Gerir autenticação de aplicaçõesBehaviors

Artigo
08/22/2024

A propriedade authenticationBehaviors do objeto de aplicação permite-lhe configurar comportamentos de alteração interruptiva relacionados com a emissão de tokens. As aplicações podem adotar novas alterações interruptivas ao ativar um comportamento ou continuar a utilizar o comportamento pré-existente ao desativá-lo.

Os seguintes comportamentos são configuráveis:

Permitir ou impedir a emissão de afirmações de e-mail com proprietários de domínio não verificados.
Ative ou desative o acesso alargado Azure AD Graph até 30 de junho de 2025, quando o Azure AD Graph estiver totalmente descontinuado.
Exigir que as aplicações multi-inquilino tenham um principal de serviço no inquilino do recurso como parte das verificações de autorização antes de lhes ser concedido tokens de acesso.

Observação

A propriedade authenticationBehaviors do objeto de aplicação está atualmente disponível apenas em beta .

Ler a definição authenticationBehaviors para uma aplicação

A propriedade authenticationBehaviors é devolvida apenas nos $select pedidos.

Para ler a propriedade e outras propriedades especificadas de todas as aplicações no inquilino, execute o seguinte pedido de exemplo. O pedido devolve um 200 OK código de resposta e uma representação JSON do objeto da aplicação que mostra apenas as propriedades selecionadas.

GET https://graph.microsoft.com/beta/applications?$select=id,displayName,appId,authenticationBehaviors


// Code snippets are only available for the latest version. Current version is 5.x

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Applications.GetAsync((requestConfiguration) =>
{
	requestConfiguration.QueryParameters.Select = new string []{ "id","displayName","appId","authenticationBehaviors" };
});



mgc-beta applications list --select "id,displayName,appId,authenticationBehaviors"



// Code snippets are only available for the latest major version. Current major version is $v0.*

// Dependencies
import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
	  graphapplications "github.com/microsoftgraph/msgraph-beta-sdk-go/applications"
	  //other-imports
)

requestParameters := &graphapplications.ApplicationsRequestBuilderGetQueryParameters{
	Select: [] string {"id","displayName","appId","authenticationBehaviors"},
}
configuration := &graphapplications.ApplicationsRequestBuilderGetRequestConfiguration{
	QueryParameters: requestParameters,
}

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
applications, err := graphClient.Applications().Get(context.Background(), configuration)


// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

ApplicationCollectionResponse result = graphClient.applications().get(requestConfiguration -> {
	requestConfiguration.queryParameters.select = new String []{"id", "displayName", "appId", "authenticationBehaviors"};
});


const options = {
	authProvider,
};

const client = Client.init(options);

let applications = await client.api('/applications')
	.version('beta')
	.select('id,displayName,appId,authenticationBehaviors')
	.get();


<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Applications\ApplicationsRequestBuilderGetRequestConfiguration;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestConfiguration = new ApplicationsRequestBuilderGetRequestConfiguration();
$queryParameters = ApplicationsRequestBuilderGetRequestConfiguration::createQueryParameters();
$queryParameters->select = ["id","displayName","appId","authenticationBehaviors"];
$requestConfiguration->queryParameters = $queryParameters;


$result = $graphServiceClient->applications()->get($requestConfiguration)->wait();


Import-Module Microsoft.Graph.Beta.Applications

Get-MgBetaApplication -Property "id,displayName,appId,authenticationBehaviors"


# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.applications.applications_request_builder import ApplicationsRequestBuilder
from kiota_abstractions.base_request_configuration import RequestConfiguration
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
query_params = ApplicationsRequestBuilder.ApplicationsRequestBuilderGetQueryParameters(
		select = ["id","displayName","appId","authenticationBehaviors"],
)

request_configuration = RequestConfiguration(
query_parameters = query_params,
)

result = await graph_client.applications.get(request_configuration = request_configuration)

Para ler apenas a propriedade authenticationBehaviors de uma única aplicação, execute o seguinte pedido de exemplo.

GET https://graph.microsoft.com/beta/applications/03ef14b0-ca33-4840-8f4f-d6e91916010e/authenticationBehaviors

Snippet not available

Snippet not available

Snippet not available

Snippet not available


const options = {
	authProvider,
};

const client = Client.init(options);

let authenticationBehaviors = await client.api('/applications/03ef14b0-ca33-4840-8f4f-d6e91916010e/authenticationBehaviors')
	.version('beta')
	.get();

Snippet not available

Snippet not available

Snippet not available

Também pode utilizar a propriedade appId da seguinte forma:

GET https://graph.microsoft.com/beta/applications(appId='37bf1fd4-78b0-4fea-ac2d-6c82829e9365')/authenticationBehaviors

Impedir a emissão de afirmações de e-mail com proprietários de domínio não verificados

Conforme descrito no aviso de segurança da Microsoft Risco Potencial de Escalamento de Privilégios no Microsoft Entra Aplicações, as aplicações nunca devem utilizar a afirmação de e-mail para fins de autorização. Se a sua aplicação utilizar a afirmação de e-mail para fins de autorização ou identificação de utilizador principal, está sujeita a ataques de escalamento de conta e privilégios. Este risco de acesso não autorizado é especialmente identificado nos seguintes cenários:

Quando o atributo mail do objeto de utilizador contém um endereço de e-mail com um proprietário de domínio não verificado
Para aplicações multi-inquilino em que um utilizador de um inquilino pode escalar os seus privilégios para aceder aos recursos a partir de outro inquilino através da modificação do respetivo atributo de correio

Para obter mais informações sobre como identificar estes casos no seu inquilino, consulte Migrar para fora da utilização de afirmações de e-mail para identificação ou autorização de utilizador.

