Dans les scénarios délégués avec des comptes professionnels ou scolaires, l’utilisateur connecté doit se voir attribuer un rôle Microsoft Entra pris en charge ou un rôle personnalisé avec une autorisation de rôle prise en charge. Les rôles les moins privilégiés suivants sont pris en charge pour cette opération.
Administrateur de l’accès conditionnel
Administrateur de sécurité
Requête HTTP
POST /policies/authenticationStrengthPolicies/{authenticationStrengthPolicyId}/updateAllowedCombinations
Dans le corps de la demande, fournissez une représentation JSON des paramètres.
Le tableau suivant indique les paramètres utilisables avec cette action.
Paramètre
Type
Description
allowedCombinations
collection authenticationMethodModes
Combinaisons de méthodes d’authentification autorisées par cette stratégie de force d’authentification. Les valeurs possibles de cette énumération avec indicateur sont : password, voice, hardwareOath, softwareOath, sms, fido2deviceBasedPushwindowsHelloForBusinessmicrosoftAuthenticatorPushtemporaryAccessPassOneTime, temporaryAccessPassMultiUse, , . emailx509CertificateSingleFactorx509CertificateMultiFactorfederatedSingleFactorfederatedMultiFactorunknownFutureValue Pour obtenir la liste des combinaisons autorisées, appelez l’API List authenticationMethodModes . Obligatoire.
Réponse
Si elle réussit, cette action renvoie un 200 OK code de réponse et un updateAllowedCombinationsResult dans le corps de la réponse.
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Policies.AuthenticationStrengthPolicies.Item.UpdateAllowedCombinations;
using Microsoft.Graph.Models;
var requestBody = new UpdateAllowedCombinationsPostRequestBody
{
AllowedCombinations = new List<AuthenticationMethodModes?>
{
AuthenticationMethodModes.Password | AuthenticationMethodModes.Voice,
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Policies.AuthenticationStrengthPolicies["{authenticationStrengthPolicy-id}"].UpdateAllowedCombinations.PostAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphpolicies "github.com/microsoftgraph/msgraph-sdk-go/policies"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
requestBody := graphpolicies.NewUpdateAllowedCombinationsPostRequestBody()
allowedCombinations := []graphmodels.AuthenticationMethodModesable {
authenticationMethodModes := graphmodels.PASSWORD, VOICE_AUTHENTICATIONMETHODMODES
requestBody.SetAuthenticationMethodModes(&authenticationMethodModes)
}
requestBody.SetAllowedCombinations(allowedCombinations)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
updateAllowedCombinations, err := graphClient.Policies().AuthenticationStrengthPolicies().ByAuthenticationStrengthPolicyId("authenticationStrengthPolicy-id").UpdateAllowedCombinations().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
com.microsoft.graph.policies.authenticationstrengthpolicies.item.updateallowedcombinations.UpdateAllowedCombinationsPostRequestBody updateAllowedCombinationsPostRequestBody = new com.microsoft.graph.policies.authenticationstrengthpolicies.item.updateallowedcombinations.UpdateAllowedCombinationsPostRequestBody();
LinkedList<AuthenticationMethodModes> allowedCombinations = new LinkedList<AuthenticationMethodModes>();
allowedCombinations.add(AuthenticationMethodModes.Password);
allowedCombinations.add(AuthenticationMethodModes.Voice);
updateAllowedCombinationsPostRequestBody.setAllowedCombinations(allowedCombinations);
var result = graphClient.policies().authenticationStrengthPolicies().byAuthenticationStrengthPolicyId("{authenticationStrengthPolicy-id}").updateAllowedCombinations().post(updateAllowedCombinationsPostRequestBody);
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Policies\AuthenticationStrengthPolicies\Item\UpdateAllowedCombinations\UpdateAllowedCombinationsPostRequestBody;
use Microsoft\Graph\Generated\Models\AuthenticationMethodModes;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new UpdateAllowedCombinationsPostRequestBody();
$requestBody->setAllowedCombinations([new AuthenticationMethodModes('password, voice'), ]);
$result = $graphServiceClient->policies()->authenticationStrengthPolicies()->byAuthenticationStrengthPolicyId('authenticationStrengthPolicy-id')->updateAllowedCombinations()->post($requestBody)->wait();
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.policies.authenticationstrengthpolicies.item.update_allowed_combinations.update_allowed_combinations_post_request_body import UpdateAllowedCombinationsPostRequestBody
from msgraph.generated.models.authentication_method_modes import AuthenticationMethodModes
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = UpdateAllowedCombinationsPostRequestBody(
allowed_combinations = [
AuthenticationMethodModes.Password | AuthenticationMethodModes.Voice,
],
)
result = await graph_client.policies.authentication_strength_policies.by_authentication_strength_policy_id('authenticationStrengthPolicy-id').update_allowed_combinations.post(request_body)
Remarque : l’objet de réponse affiché ci-après peut être raccourci pour plus de lisibilité.
HTTP/1.1 200 OK
Content-Type: application/json
{
"@odata.type" : "#microsoft.graph.updateAllowedCombinationsResult",
"previousCombinations": [
"fido2",
"password, voice"
],
"currentCombinations": [
"password, voice"
],
"conditionalAccessReferences": [
"53a3968a-ae2c-4b82-a313-091d10c52bfa"
],
"additionalInformation": "You have lowered the security of the My Custom Strength authentication strength by adding a lower security combination. This Authentication Strength is referenced by one or more Conditional Access policies. Review conditionalAccessReferences to understand which Conditional Access policies were impacted by this change. To reverse your changes back, use updateAllowedCombinations action with the previousCombinations values."
}