管理应用程序身份验证操作

项目
08/22/2024

应用程序对象的 authenticationBehaviors 属性允许配置与令牌颁发相关的中断性变更行为。应用程序可以通过启用行为来采用新的中断性变更，也可以通过禁用它来继续使用预先存在的行为。

以下行为是可配置的：

允许或阻止向未经验证的域所有者发出电子邮件声明。
在 2025 年 6 月 30 日 Azure AD Graph 完全停用之前启用或禁用扩展的 Azure AD Graph 访问。
要求多租户应用程序在资源租户中具有服务主体，作为授权检查的一部分，然后才能向其授予访问令牌。

注意

应用程序对象的 authenticationBehaviors 属性目前仅在中 beta 可用。

读取应用程序的 authenticationBehaviors 设置

authenticationBehaviors 属性仅在请求时$select返回。

若要读取租户中所有应用的属性和其他指定属性，请运行以下示例请求。请求返回 200 OK 仅显示所选属性的应用程序对象的响应代码和 JSON 表示形式。

GET https://graph.microsoft.com/beta/applications?$select=id,displayName,appId,authenticationBehaviors


// Code snippets are only available for the latest version. Current version is 5.x

// To initialize your graphClient, see https://video2.skills-academy.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Applications.GetAsync((requestConfiguration) =>
{
	requestConfiguration.QueryParameters.Select = new string []{ "id","displayName","appId","authenticationBehaviors" };
});



mgc-beta applications list --select "id,displayName,appId,authenticationBehaviors"



// Code snippets are only available for the latest major version. Current major version is $v0.*

// Dependencies
import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
	  graphapplications "github.com/microsoftgraph/msgraph-beta-sdk-go/applications"
	  //other-imports
)

requestParameters := &graphapplications.ApplicationsRequestBuilderGetQueryParameters{
	Select: [] string {"id","displayName","appId","authenticationBehaviors"},
}
configuration := &graphapplications.ApplicationsRequestBuilderGetRequestConfiguration{
	QueryParameters: requestParameters,
}

// To initialize your graphClient, see https://video2.skills-academy.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
applications, err := graphClient.Applications().Get(context.Background(), configuration)


// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

ApplicationCollectionResponse result = graphClient.applications().get(requestConfiguration -> {
	requestConfiguration.queryParameters.select = new String []{"id", "displayName", "appId", "authenticationBehaviors"};
});


const options = {
	authProvider,
};

const client = Client.init(options);

let applications = await client.api('/applications')
	.version('beta')
	.select('id,displayName,appId,authenticationBehaviors')
	.get();


<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Applications\ApplicationsRequestBuilderGetRequestConfiguration;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestConfiguration = new ApplicationsRequestBuilderGetRequestConfiguration();
$queryParameters = ApplicationsRequestBuilderGetRequestConfiguration::createQueryParameters();
$queryParameters->select = ["id","displayName","appId","authenticationBehaviors"];
$requestConfiguration->queryParameters = $queryParameters;


$result = $graphServiceClient->applications()->get($requestConfiguration)->wait();


Import-Module Microsoft.Graph.Beta.Applications

Get-MgBetaApplication -Property "id,displayName,appId,authenticationBehaviors"


# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.applications.applications_request_builder import ApplicationsRequestBuilder
from kiota_abstractions.base_request_configuration import RequestConfiguration
# To initialize your graph_client, see https://video2.skills-academy.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
query_params = ApplicationsRequestBuilder.ApplicationsRequestBuilderGetQueryParameters(
		select = ["id","displayName","appId","authenticationBehaviors"],
)

request_configuration = RequestConfiguration(
query_parameters = query_params,
)

result = await graph_client.applications.get(request_configuration = request_configuration)

若要仅读取单个应用的 authenticationBehaviors 属性，请运行以下示例请求。

GET https://graph.microsoft.com/beta/applications/03ef14b0-ca33-4840-8f4f-d6e91916010e/authenticationBehaviors

Snippet not available

Snippet not available

Snippet not available

Snippet not available


const options = {
	authProvider,
};

const client = Client.init(options);

let authenticationBehaviors = await client.api('/applications/03ef14b0-ca33-4840-8f4f-d6e91916010e/authenticationBehaviors')
	.version('beta')
	.get();

Snippet not available

Snippet not available

Snippet not available

还可以使用 appId 属性，如下所示：

GET https://graph.microsoft.com/beta/applications(appId='37bf1fd4-78b0-4fea-ac2d-6c82829e9365')/authenticationBehaviors

