Update-MgBetaPolicyAuthenticationMethodPolicy

Update the properties of an authenticationMethodsPolicy object.

Note

To view the v1.0 release of this cmdlet, view Update-MgPolicyAuthenticationMethodPolicy

Syntax

Update-MgBetaPolicyAuthenticationMethodPolicy
      [-ResponseHeadersVariable <String>]
      [-AdditionalProperties <Hashtable>]
      [-AuthenticationMethodConfigurations <IMicrosoftGraphAuthenticationMethodConfiguration[]>]
      [-Description <String>]
      [-DisplayName <String>]
      [-Id <String>]
      [-LastModifiedDateTime <DateTime>]
      [-MicrosoftAuthenticatorPlatformSettings <IMicrosoftGraphMicrosoftAuthenticatorPlatformSettings>]
      [-PolicyMigrationState <String>]
      [-PolicyVersion <String>]
      [-ReconfirmationInDays <Int32>]
      [-RegistrationEnforcement <IMicrosoftGraphRegistrationEnforcement>]
      [-ReportSuspiciousActivitySettings <IMicrosoftGraphReportSuspiciousActivitySettings>]
      [-SystemCredentialPreferences <IMicrosoftGraphSystemCredentialPreferences>]
      [-Headers <IDictionary>]
      [-ProgressAction <ActionPreference>]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]
Update-MgBetaPolicyAuthenticationMethodPolicy
      -BodyParameter <IMicrosoftGraphAuthenticationMethodsPolicy>
      [-ResponseHeadersVariable <String>]
      [-Headers <IDictionary>]
      [-ProgressAction <ActionPreference>]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]

Description

Update the properties of an authenticationMethodsPolicy object.

Permissions

Permission type Least privileged permissions Higher privileged permissions
Delegated (work or school account) Policy.ReadWrite.AuthenticationMethod Not available.
Delegated (personal Microsoft account) Not supported. Not supported.
Application Policy.ReadWrite.AuthenticationMethod Not available.

Examples

Example 1: Code snippet

Import-Module Microsoft.Graph.Beta.Identity.SignIns

$params = @{
	registrationEnforcement = @{
		authenticationMethodsRegistrationCampaign = @{
			snoozeDurationInDays = 1
			enforceRegistrationAfterAllowedSnoozes = $true
			state = "enabled"
			excludeTargets = @(
			)
			includeTargets = @(
				@{
					id = "3ee3a9de-0a86-4e12-a287-9769accf1ba2"
					targetType = "group"
					targetedAuthenticationMethod = "microsoftAuthenticator"
				}
			)
		}
	}
	reportSuspiciousActivitySettings = @{
		state = "enabled"
		includeTarget = @{
			targetType = "group"
			id = "all_users"
		}
		voiceReportingCode = 0
	}
}

Update-MgBetaPolicyAuthenticationMethodPolicy -BodyParameter $params

This example shows how to use the Update-MgBetaPolicyAuthenticationMethodPolicy Cmdlet.

Parameters

-AdditionalProperties

Additional Parameters

Type:Hashtable
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AuthenticationMethodConfigurations

Represents the settings for each authentication method. Automatically expanded on GET /policies/authenticationMethodsPolicy. To construct, see NOTES section for AUTHENTICATIONMETHODCONFIGURATIONS properties and create a hash table.

Type:IMicrosoftGraphAuthenticationMethodConfiguration[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-BodyParameter

authenticationMethodsPolicy To construct, see NOTES section for BODYPARAMETER properties and create a hash table.

Type:IMicrosoftGraphAuthenticationMethodsPolicy
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Description

A description of the policy.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DisplayName

The name of the policy.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Headers

Optional headers that will be added to the request.

Type:IDictionary
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-Id

The unique identifier for an entity. Read-only.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-LastModifiedDateTime

The date and time of the last update to the policy.

Type:DateTime
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-MicrosoftAuthenticatorPlatformSettings

microsoftAuthenticatorPlatformSettings To construct, see NOTES section for MICROSOFTAUTHENTICATORPLATFORMSETTINGS properties and create a hash table.

Type:IMicrosoftGraphMicrosoftAuthenticatorPlatformSettings
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PolicyMigrationState

authenticationMethodsPolicyMigrationState

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PolicyVersion

The version of the policy in use.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ProgressAction

{{ Fill ProgressAction Description }}

Type:ActionPreference
Aliases:proga
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ReconfirmationInDays

Days before the user will be asked to reconfirm their method.

Type:Int32
Position:Named
Default value:0
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-RegistrationEnforcement

registrationEnforcement To construct, see NOTES section for REGISTRATIONENFORCEMENT properties and create a hash table.

Type:IMicrosoftGraphRegistrationEnforcement
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ReportSuspiciousActivitySettings

reportSuspiciousActivitySettings To construct, see NOTES section for REPORTSUSPICIOUSACTIVITYSETTINGS properties and create a hash table.

