名前空間: microsoft.graph
重要
Microsoft Graph の /beta バージョンの API は変更される可能性があります。 実稼働アプリケーションでこれらの API を使用することは、サポートされていません。 v1.0 で API を使用できるかどうかを確認するには、Version セレクターを使用します。
authenticationMethodsPolicy オブジェクトのプロパティを更新します。
この API は、次の国内クラウド展開で使用できます。
| グローバル サービス |
米国政府機関 L4 |
米国政府機関 L5 (DOD) |
21Vianet が運営する中国 |
| ✅ |
✅ |
✅ |
✅ |
アクセス許可
この API の最小特権としてマークされているアクセス許可またはアクセス許可を選択します。
アプリで必要な場合にのみ、より高い特権のアクセス許可またはアクセス許可を使用します。 委任されたアクセス許可とアプリケーションのアクセス許可の詳細については、「アクセス許可の種類」を参照してください。 これらのアクセス許可の詳細については、「アクセス許可のリファレンス」を参照してください。
| アクセス許可の種類 |
最小特権アクセス許可 |
より高い特権のアクセス許可 |
| 委任 (職場または学校のアカウント) |
Policy.ReadWrite.AuthenticationMethod |
注意事項なし。 |
| 委任 (個人用 Microsoft アカウント) |
サポートされていません。 |
サポートされていません。 |
| アプリケーション |
Policy.ReadWrite.AuthenticationMethod |
注意事項なし。 |
重要
職場または学校アカウントを使用した委任されたシナリオでは、サインインしているユーザーに、サポートされているMicrosoft Entraロールまたはサポートされているロールのアクセス許可を持つカスタム ロールを割り当てる必要があります。
認証ポリシー管理者 は、この操作でサポートされる最小限の特権ロールです。
HTTP 要求
PATCH /policies/authenticationMethodsPolicy
| 名前 |
説明 |
| Authorization |
ベアラー {token}。 必須です。
認証と認可についての詳細をご覧ください。 |
| Content-Type |
application/json. 必須です。 |
要求本文
要求本文で、 registrationEnforcement オブジェクトの JSON 表現を指定して、ターゲット認証方法の設定をユーザーに求めます。
応答
成功した場合、このメソッドは 200 OK 応答コードを返します。
例
要求
PATCH https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy
Content-Type: application/json
{
"registrationEnforcement": {
"authenticationMethodsRegistrationCampaign": {
"snoozeDurationInDays": 1,
"enforceRegistrationAfterAllowedSnoozes": true,
"state": "enabled",
"excludeTargets": [],
"includeTargets": [
{
"id": "3ee3a9de-0a86-4e12-a287-9769accf1ba2",
"targetType": "group",
"targetedAuthenticationMethod": "microsoftAuthenticator"
}
]
}
},
"reportSuspiciousActivitySettings": {
"state": "enabled",
"includeTarget": {
"targetType": "group",
"id": "all_users"
},
"voiceReportingCode": 0
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new AuthenticationMethodsPolicy
{
RegistrationEnforcement = new RegistrationEnforcement
{
AuthenticationMethodsRegistrationCampaign = new AuthenticationMethodsRegistrationCampaign
{
SnoozeDurationInDays = 1,
EnforceRegistrationAfterAllowedSnoozes = true,
State = AdvancedConfigState.Enabled,
ExcludeTargets = new List<ExcludeTarget>
{
},
IncludeTargets = new List<AuthenticationMethodsRegistrationCampaignIncludeTarget>
{
new AuthenticationMethodsRegistrationCampaignIncludeTarget
{
Id = "3ee3a9de-0a86-4e12-a287-9769accf1ba2",
TargetType = AuthenticationMethodTargetType.Group,
TargetedAuthenticationMethod = "microsoftAuthenticator",
},
},
},
},
ReportSuspiciousActivitySettings = new ReportSuspiciousActivitySettings
{
State = AdvancedConfigState.Enabled,
IncludeTarget = new IncludeTarget
{
TargetType = AuthenticationMethodTargetType.Group,
Id = "all_users",
},
VoiceReportingCode = 0,
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Policies.AuthenticationMethodsPolicy.PatchAsync(requestBody);
mgc-beta policies authentication-methods-policy patch --body '{\
"registrationEnforcement": {\
"authenticationMethodsRegistrationCampaign": {\
"snoozeDurationInDays": 1,\
"enforceRegistrationAfterAllowedSnoozes": true,\
"state": "enabled",\
"excludeTargets": [],\
"includeTargets": [\
{\
"id": "3ee3a9de-0a86-4e12-a287-9769accf1ba2",\
"targetType": "group",\
"targetedAuthenticationMethod": "microsoftAuthenticator"\
}\
]\
}\
},\
"reportSuspiciousActivitySettings": {\
"state": "enabled",\
"includeTarget": {\
"targetType": "group",\
"id": "all_users"\
},\
"voiceReportingCode": 0\
}\
}\
'
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewAuthenticationMethodsPolicy()
registrationEnforcement := graphmodels.NewRegistrationEnforcement()
authenticationMethodsRegistrationCampaign := graphmodels.NewAuthenticationMethodsRegistrationCampaign()
snoozeDurationInDays := int32(1)
authenticationMethodsRegistrationCampaign.SetSnoozeDurationInDays(&snoozeDurationInDays)
enforceRegistrationAfterAllowedSnoozes := true
authenticationMethodsRegistrationCampaign.SetEnforceRegistrationAfterAllowedSnoozes(&enforceRegistrationAfterAllowedSnoozes)
