。
示例
请求
PATCH https://graph.microsoft.com/v1.0/policies/authenticationMethodsPolicy
Content-Type: application/json
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#authenticationMethodsPolicy",
"registrationEnforcement": {
"authenticationMethodsRegistrationCampaign": {
"snoozeDurationInDays": 1,
"state": "enabled",
"excludeTargets": [],
"includeTargets": [
{
"id": "3ee3a9de-0a86-4e12-a287-9769accf1ba2",
"targetType": "group",
"targetedAuthenticationMethod": "microsoftAuthenticator"
}
]
}
},
"authenticationMethodConfigurations": [
{
"@odata.type": "#microsoft.graph.fido2AuthenticationMethodConfiguration",
"id": "Fido2",
"state": "disabled",
"isSelfServiceRegistrationAllowed": false,
"isAttestationEnforced": false,
"keyRestrictions": {
"isEnforced": false,
"enforcementType": "block",
"aaGuids": []
}
}
]
}
const options = {
authProvider,
};
const client = Client.init(options);
const authenticationMethodsPolicy = {
'@odata.context': 'https://graph.microsoft.com/v1.0/$metadata#authenticationMethodsPolicy',
registrationEnforcement: {
authenticationMethodsRegistrationCampaign: {
snoozeDurationInDays: 1,
state: 'enabled',
excludeTargets: [],
includeTargets: [
{
id: '3ee3a9de-0a86-4e12-a287-9769accf1ba2',
targetType: 'group',
targetedAuthenticationMethod: 'microsoftAuthenticator'
}
]
}
},
authenticationMethodConfigurations: [
{
'@odata.type': '#microsoft.graph.fido2AuthenticationMethodConfiguration',
id: 'Fido2',
state: 'disabled',
isSelfServiceRegistrationAllowed: false,
isAttestationEnforced: false,
keyRestrictions: {
isEnforced: false,
enforcementType: 'block',
aaGuids: []
}
}
]
};
await client.api('/policies/authenticationMethodsPolicy')
.update(authenticationMethodsPolicy);
有关如何将 SDK 添加 到项目并 创建 authProvider 实例的 详细信息,请参阅 SDK 文档。
MSHTTPClient *httpClient = [MSClientFactory createHTTPClientWithAuthenticationProvider:authenticationProvider];
NSString *MSGraphBaseURL = @"https://graph.microsoft.com/v1.0/";
NSMutableURLRequest *urlRequest = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:[MSGraphBaseURL stringByAppendingString:@"/policies/authenticationMethodsPolicy"]]];
[urlRequest setHTTPMethod:@"PATCH"];
[urlRequest setValue:@"application/json" forHTTPHeaderField:@"Content-Type"];
MSGraphAuthenticationMethodsPolicy *authenticationMethodsPolicy = [[MSGraphAuthenticationMethodsPolicy alloc] init];
MSGraphRegistrationEnforcement *registrationEnforcement = [[MSGraphRegistrationEnforcement alloc] init];
MSGraphAuthenticationMethodsRegistrationCampaign *authenticationMethodsRegistrationCampaign = [[MSGraphAuthenticationMethodsRegistrationCampaign alloc] init];
[authenticationMethodsRegistrationCampaign setSnoozeDurationInDays: 1];
[authenticationMethodsRegistrationCampaign setState: [MSGraphAdvancedConfigState enabled]];
NSMutableArray *excludeTargetsList = [[NSMutableArray alloc] init];
[authenticationMethodsRegistrationCampaign setExcludeTargets:excludeTargetsList];
NSMutableArray *includeTargetsList = [[NSMutableArray alloc] init];
MSGraphAuthenticationMethodsRegistrationCampaignIncludeTarget *includeTargets = [[MSGraphAuthenticationMethodsRegistrationCampaignIncludeTarget alloc] init];
[includeTargets setId:@"3ee3a9de-0a86-4e12-a287-9769accf1ba2"];
[includeTargets setTargetType: [MSGraphAuthenticationMethodTargetType group]];
[includeTargets setTargetedAuthenticationMethod:@"microsoftAuthenticator"];
[includeTargetsList addObject: includeTargets];
[authenticationMethodsRegistrationCampaign setIncludeTargets:includeTargetsList];
[registrationEnforcement setAuthenticationMethodsRegistrationCampaign:authenticationMethodsRegistrationCampaign];
[authenticationMethodsPolicy setRegistrationEnforcement:registrationEnforcement];
NSMutableArray *authenticationMethodConfigurationsList = [[NSMutableArray alloc] init];
