Azure AD 身份验证方法 API 概述Azure AD authentication methods API overview

命名空间:microsoft.graphNamespace: microsoft.graph


/betaMicrosoft Graph 中的版本下的 api 可能会发生更改。APIs under the /beta version in Microsoft Graph are subject to change. 不支持在生产应用程序中使用这些 API。Use of these APIs in production applications is not supported. 若要确定 API 在 v1.0 中是否可用,请使用 版本 选择器。To determine whether an API is available in v1.0, use the Version selector.

身份验证方法 是用户在 Azure Active DIRECTORY (AD) 中进行身份验证的方法。Authentication methods are the ways that users authenticate in Azure Active Directory (AD). Azure AD 中的身份验证方法包括密码和手机(例如,短信和语音呼叫),目前可在 Microsoft Graph 中对这些方法进行管理,此外还有 FIDO2 安全密钥和 Microsoft Authenticator 应用。Authentication methods in Azure AD include password and phone (for example, SMS and voice calls), which are manageable in Microsoft Graph today, among many others such as FIDO2 security keys and the Microsoft Authenticator app. 身份验证方法用于主要、双重因素和分步身份验证,此外还适用于自助式密码重置 (SSPR) 流程。Authentication methods are used in primary, second-factor, and step-up authentication, and also in the self-service password reset (SSPR) process.

身份验证方法 Api 用于管理用户的身份验证方法。The authentication method APIs are used to manage a user's authentication methods. 例如:For example:

  • 您可以向用户添加电话号码。You can add a phone number to a user. 如果启用此电话号码,则用户可以通过策略将其用于 SMS 和语音呼叫身份验证。The user can then use that phone number for SMS and voice call authentication if they're enabled to use it by policy.
  • 您可以更新该号码,也可以将其从用户中删除。You can update that number, or delete it from the user.
  • 您可以启用或禁用用于 SMS 登录的号码。You can enable or disable the number for SMS sign-in.
  • 您可以重置用户的密码。You can reset a user's password.
  • 您可以检索用户的 FIDO2 安全密钥的详细信息,如果用户丢失了密钥,则将其删除。You can retrieve details of a user's FIDO2 Security Key, and delete it if the user has lost the key.
  • 您可以检索用户的 Microsoft 身份验证 Passwordless 手机登录注册的详细信息,并在用户丢失电话时删除它。You can retrieve details of a user's Microsoft Authenticator Passwordless Phone Sign-in registration, and delete it if the user has lost the phone.
  • 您可以向用户添加电子邮件地址。You can add an email address to a user. 然后,用户可以将该电子邮件用作 Self-Service 密码重置 (SSPR) 进程的一部分。The user can then use that email as part of the Self-Service Password Reset (SSPR) process.
  • 您可以更新该电子邮件,或将其从用户中删除。You can update that email, or delete it from the user.

可以在 Microsoft Graph 中管理哪些身份验证方法?What authentication methods can be managed in Microsoft Graph?

身份验证方法Authentication method 说明Description 示例Examples
passwordAuthenticationMethodpasswordAuthenticationMethod 密码当前是 Azure AD 中默认的主要身份验证方法。A password is currently the default primary authentication method in Azure AD. 重置用户密码Reset a user's password
phoneAuthenticationMethodphoneAuthenticationMethod 用户可以使用电话以使用 SMS 或语音呼叫 进行身份验证, (按策略) 允许。A phone can be used by a user to authenticate using SMS or voice calls (as allowed by policy). 查看用户的身份验证电话号码。See a user's authentication phone numbers. 向用户添加、更新或删除电话号码。Add, update, or remove a phone number to a user. 启用或禁用 SMS 登录的主移动电话。Enable or disable a primary mobile phone for SMS sign-in.
fido2authenticationmethodfido2authenticationmethod 用户可使用 FIDO2 安全密钥登录 Azure AD。A FIDO2 Security Key can be used by a user to sign in to Azure AD. 删除丢失的 FIDO2 安全密钥。Delete a lost FIDO2 Security Key.
passwordlessmicrosoftauthenticatorauthenticationmethodpasswordlessmicrosoftauthenticatorauthenticationmethod 用户可使用 Microsoft 身份验证 Passwordless 电话登录来登录 Azure ADMicrosoft Authenticator Passwordless Phone Sign-in can be used by a user to sign in to Azure AD 删除 Passwordless 电话登录身份验证方法。Delete a Passwordless Phone Sign-in authentication method.
emailauthenticationmethodemailauthenticationmethod 电子邮件地址可以由用户作为 Self-Service 密码重置 (SSPR) 过程的一部分。An email address can be user by a user as part of the Self-Service Password Reset (SSPR) process. 查看用户的身份验证电子邮件地址。See a user's authentication email address. 向用户添加、更新或删除电子邮件地址。Add, update, or remove an email address to a user.

后续步骤Next steps

  • 查看身份验证方法类型及其各种方法。Review the authentication method types and their various methods.
  • 尝试在 Graph 浏览器中调用 API。Try the API in the Graph Explorer.