state := graphmodels.ENABLED_ADVANCEDCONFIGSTATE
authenticationMethodsRegistrationCampaign.SetState(&state)
excludeTargets := []graphmodels.ExcludeTargetable {
}
authenticationMethodsRegistrationCampaign.SetExcludeTargets(excludeTargets)
authenticationMethodsRegistrationCampaignIncludeTarget := graphmodels.NewAuthenticationMethodsRegistrationCampaignIncludeTarget()
id := "3ee3a9de-0a86-4e12-a287-9769accf1ba2"
authenticationMethodsRegistrationCampaignIncludeTarget.SetId(&id)
targetType := graphmodels.GROUP_AUTHENTICATIONMETHODTARGETTYPE
authenticationMethodsRegistrationCampaignIncludeTarget.SetTargetType(&targetType)
targetedAuthenticationMethod := "microsoftAuthenticator"
authenticationMethodsRegistrationCampaignIncludeTarget.SetTargetedAuthenticationMethod(&targetedAuthenticationMethod)
includeTargets := []graphmodels.AuthenticationMethodsRegistrationCampaignIncludeTargetable {
authenticationMethodsRegistrationCampaignIncludeTarget,
}
authenticationMethodsRegistrationCampaign.SetIncludeTargets(includeTargets)
registrationEnforcement.SetAuthenticationMethodsRegistrationCampaign(authenticationMethodsRegistrationCampaign)
requestBody.SetRegistrationEnforcement(registrationEnforcement)
reportSuspiciousActivitySettings := graphmodels.NewReportSuspiciousActivitySettings()
state := graphmodels.ENABLED_ADVANCEDCONFIGSTATE
reportSuspiciousActivitySettings.SetState(&state)
includeTarget := graphmodels.NewIncludeTarget()
targetType := graphmodels.GROUP_AUTHENTICATIONMETHODTARGETTYPE
includeTarget.SetTargetType(&targetType)
id := "all_users"
includeTarget.SetId(&id)
reportSuspiciousActivitySettings.SetIncludeTarget(includeTarget)
voiceReportingCode := int32(0)
reportSuspiciousActivitySettings.SetVoiceReportingCode(&voiceReportingCode)
requestBody.SetReportSuspiciousActivitySettings(reportSuspiciousActivitySettings)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
authenticationMethodsPolicy, err := graphClient.Policies().AuthenticationMethodsPolicy().Patch(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AuthenticationMethodsPolicy authenticationMethodsPolicy = new AuthenticationMethodsPolicy();
RegistrationEnforcement registrationEnforcement = new RegistrationEnforcement();
AuthenticationMethodsRegistrationCampaign authenticationMethodsRegistrationCampaign = new AuthenticationMethodsRegistrationCampaign();
authenticationMethodsRegistrationCampaign.setSnoozeDurationInDays(1);
authenticationMethodsRegistrationCampaign.setEnforceRegistrationAfterAllowedSnoozes(true);
authenticationMethodsRegistrationCampaign.setState(AdvancedConfigState.Enabled);
LinkedList<ExcludeTarget> excludeTargets = new LinkedList<ExcludeTarget>();
authenticationMethodsRegistrationCampaign.setExcludeTargets(excludeTargets);
LinkedList<AuthenticationMethodsRegistrationCampaignIncludeTarget> includeTargets = new LinkedList<AuthenticationMethodsRegistrationCampaignIncludeTarget>();
AuthenticationMethodsRegistrationCampaignIncludeTarget authenticationMethodsRegistrationCampaignIncludeTarget = new AuthenticationMethodsRegistrationCampaignIncludeTarget();
authenticationMethodsRegistrationCampaignIncludeTarget.setId("3ee3a9de-0a86-4e12-a287-9769accf1ba2");
authenticationMethodsRegistrationCampaignIncludeTarget.setTargetType(AuthenticationMethodTargetType.Group);
authenticationMethodsRegistrationCampaignIncludeTarget.setTargetedAuthenticationMethod("microsoftAuthenticator");
includeTargets.add(authenticationMethodsRegistrationCampaignIncludeTarget);
authenticationMethodsRegistrationCampaign.setIncludeTargets(includeTargets);
registrationEnforcement.setAuthenticationMethodsRegistrationCampaign(authenticationMethodsRegistrationCampaign);
authenticationMethodsPolicy.setRegistrationEnforcement(registrationEnforcement);
ReportSuspiciousActivitySettings reportSuspiciousActivitySettings = new ReportSuspiciousActivitySettings();
reportSuspiciousActivitySettings.setState(AdvancedConfigState.Enabled);