Type:IMicrosoftGraphReportSuspiciousActivitySettings
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ResponseHeadersVariable

Optional Response Headers Variable.

Type:String
Aliases:RHV
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-SystemCredentialPreferences

systemCredentialPreferences To construct, see NOTES section for SYSTEMCREDENTIALPREFERENCES properties and create a hash table.

Type:IMicrosoftGraphSystemCredentialPreferences
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphAuthenticationMethodsPolicy

System.Collections.IDictionary

Outputs

Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphAuthenticationMethodsPolicy

Notes

COMPLEX PARAMETER PROPERTIES

To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.

AUTHENTICATIONMETHODCONFIGURATIONS <IMicrosoftGraphAuthenticationMethodConfiguration- []>: Represents the settings for each authentication method. Automatically expanded on GET /policies/authenticationMethodsPolicy.

  • [Id <String>]: The unique identifier for an entity. Read-only.
  • [ExcludeTargets <IMicrosoftGraphExcludeTarget- []>]: Groups of users that are excluded from a policy.
    • [Id <String>]: The object identifier of a Microsoft Entra group.
    • [TargetType <String>]: authenticationMethodTargetType
  • [State <String>]: authenticationMethodState

BODYPARAMETER <IMicrosoftGraphAuthenticationMethodsPolicy>: authenticationMethodsPolicy

  • [(Any) <Object>]: This indicates any property can be added to this object.
  • [Id <String>]: The unique identifier for an entity. Read-only.
  • [AuthenticationMethodConfigurations <IMicrosoftGraphAuthenticationMethodConfiguration- []>]: Represents the settings for each authentication method. Automatically expanded on GET /policies/authenticationMethodsPolicy.
    • [Id <String>]: The unique identifier for an entity. Read-only.
    • [ExcludeTargets <IMicrosoftGraphExcludeTarget- []>]: Groups of users that are excluded from a policy.
      • [Id <String>]: The object identifier of a Microsoft Entra group.
      • [TargetType <String>]: authenticationMethodTargetType
    • [State <String>]: authenticationMethodState
  • [Description <String>]: A description of the policy.
  • [DisplayName <String>]: The name of the policy.
  • [LastModifiedDateTime <DateTime?>]: The date and time of the last update to the policy.
  • [MicrosoftAuthenticatorPlatformSettings <IMicrosoftGraphMicrosoftAuthenticatorPlatformSettings>]: microsoftAuthenticatorPlatformSettings
    • [(Any) <Object>]: This indicates any property can be added to this object.
    • [EnforceAppPin <IMicrosoftGraphEnforceAppPin>]: enforceAppPIN
      • [(Any) <Object>]: This indicates any property can be added to this object.
      • [ExcludeTargets <IMicrosoftGraphExcludeTarget- []>]:
      • [IncludeTargets <IMicrosoftGraphIncludeTarget- []>]:
        • [Id <String>]: The ID of the entity targeted.
        • [TargetType <String>]: authenticationMethodTargetType
  • [PolicyMigrationState <String>]: authenticationMethodsPolicyMigrationState
  • [PolicyVersion <String>]: The version of the policy in use.
  • [ReconfirmationInDays <Int32?>]: Days before the user will be asked to reconfirm their method.
  • [RegistrationEnforcement <IMicrosoftGraphRegistrationEnforcement>]: registrationEnforcement
    • [(Any) <Object>]: This indicates any property can be added to this object.
    • [AuthenticationMethodsRegistrationCampaign <IMicrosoftGraphAuthenticationMethodsRegistrationCampaign>]: authenticationMethodsRegistrationCampaign
      • [(Any) <Object>]: This indicates any property can be added to this object.
      • [EnforceRegistrationAfterAllowedSnoozes <Boolean?>]: Specifies whether a user is required to perform registration after snoozing 3 times. If true, the user is required to register after 3 snoozes. If false, the user can snooze indefinitely. The default value is true.
      • [ExcludeTargets <IMicrosoftGraphExcludeTarget- []>]: Users and groups of users that are excluded from being prompted to set up the authentication method.
      • [IncludeTargets <IMicrosoftGraphAuthenticationMethodsRegistrationCampaignIncludeTarget- []>]: Users and groups of users that are prompted to set up the authentication method.
        • [Id <String>]: The object identifier of a Microsoft Entra user or group.
        • [TargetType <String>]: authenticationMethodTargetType
        • [TargetedAuthenticationMethod <String>]: The authentication method that the user is prompted to register. The value must be microsoftAuthenticator.
      • [SnoozeDurationInDays <Int32?>]: Specifies the number of days that the user sees a prompt again if they select 'Not now' and snoozes the prompt. Minimum 0 days. Maximum: 14 days. If the value is 0 - The user is prompted during every MFA attempt.
      • [State <String>]: advancedConfigState
  • [ReportSuspiciousActivitySettings <IMicrosoftGraphReportSuspiciousActivitySettings>]: reportSuspiciousActivitySettings
    • [(Any) <Object>]: This indicates any property can be added to this object.
    • [IncludeTarget <IMicrosoftGraphIncludeTarget>]: includeTarget
    • [State <String>]: advancedConfigState
    • [VoiceReportingCode <Int32?>]: Specifies the number the user enters on their phone to report the MFA prompt as suspicious.
  • [SystemCredentialPreferences <IMicrosoftGraphSystemCredentialPreferences>]: systemCredentialPreferences
    • [(Any) <Object>]: This indicates any property can be added to this object.
    • [ExcludeTargets <IMicrosoftGraphExcludeTarget- []>]: Users and groups excluded from the preferred authentication method experience of the system.
    • [IncludeTargets <IMicrosoftGraphIncludeTarget- []>]: Users and groups included in the preferred authentication method experience of the system.
    • [State <String>]: advancedConfigState