阻止向未经验证的域所有者发出电子邮件声明

如Microsoft安全公告Microsoft Entra应用程序中特权提升的潜在风险中所述，应用不应将电子邮件声明用于授权目的。如果应用程序将电子邮件声明用于授权或主要用户标识目的，则会受到帐户和特权提升攻击。在以下情况下，特别会发现这种未经授权的访问风险：

当用户对象的 mail 属性包含具有未经验证的域所有者的电子邮件地址时
对于多租户应用，其中一个租户中的用户可以通过修改其邮件属性来升级其权限以访问另一个租户中的资源

有关在租户中识别这些情况的详细信息，请参阅迁移，不使用电子邮件声明进行用户标识或授权。

目前，默认行为是在声明中删除具有未经验证的域所有者的电子邮件地址，但单租户应用和多租户应用除外，这些应用以前具有未验证电子邮件的登录活动。如果你的应用属于上述任一例外，并且你想要删除未经验证的电子邮件地址，请将 authenticationBehaviors 的 removeUnverifiedEmailClaim 属性设置为 true ，如以下示例所示。请求会返回 204 No Content 响应代码。

从声明中删除具有未经验证的域所有者的电子邮件地址

选项 1

这种在请求 URL 中指定属性的模式允许你仅更新请求中的指定属性。

PATCH https://graph.microsoft.com/beta/applications/03ef14b0-ca33-4840-8f4f-d6e91916010e/authenticationBehaviors
Content-Type: application/json

{
    "removeUnverifiedEmailClaim": true
}

Snippet not available

Snippet not available

Snippet not available

Snippet not available


const options = {
	authProvider,
};

const client = Client.init(options);

const authenticationBehaviors = {
    removeUnverifiedEmailClaim: true
};

await client.api('/applications/03ef14b0-ca33-4840-8f4f-d6e91916010e/authenticationBehaviors')
	.version('beta')
	.update(authenticationBehaviors);

Snippet not available

Snippet not available

Snippet not available

选项 2

这种在请求正文中指定属性的模式允许更新同一请求中的其他对等属性。

PATCH https://graph.microsoft.com/beta/applications/03ef14b0-ca33-4840-8f4f-d6e91916010e
Content-Type: application/json

{
    "authenticationBehaviors": {
        "removeUnverifiedEmailClaim": true
    }
}


// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Beta.Models;

var requestBody = new Application
{
	AuthenticationBehaviors = new AuthenticationBehaviors
	{
		RemoveUnverifiedEmailClaim = true,
	},
};

// To initialize your graphClient, see https://video2.skills-academy.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Applications["{application-id}"].PatchAsync(requestBody);



mgc-beta applications patch --application-id {application-id} --body '{\
    "authenticationBehaviors": {\
        "removeUnverifiedEmailClaim": true\
    }\
}\
'



// Code snippets are only available for the latest major version. Current major version is $v0.*

// Dependencies
import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
	  graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
	  //other-imports
)

requestBody := graphmodels.NewApplication()
authenticationBehaviors := graphmodels.NewAuthenticationBehaviors()
removeUnverifiedEmailClaim := true
authenticationBehaviors.SetRemoveUnverifiedEmailClaim(&removeUnverifiedEmailClaim) 
requestBody.SetAuthenticationBehaviors(authenticationBehaviors)

// To initialize your graphClient, see https://video2.skills-academy.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
applications, err := graphClient.Applications().ByApplicationId("application-id").Patch(context.Background(), requestBody, nil)


// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

Application application = new Application();
AuthenticationBehaviors authenticationBehaviors = new AuthenticationBehaviors();
authenticationBehaviors.setRemoveUnverifiedEmailClaim(true);
application.setAuthenticationBehaviors(authenticationBehaviors);
Application result = graphClient.applications().byApplicationId("{application-id}").patch(application);


const options = {
	authProvider,
};

const client = Client.init(options);

const application = {
    authenticationBehaviors: {
        removeUnverifiedEmailClaim: true
    }
};

await client.api('/applications/03ef14b0-ca33-4840-8f4f-d6e91916010e')
	.version('beta')
	.update(application);


<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\Application;
use Microsoft\Graph\Beta\Generated\Models\AuthenticationBehaviors;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new Application();
$authenticationBehaviors = new AuthenticationBehaviors();
$authenticationBehaviors->setRemoveUnverifiedEmailClaim(true);
$requestBody->setAuthenticationBehaviors($authenticationBehaviors);

$result = $graphServiceClient->applications()->byApplicationId('application-id')->patch($requestBody)->wait();


Import-Module Microsoft.Graph.Beta.Applications

$params = @{
	authenticationBehaviors = @{
		removeUnverifiedEmailClaim = $true
	}
}