MSGraphAuthenticationMethodConfiguration *authenticationMethodConfigurations = [[MSGraphAuthenticationMethodConfiguration alloc] init];
[authenticationMethodConfigurations setId:@"Fido2"];
[authenticationMethodConfigurations setState: [MSGraphAuthenticationMethodState disabled]];
[authenticationMethodConfigurations setIsSelfServiceRegistrationAllowed: false];
[authenticationMethodConfigurations setIsAttestationEnforced: false];
MSGraphFido2KeyRestrictions *keyRestrictions = [[MSGraphFido2KeyRestrictions alloc] init];
[keyRestrictions setIsEnforced: false];
[keyRestrictions setEnforcementType: [MSGraphFido2RestrictionEnforcementType block]];
NSMutableArray *aaGuidsList = [[NSMutableArray alloc] init];
[keyRestrictions setAaGuids:aaGuidsList];
[authenticationMethodConfigurations setKeyRestrictions:keyRestrictions];
[authenticationMethodConfigurationsList addObject: authenticationMethodConfigurations];
[authenticationMethodsPolicy setAuthenticationMethodConfigurations:authenticationMethodConfigurationsList];
NSError *error;
NSData *authenticationMethodsPolicyData = [authenticationMethodsPolicy getSerializedDataWithError:&error];
[urlRequest setHTTPBody:authenticationMethodsPolicyData];
MSURLSessionDataTask *meDataTask = [httpClient dataTaskWithRequest:urlRequest
completionHandler: ^(NSData *data, NSURLResponse *response, NSError *nserror) {
//Request Completed
}];
[meDataTask execute];
有关如何将 SDK 添加 到项目并 创建 authProvider 实例的 详细信息,请参阅 SDK 文档。
GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();
AuthenticationMethodsPolicy authenticationMethodsPolicy = new AuthenticationMethodsPolicy();
authenticationMethodsPolicy.additionalDataManager().put("@odata.context", new JsonPrimitive("https://graph.microsoft.com/v1.0/$metadata#authenticationMethodsPolicy"));
RegistrationEnforcement registrationEnforcement = new RegistrationEnforcement();
AuthenticationMethodsRegistrationCampaign authenticationMethodsRegistrationCampaign = new AuthenticationMethodsRegistrationCampaign();
authenticationMethodsRegistrationCampaign.snoozeDurationInDays = 1;
authenticationMethodsRegistrationCampaign.state = AdvancedConfigState.ENABLED;
LinkedList<ExcludeTarget> excludeTargetsList = new LinkedList<ExcludeTarget>();
authenticationMethodsRegistrationCampaign.excludeTargets = excludeTargetsList;
LinkedList<AuthenticationMethodsRegistrationCampaignIncludeTarget> includeTargetsList = new LinkedList<AuthenticationMethodsRegistrationCampaignIncludeTarget>();
AuthenticationMethodsRegistrationCampaignIncludeTarget includeTargets = new AuthenticationMethodsRegistrationCampaignIncludeTarget();
includeTargets.id = "3ee3a9de-0a86-4e12-a287-9769accf1ba2";
includeTargets.targetType = AuthenticationMethodTargetType.GROUP;
includeTargets.targetedAuthenticationMethod = "microsoftAuthenticator";
includeTargetsList.add(includeTargets);
authenticationMethodsRegistrationCampaign.includeTargets = includeTargetsList;
registrationEnforcement.authenticationMethodsRegistrationCampaign = authenticationMethodsRegistrationCampaign;
authenticationMethodsPolicy.registrationEnforcement = registrationEnforcement;
LinkedList<AuthenticationMethodConfiguration> authenticationMethodConfigurationsList = new LinkedList<AuthenticationMethodConfiguration>();
Fido2AuthenticationMethodConfiguration authenticationMethodConfigurations = new Fido2AuthenticationMethodConfiguration();
authenticationMethodConfigurations.id = "Fido2";
authenticationMethodConfigurations.state = AuthenticationMethodState.DISABLED;
authenticationMethodConfigurations.isSelfServiceRegistrationAllowed = false;
authenticationMethodConfigurations.isAttestationEnforced = false;
Fido2KeyRestrictions keyRestrictions = new Fido2KeyRestrictions();