MICROSOFTAUTHENTICATORPLATFORMSETTINGS <IMicrosoftGraphMicrosoftAuthenticatorPlatformSettings>: microsoftAuthenticatorPlatformSettings

  • [(Any) <Object>]: This indicates any property can be added to this object.
  • [EnforceAppPin <IMicrosoftGraphEnforceAppPin>]: enforceAppPIN
    • [(Any) <Object>]: This indicates any property can be added to this object.
    • [ExcludeTargets <IMicrosoftGraphExcludeTarget- []>]:
      • [Id <String>]: The object identifier of a Microsoft Entra group.
      • [TargetType <String>]: authenticationMethodTargetType
    • [IncludeTargets <IMicrosoftGraphIncludeTarget- []>]:
      • [Id <String>]: The ID of the entity targeted.
      • [TargetType <String>]: authenticationMethodTargetType

REGISTRATIONENFORCEMENT <IMicrosoftGraphRegistrationEnforcement>: registrationEnforcement

  • [(Any) <Object>]: This indicates any property can be added to this object.
  • [AuthenticationMethodsRegistrationCampaign <IMicrosoftGraphAuthenticationMethodsRegistrationCampaign>]: authenticationMethodsRegistrationCampaign
    • [(Any) <Object>]: This indicates any property can be added to this object.
    • [EnforceRegistrationAfterAllowedSnoozes <Boolean?>]: Specifies whether a user is required to perform registration after snoozing 3 times. If true, the user is required to register after 3 snoozes. If false, the user can snooze indefinitely. The default value is true.
    • [ExcludeTargets <IMicrosoftGraphExcludeTarget- []>]: Users and groups of users that are excluded from being prompted to set up the authentication method.
      • [Id <String>]: The object identifier of a Microsoft Entra group.
      • [TargetType <String>]: authenticationMethodTargetType
    • [IncludeTargets <IMicrosoftGraphAuthenticationMethodsRegistrationCampaignIncludeTarget- []>]: Users and groups of users that are prompted to set up the authentication method.
      • [Id <String>]: The object identifier of a Microsoft Entra user or group.
      • [TargetType <String>]: authenticationMethodTargetType
      • [TargetedAuthenticationMethod <String>]: The authentication method that the user is prompted to register. The value must be microsoftAuthenticator.
    • [SnoozeDurationInDays <Int32?>]: Specifies the number of days that the user sees a prompt again if they select 'Not now' and snoozes the prompt. Minimum 0 days. Maximum: 14 days. If the value is 0 - The user is prompted during every MFA attempt.
    • [State <String>]: advancedConfigState

REPORTSUSPICIOUSACTIVITYSETTINGS <IMicrosoftGraphReportSuspiciousActivitySettings>: reportSuspiciousActivitySettings

  • [(Any) <Object>]: This indicates any property can be added to this object.
  • [IncludeTarget <IMicrosoftGraphIncludeTarget>]: includeTarget
    • [(Any) <Object>]: This indicates any property can be added to this object.
    • [Id <String>]: The ID of the entity targeted.
    • [TargetType <String>]: authenticationMethodTargetType
  • [State <String>]: advancedConfigState
  • [VoiceReportingCode <Int32?>]: Specifies the number the user enters on their phone to report the MFA prompt as suspicious.

SYSTEMCREDENTIALPREFERENCES <IMicrosoftGraphSystemCredentialPreferences>: systemCredentialPreferences

  • [(Any) <Object>]: This indicates any property can be added to this object.
  • [ExcludeTargets <IMicrosoftGraphExcludeTarget- []>]: Users and groups excluded from the preferred authentication method experience of the system.
    • [Id <String>]: The object identifier of a Microsoft Entra group.
    • [TargetType <String>]: authenticationMethodTargetType
  • [IncludeTargets <IMicrosoftGraphIncludeTarget- []>]: Users and groups included in the preferred authentication method experience of the system.
    • [Id <String>]: The ID of the entity targeted.
    • [TargetType <String>]: authenticationMethodTargetType
  • [State <String>]: advancedConfigState