Update-MgBetaApplication -ApplicationId $applicationId -BodyParameter $params


# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.application import Application
from msgraph_beta.generated.models.authentication_behaviors import AuthenticationBehaviors
# To initialize your graph_client, see https://video2.skills-academy.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = Application(
	authentication_behaviors = AuthenticationBehaviors(
		remove_unverified_email_claim = True,
	),
)

result = await graph_client.applications.by_application_id('application-id').patch(request_body)

接受声明中未经验证的域所有者的电子邮件地址

选项 1

PATCH https://graph.microsoft.com/beta/applications/03ef14b0-ca33-4840-8f4f-d6e91916010e/authenticationBehaviors
Content-Type: application/json

{
    "removeUnverifiedEmailClaim": false
}

Snippet not available

Snippet not available

Snippet not available

Snippet not available


const options = {
	authProvider,
};

const client = Client.init(options);

const authenticationBehaviors = {
    removeUnverifiedEmailClaim: false
};

await client.api('/applications/03ef14b0-ca33-4840-8f4f-d6e91916010e/authenticationBehaviors')
	.version('beta')
	.update(authenticationBehaviors);

Snippet not available

Snippet not available

Snippet not available

选项 2

PATCH https://graph.microsoft.com/beta/applications/03ef14b0-ca33-4840-8f4f-d6e91916010e
Content-Type: application/json

{
    "authenticationBehaviors": {
        "removeUnverifiedEmailClaim": false
    }
}


// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Beta.Models;

var requestBody = new Application
{
	AuthenticationBehaviors = new AuthenticationBehaviors
	{
		RemoveUnverifiedEmailClaim = false,
	},
};

// To initialize your graphClient, see https://video2.skills-academy.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Applications["{application-id}"].PatchAsync(requestBody);



mgc-beta applications patch --application-id {application-id} --body '{\
    "authenticationBehaviors": {\
        "removeUnverifiedEmailClaim": false\
    }\
}\
'



// Code snippets are only available for the latest major version. Current major version is $v0.*

// Dependencies
import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
	  graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
	  //other-imports
)

requestBody := graphmodels.NewApplication()
authenticationBehaviors := graphmodels.NewAuthenticationBehaviors()
removeUnverifiedEmailClaim := false
authenticationBehaviors.SetRemoveUnverifiedEmailClaim(&removeUnverifiedEmailClaim) 
requestBody.SetAuthenticationBehaviors(authenticationBehaviors)

// To initialize your graphClient, see https://video2.skills-academy.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
applications, err := graphClient.Applications().ByApplicationId("application-id").Patch(context.Background(), requestBody, nil)


// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

Application application = new Application();
AuthenticationBehaviors authenticationBehaviors = new AuthenticationBehaviors();
authenticationBehaviors.setRemoveUnverifiedEmailClaim(false);
application.setAuthenticationBehaviors(authenticationBehaviors);
Application result = graphClient.applications().byApplicationId("{application-id}").patch(application);


const options = {
	authProvider,
};

const client = Client.init(options);

const application = {
    authenticationBehaviors: {
        removeUnverifiedEmailClaim: false
    }
};

await client.api('/applications/03ef14b0-ca33-4840-8f4f-d6e91916010e')
	.version('beta')
	.update(application);


<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\Application;
use Microsoft\Graph\Beta\Generated\Models\AuthenticationBehaviors;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new Application();
$authenticationBehaviors = new AuthenticationBehaviors();
$authenticationBehaviors->setRemoveUnverifiedEmailClaim(false);
$requestBody->setAuthenticationBehaviors($authenticationBehaviors);

$result = $graphServiceClient->applications()->byApplicationId('application-id')->patch($requestBody)->wait();


Import-Module Microsoft.Graph.Beta.Applications

$params = @{
	authenticationBehaviors = @{
		removeUnverifiedEmailClaim = $false
	}
}

Update-MgBetaApplication -ApplicationId $applicationId -BodyParameter $params


# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.application import Application
from msgraph_beta.generated.models.authentication_behaviors import AuthenticationBehaviors
# To initialize your graph_client, see https://video2.skills-academy.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = Application(
	authentication_behaviors = AuthenticationBehaviors(
		remove_unverified_email_claim = False,
	),
)

result = await graph_client.applications.by_application_id('application-id').patch(request_body)

还原默认行为

选项 1

PATCH https://graph.microsoft.com/beta/applications/03ef14b0-ca33-4840-8f4f-d6e91916010e/authenticationBehaviors
Content-Type: application/json