keyRestrictions.isEnforced = false;
keyRestrictions.enforcementType = Fido2RestrictionEnforcementType.BLOCK;
LinkedList<String> aaGuidsList = new LinkedList<String>();
keyRestrictions.aaGuids = aaGuidsList;
authenticationMethodConfigurations.keyRestrictions = keyRestrictions;
authenticationMethodConfigurationsList.add(authenticationMethodConfigurations);
AuthenticationMethodConfigurationCollectionResponse authenticationMethodConfigurationCollectionResponse = new AuthenticationMethodConfigurationCollectionResponse();
authenticationMethodConfigurationCollectionResponse.value = authenticationMethodConfigurationsList;
AuthenticationMethodConfigurationCollectionPage authenticationMethodConfigurationCollectionPage = new AuthenticationMethodConfigurationCollectionPage(authenticationMethodConfigurationCollectionResponse, null);
authenticationMethodsPolicy.authenticationMethodConfigurations = authenticationMethodConfigurationCollectionPage;
graphClient.policies().authenticationMethodsPolicy()
.buildRequest()
.patch(authenticationMethodsPolicy);
有关如何将 SDK 添加 到项目并 创建 authProvider 实例的 详细信息,请参阅 SDK 文档。
//THE GO SDK IS IN PREVIEW. NON-PRODUCTION USE ONLY
graphClient := msgraphsdk.NewGraphServiceClient(requestAdapter)
requestBody := msgraphsdk.NewAuthenticationMethodsPolicy()
registrationEnforcement := msgraphsdk.NewRegistrationEnforcement()
requestBody.SetRegistrationEnforcement(registrationEnforcement)
authenticationMethodsRegistrationCampaign := msgraphsdk.NewAuthenticationMethodsRegistrationCampaign()
registrationEnforcement.SetAuthenticationMethodsRegistrationCampaign(authenticationMethodsRegistrationCampaign)
snoozeDurationInDays := int32(1)
authenticationMethodsRegistrationCampaign.SetSnoozeDurationInDays(&snoozeDurationInDays)
state := "enabled"
authenticationMethodsRegistrationCampaign.SetState(&state)
authenticationMethodsRegistrationCampaign.SetExcludeTargets( []ExcludeTarget {
}
authenticationMethodsRegistrationCampaign.SetIncludeTargets( []AuthenticationMethodsRegistrationCampaignIncludeTarget {
msgraphsdk.NewAuthenticationMethodsRegistrationCampaignIncludeTarget(),
SetAdditionalData(map[string]interface{}{
"id": "3ee3a9de-0a86-4e12-a287-9769accf1ba2",
"targetType": "group",
"targetedAuthenticationMethod": "microsoftAuthenticator",
}
}
requestBody.SetAuthenticationMethodConfigurations( []AuthenticationMethodConfiguration {
msgraphsdk.NewAuthenticationMethodConfiguration(),
id := "Fido2"
SetId(&id)
state := "disabled"
SetState(&state)
SetAdditionalData(map[string]interface{}{
"@odata.type": "#microsoft.graph.fido2AuthenticationMethodConfiguration",
"isSelfServiceRegistrationAllowed": false,
"isAttestationEnforced": false,
}
}
requestBody.SetAdditionalData(map[string]interface{}{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#authenticationMethodsPolicy",
}
graphClient.Policies().AuthenticationMethodsPolicy().Patch(requestBody)
有关如何将 SDK 添加 到项目并 创建 authProvider 实例的 详细信息,请参阅 SDK 文档。
Import-Module Microsoft.Graph.Identity.SignIns
$params = @{
"@odata.context" = "https://graph.microsoft.com/v1.0/$metadata#authenticationMethodsPolicy"
RegistrationEnforcement = @{
AuthenticationMethodsRegistrationCampaign = @{
SnoozeDurationInDays = 1
State = "enabled"
ExcludeTargets = @(
)
IncludeTargets = @(
@{
Id = "3ee3a9de-0a86-4e12-a287-9769accf1ba2"
TargetType = "group"
TargetedAuthenticationMethod = "microsoftAuthenticator"
}
)
}
}
AuthenticationMethodConfigurations = @(
@{
"@odata.type" = "#microsoft.graph.fido2AuthenticationMethodConfiguration"
Id = "Fido2"
State = "disabled"
IsSelfServiceRegistrationAllowed = $false
IsAttestationEnforced = $false
}
)
}
Update-MgPolicyAuthenticationMethodPolicy -BodyParameter $params
有关如何将 SDK 添加 到项目并 创建 authProvider 实例的 详细信息,请参阅 SDK 文档。
响应
HTTP/1.1 204 No Content