IncludeTarget includeTarget = new IncludeTarget();
includeTarget.setTargetType(AuthenticationMethodTargetType.Group);
includeTarget.setId("all_users");
reportSuspiciousActivitySettings.setIncludeTarget(includeTarget);
reportSuspiciousActivitySettings.setVoiceReportingCode(0);
authenticationMethodsPolicy.setReportSuspiciousActivitySettings(reportSuspiciousActivitySettings);
AuthenticationMethodsPolicy result = graphClient.policies().authenticationMethodsPolicy().patch(authenticationMethodsPolicy);
const options = {
authProvider,
};
const client = Client.init(options);
const authenticationMethodsPolicy = {
registrationEnforcement: {
authenticationMethodsRegistrationCampaign: {
snoozeDurationInDays: 1,
enforceRegistrationAfterAllowedSnoozes: true,
state: 'enabled',
excludeTargets: [],
includeTargets: [
{
id: '3ee3a9de-0a86-4e12-a287-9769accf1ba2',
targetType: 'group',
targetedAuthenticationMethod: 'microsoftAuthenticator'
}
]
}
},
reportSuspiciousActivitySettings: {
state: 'enabled',
includeTarget: {
targetType: 'group',
id: 'all_users'
},
voiceReportingCode: 0
}
};
await client.api('/policies/authenticationMethodsPolicy')
.version('beta')
.update(authenticationMethodsPolicy);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\AuthenticationMethodsPolicy;
use Microsoft\Graph\Beta\Generated\Models\RegistrationEnforcement;
use Microsoft\Graph\Beta\Generated\Models\AuthenticationMethodsRegistrationCampaign;
use Microsoft\Graph\Beta\Generated\Models\AdvancedConfigState;
use Microsoft\Graph\Beta\Generated\Models\ExcludeTarget;
use Microsoft\Graph\Beta\Generated\Models\AuthenticationMethodsRegistrationCampaignIncludeTarget;
use Microsoft\Graph\Beta\Generated\Models\AuthenticationMethodTargetType;
use Microsoft\Graph\Beta\Generated\Models\ReportSuspiciousActivitySettings;
use Microsoft\Graph\Beta\Generated\Models\IncludeTarget;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new AuthenticationMethodsPolicy();
$registrationEnforcement = new RegistrationEnforcement();
$registrationEnforcementAuthenticationMethodsRegistrationCampaign = new AuthenticationMethodsRegistrationCampaign();
$registrationEnforcementAuthenticationMethodsRegistrationCampaign->setSnoozeDurationInDays(1);
$registrationEnforcementAuthenticationMethodsRegistrationCampaign->setEnforceRegistrationAfterAllowedSnoozes(true);
$registrationEnforcementAuthenticationMethodsRegistrationCampaign->setState(new AdvancedConfigState('enabled'));
$registrationEnforcementAuthenticationMethodsRegistrationCampaign->setExcludeTargets([ ]);
$includeTargetsAuthenticationMethodsRegistrationCampaignIncludeTarget1 = new AuthenticationMethodsRegistrationCampaignIncludeTarget();
$includeTargetsAuthenticationMethodsRegistrationCampaignIncludeTarget1->setId('3ee3a9de-0a86-4e12-a287-9769accf1ba2');
$includeTargetsAuthenticationMethodsRegistrationCampaignIncludeTarget1->setTargetType(new AuthenticationMethodTargetType('group'));
$includeTargetsAuthenticationMethodsRegistrationCampaignIncludeTarget1->setTargetedAuthenticationMethod('microsoftAuthenticator');
$includeTargetsArray []= $includeTargetsAuthenticationMethodsRegistrationCampaignIncludeTarget1;
$registrationEnforcementAuthenticationMethodsRegistrationCampaign->setIncludeTargets($includeTargetsArray);
$registrationEnforcement->setAuthenticationMethodsRegistrationCampaign($registrationEnforcementAuthenticationMethodsRegistrationCampaign);
$requestBody->setRegistrationEnforcement($registrationEnforcement);
$reportSuspiciousActivitySettings = new ReportSuspiciousActivitySettings();
$reportSuspiciousActivitySettings->setState(new AdvancedConfigState('enabled'));
$reportSuspiciousActivitySettingsIncludeTarget = new IncludeTarget();
$reportSuspiciousActivitySettingsIncludeTarget->setTargetType(new AuthenticationMethodTargetType('group'));
$reportSuspiciousActivitySettingsIncludeTarget->setId('all_users');
$reportSuspiciousActivitySettings->setIncludeTarget($reportSuspiciousActivitySettingsIncludeTarget);