{
    "removeUnverifiedEmailClaim": null
}

Snippet not available

Snippet not available

Snippet not available

Snippet not available


const options = {
	authProvider,
};

const client = Client.init(options);

const authenticationBehaviors = {
    removeUnverifiedEmailClaim: null
};

await client.api('/applications/03ef14b0-ca33-4840-8f4f-d6e91916010e/authenticationBehaviors')
	.version('beta')
	.update(authenticationBehaviors);

Snippet not available

Snippet not available

Snippet not available

选项 2

PATCH https://graph.microsoft.com/beta/applications/03ef14b0-ca33-4840-8f4f-d6e91916010e/
Content-Type: application/json

{
    "authenticationBehaviors": {
        "removeUnverifiedEmailClaim": null
    }
}


// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Beta.Models;

var requestBody = new Application
{
	AuthenticationBehaviors = new AuthenticationBehaviors
	{
		RemoveUnverifiedEmailClaim = null,
	},
};

// To initialize your graphClient, see https://video2.skills-academy.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Applications["{application-id}"].PatchAsync(requestBody);



mgc-beta applications patch --application-id {application-id} --body '{\
    "authenticationBehaviors": {\
        "removeUnverifiedEmailClaim": null\
    }\
}\
'



// Code snippets are only available for the latest major version. Current major version is $v0.*

// Dependencies
import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
	  graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
	  //other-imports
)

requestBody := graphmodels.NewApplication()
authenticationBehaviors := graphmodels.NewAuthenticationBehaviors()
removeUnverifiedEmailClaim := null
authenticationBehaviors.SetRemoveUnverifiedEmailClaim(&removeUnverifiedEmailClaim) 
requestBody.SetAuthenticationBehaviors(authenticationBehaviors)

// To initialize your graphClient, see https://video2.skills-academy.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
applications, err := graphClient.Applications().ByApplicationId("application-id").Patch(context.Background(), requestBody, nil)


// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

Application application = new Application();
AuthenticationBehaviors authenticationBehaviors = new AuthenticationBehaviors();
authenticationBehaviors.setRemoveUnverifiedEmailClaim(null);
application.setAuthenticationBehaviors(authenticationBehaviors);
Application result = graphClient.applications().byApplicationId("{application-id}").patch(application);


const options = {
	authProvider,
};

const client = Client.init(options);

const application = {
    authenticationBehaviors: {
        removeUnverifiedEmailClaim: null
    }
};

await client.api('/applications/03ef14b0-ca33-4840-8f4f-d6e91916010e/')
	.version('beta')
	.update(application);


<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\Application;
use Microsoft\Graph\Beta\Generated\Models\AuthenticationBehaviors;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new Application();
$authenticationBehaviors = new AuthenticationBehaviors();
$authenticationBehaviors->setRemoveUnverifiedEmailClaim(null);
$requestBody->setAuthenticationBehaviors($authenticationBehaviors);

$result = $graphServiceClient->applications()->byApplicationId('application-id')->patch($requestBody)->wait();


Import-Module Microsoft.Graph.Beta.Applications

$params = @{
	authenticationBehaviors = @{
		removeUnverifiedEmailClaim = $null
	}
}

Update-MgBetaApplication -ApplicationId $applicationId -BodyParameter $params


# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.application import Application
from msgraph_beta.generated.models.authentication_behaviors import AuthenticationBehaviors
# To initialize your graph_client, see https://video2.skills-academy.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = Application(
	authentication_behaviors = AuthenticationBehaviors(
		remove_unverified_email_claim = None,
	),
)

result = await graph_client.applications.by_application_id('application-id').patch(request_body)

允许在 2025 年 6 月 30 日之前扩展的 Azure AD Graph 访问

默认情况下，在 2024 年 8 月 31 日之后创建的应用程序在向 Azure AD Graph API 发出请求时将收到 403 Unauthorized 错误，除非它们配置为允许扩展的 Azure AD Graph 访问。此外，必须在 2024 年 8 月 31 日之前创建并向 Azure AD Graph API 发出请求的现有应用配置为在 2025 年 2 月 1 日之前允许扩展的 Azure AD Graph 访问。此扩展访问仅在 2025 年 6 月 30 日 Azure AD Graph 完全停用之前可用。在此日期之后，所有应用在向 Azure AD Graph API 发出请求时都将收到错误 403 Unauthorized ，无论其扩展访问配置如何。有关详细信息，请参阅 Azure AD 图形 API停用的 2024 年 6 月更新。

以下请求演示如何更新应用以启用扩展的 Azure AD Graph 访问。请求会返回 204 No Content 响应代码。

选项 1

PATCH https://graph.microsoft.com/beta/applications/5c142e6f-0bd3-4e58-b510-8a106704f44f/authenticationBehaviors
Content-Type: application/json

{
    "blockAzureADGraphAccess": false
}

Snippet not available

Snippet not available

Snippet not available

Snippet not available


const options = {
	authProvider,
};

const client = Client.init(options);

const authenticationBehaviors = {
    blockAzureADGraphAccess: false
};

await client.api('/applications/5c142e6f-0bd3-4e58-b510-8a106704f44f/authenticationBehaviors')
	.version('beta')
	.update(authenticationBehaviors);

Snippet not available

Snippet not available

Snippet not available

选项 2

PATCH https://graph.microsoft.com/beta/applications/5c142e6f-0bd3-4e58-b510-8a106704f44f
Content-Type: application/json

{
    "authenticationBehaviors": {
        "blockAzureADGraphAccess": false
    }
}


// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Beta.Models;

var requestBody = new Application
{
	AuthenticationBehaviors = new AuthenticationBehaviors
	{
		BlockAzureADGraphAccess = false,
	},
};

// To initialize your graphClient, see https://video2.skills-academy.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Applications["{application-id}"].PatchAsync(requestBody);



mgc-beta applications patch --application-id {application-id} --body '{\
    "authenticationBehaviors": {\
        "blockAzureADGraphAccess": false\
    }\
}\
'



// Code snippets are only available for the latest major version. Current major version is $v0.*

// Dependencies
import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
	  graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
	  //other-imports
)

requestBody := graphmodels.NewApplication()
authenticationBehaviors := graphmodels.NewAuthenticationBehaviors()
blockAzureADGraphAccess := false
authenticationBehaviors.SetBlockAzureADGraphAccess(&blockAzureADGraphAccess) 
requestBody.SetAuthenticationBehaviors(authenticationBehaviors)

// To initialize your graphClient, see https://video2.skills-academy.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
applications, err := graphClient.Applications().ByApplicationId("application-id").Patch(context.Background(), requestBody, nil)


// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

Application application = new Application();
AuthenticationBehaviors authenticationBehaviors = new AuthenticationBehaviors();
authenticationBehaviors.setBlockAzureADGraphAccess(false);
application.setAuthenticationBehaviors(authenticationBehaviors);
Application result = graphClient.applications().byApplicationId("{application-id}").patch(application);


const options = {
	authProvider,
};

const client = Client.init(options);

const application = {
    authenticationBehaviors: {
        blockAzureADGraphAccess: false
    }
};

await client.api('/applications/5c142e6f-0bd3-4e58-b510-8a106704f44f')
	.version('beta')
	.update(application);


<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\Application;
use Microsoft\Graph\Beta\Generated\Models\AuthenticationBehaviors;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new Application();
$authenticationBehaviors = new AuthenticationBehaviors();
$authenticationBehaviors->setBlockAzureADGraphAccess(false);
$requestBody->setAuthenticationBehaviors($authenticationBehaviors);

$result = $graphServiceClient->applications()->byApplicationId('application-id')->patch($requestBody)->wait();


Import-Module Microsoft.Graph.Beta.Applications

$params = @{
	authenticationBehaviors = @{
		blockAzureADGraphAccess = $false
	}
}

Update-MgBetaApplication -ApplicationId $applicationId -BodyParameter $params


# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.application import Application
from msgraph_beta.generated.models.authentication_behaviors import AuthenticationBehaviors
# To initialize your graph_client, see https://video2.skills-academy.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = Application(
	authentication_behaviors = AuthenticationBehaviors(
		block_azure_a_d_graph_access = False,
	),
)

result = await graph_client.applications.by_application_id('application-id').patch(request_body)

通过

管理应用程序身份验证操作

读取应用程序的 authenticationBehaviors 设置

阻止向未经验证的域所有者发出电子邮件声明

从声明中删除具有未经验证的域所有者的电子邮件地址

选项 1

选项 2

接受声明中未经验证的域所有者的电子邮件地址

选项 1

选项 2

还原默认行为

选项 1

选项 2

允许在 2025 年 6 月 30 日之前扩展的 Azure AD Graph 访问

选项 1

选项 2

反馈

其他资源

通过

管理应用程序身份验证操作

读取应用程序的 authenticationBehaviors 设置

阻止向未经验证的域所有者发出电子邮件声明

从声明中删除具有未经验证的域所有者的电子邮件地址

选项 1

选项 2

接受声明中未经验证的域所有者的电子邮件地址

选项 1

选项 2

还原默认行为

选项 1

选项 2

允许在 2025 年 6 月 30 日之前扩展的 Azure AD Graph 访问

选项 1

选项 2

相关内容

反馈

其他资源