$reportSuspiciousActivitySettings->setVoiceReportingCode(0);
$requestBody->setReportSuspiciousActivitySettings($reportSuspiciousActivitySettings);
$result = $graphServiceClient->policies()->authenticationMethodsPolicy()->patch($requestBody)->wait();
Import-Module Microsoft.Graph.Beta.Identity.SignIns
$params = @{
registrationEnforcement = @{
authenticationMethodsRegistrationCampaign = @{
snoozeDurationInDays = 1
enforceRegistrationAfterAllowedSnoozes = $true
state = "enabled"
excludeTargets = @(
)
includeTargets = @(
@{
id = "3ee3a9de-0a86-4e12-a287-9769accf1ba2"
targetType = "group"
targetedAuthenticationMethod = "microsoftAuthenticator"
}
)
}
}
reportSuspiciousActivitySettings = @{
state = "enabled"
includeTarget = @{
targetType = "group"
id = "all_users"
}
voiceReportingCode = 0
}
}
Update-MgBetaPolicyAuthenticationMethodPolicy -BodyParameter $params
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.authentication_methods_policy import AuthenticationMethodsPolicy
from msgraph_beta.generated.models.registration_enforcement import RegistrationEnforcement
from msgraph_beta.generated.models.authentication_methods_registration_campaign import AuthenticationMethodsRegistrationCampaign
from msgraph_beta.generated.models.advanced_config_state import AdvancedConfigState
from msgraph_beta.generated.models.exclude_target import ExcludeTarget
from msgraph_beta.generated.models.authentication_methods_registration_campaign_include_target import AuthenticationMethodsRegistrationCampaignIncludeTarget
from msgraph_beta.generated.models.authentication_method_target_type import AuthenticationMethodTargetType
from msgraph_beta.generated.models.report_suspicious_activity_settings import ReportSuspiciousActivitySettings
from msgraph_beta.generated.models.include_target import IncludeTarget
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = AuthenticationMethodsPolicy(
registration_enforcement = RegistrationEnforcement(
authentication_methods_registration_campaign = AuthenticationMethodsRegistrationCampaign(
snooze_duration_in_days = 1,
enforce_registration_after_allowed_snoozes = True,
state = AdvancedConfigState.Enabled,
exclude_targets = [
],
include_targets = [
AuthenticationMethodsRegistrationCampaignIncludeTarget(
id = "3ee3a9de-0a86-4e12-a287-9769accf1ba2",
target_type = AuthenticationMethodTargetType.Group,
targeted_authentication_method = "microsoftAuthenticator",
),
],
),
),
report_suspicious_activity_settings = ReportSuspiciousActivitySettings(
state = AdvancedConfigState.Enabled,
include_target = IncludeTarget(
target_type = AuthenticationMethodTargetType.Group,
id = "all_users",
),
voice_reporting_code = 0,
),
)
result = await graph_client.policies.authentication_methods_policy.patch(request_body)
応答
注: ここに示す応答オブジェクトは、読みやすさのために短縮されている場合があります。
HTTP/1.1 200 OK
Content-Type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#authenticationMethodsPolicy",
"id": "authenticationMethodsPolicy",
"displayName": "Authentication Methods Policy",
"description": "The tenant-wide policy that controls which authentication methods are allowed in the tenant, authentication method registration requirements, and self-service password reset settings",
"lastModifiedDateTime": "2021-05-25T01:08:08.6712279Z",
"policyVersion": "1.4",
"registrationEnforcement": {
"authenticationMethodsRegistrationCampaign": {
"snoozeDurationInDays": 1,
"nforceRegistrationAfterAllowedSnoozes": true,
"state": "enabled",
"excludeTargets": [],
"includeTargets": [
{
"id": "3ee3a9de-0a86-4e12-a287-9769accf1ba2",
"targetType": "group",
"targetedAuthenticationMethod": "microsoftAuthenticator"
}
]
}
},
"reportSuspiciousActivitySettings": {
"state": "enabled",
"includeTarget": {
"targetType": "group",
"id": "all_users"
},
"voiceReportingCode": 0
},
"systemCredentialPreferences": {
"@odata.type": "#microsoft.graph.systemCredentialPreferences",
"excludeTargets": [],
"includeTargets": [
{
"id": "all_users",
"targetType": "group"
}
],
"state": "enabled"
}
}