Atualmente, o comportamento predefinido é remover endereços de e-mail com proprietários de domínio não verificados em afirmações, exceto para aplicações de inquilino único e para aplicações multi-inquilino com atividade de início de sessão anterior com e-mails não verificados. Se a sua aplicação se enquadrar numa destas exceções e pretender remover endereços de e-mail não verificados, defina a propriedade removeUnverifiedEmailClaim de authenticationBehaviorstrue como ilustrado nos exemplos seguintes. A solicitação retorna o código de resposta 204 No Content.

Remover endereços de e-mail com proprietários de domínio não verificados de afirmações

Opção 1

Este padrão para especificar a propriedade no URL do pedido permite-lhe atualizar apenas a propriedade especificada no pedido.

PATCH https://graph.microsoft.com/beta/applications/03ef14b0-ca33-4840-8f4f-d6e91916010e/authenticationBehaviors
Content-Type: application/json

{
    "removeUnverifiedEmailClaim": true
}

Snippet not available

Snippet not available

Snippet not available

Snippet not available


const options = {
	authProvider,
};

const client = Client.init(options);

const authenticationBehaviors = {
    removeUnverifiedEmailClaim: true
};

await client.api('/applications/03ef14b0-ca33-4840-8f4f-d6e91916010e/authenticationBehaviors')
	.version('beta')
	.update(authenticationBehaviors);

Snippet not available

Snippet not available

Snippet not available

Opção 2

Este padrão para especificar a propriedade no corpo do pedido permite-lhe atualizar outras propriedades do elemento da rede no mesmo pedido.

PATCH https://graph.microsoft.com/beta/applications/03ef14b0-ca33-4840-8f4f-d6e91916010e
Content-Type: application/json

{
    "authenticationBehaviors": {
        "removeUnverifiedEmailClaim": true
    }
}


// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Beta.Models;

var requestBody = new Application
{
	AuthenticationBehaviors = new AuthenticationBehaviors
	{
		RemoveUnverifiedEmailClaim = true,
	},
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Applications["{application-id}"].PatchAsync(requestBody);



mgc-beta applications patch --application-id {application-id} --body '{\
    "authenticationBehaviors": {\
        "removeUnverifiedEmailClaim": true\
    }\
}\
'



// Code snippets are only available for the latest major version. Current major version is $v0.*

// Dependencies
import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
	  graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
	  //other-imports
)

requestBody := graphmodels.NewApplication()
authenticationBehaviors := graphmodels.NewAuthenticationBehaviors()
removeUnverifiedEmailClaim := true
authenticationBehaviors.SetRemoveUnverifiedEmailClaim(&removeUnverifiedEmailClaim) 
requestBody.SetAuthenticationBehaviors(authenticationBehaviors)

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
applications, err := graphClient.Applications().ByApplicationId("application-id").Patch(context.Background(), requestBody, nil)


// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

Application application = new Application();
AuthenticationBehaviors authenticationBehaviors = new AuthenticationBehaviors();
authenticationBehaviors.setRemoveUnverifiedEmailClaim(true);
application.setAuthenticationBehaviors(authenticationBehaviors);
Application result = graphClient.applications().byApplicationId("{application-id}").patch(application);


const options = {
	authProvider,
};

const client = Client.init(options);

const application = {
    authenticationBehaviors: {
        removeUnverifiedEmailClaim: true
    }
};

await client.api('/applications/03ef14b0-ca33-4840-8f4f-d6e91916010e')
	.version('beta')
	.update(application);


<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\Application;
use Microsoft\Graph\Beta\Generated\Models\AuthenticationBehaviors;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new Application();
$authenticationBehaviors = new AuthenticationBehaviors();
$authenticationBehaviors->setRemoveUnverifiedEmailClaim(true);
$requestBody->setAuthenticationBehaviors($authenticationBehaviors);

$result = $graphServiceClient->applications()->byApplicationId('application-id')->patch($requestBody)->wait();


Import-Module Microsoft.Graph.Beta.Applications

$params = @{
	authenticationBehaviors = @{
		removeUnverifiedEmailClaim = $true
	}
}

Update-MgBetaApplication -ApplicationId $applicationId -BodyParameter $params


# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.application import Application
from msgraph_beta.generated.models.authentication_behaviors import AuthenticationBehaviors
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = Application(
	authentication_behaviors = AuthenticationBehaviors(
		remove_unverified_email_claim = True,
	),
)

result = await graph_client.applications.by_application_id('application-id').patch(request_body)

Aceitar endereços de e-mail com proprietários de domínio não verificados em afirmações

Opção 1

PATCH https://graph.microsoft.com/beta/applications/03ef14b0-ca33-4840-8f4f-d6e91916010e/authenticationBehaviors
Content-Type: application/json

{
    "removeUnverifiedEmailClaim": false
}

Snippet not available

Snippet not available

Snippet not available

Snippet not available


const options = {
	authProvider,
};

const client = Client.init(options);

const authenticationBehaviors = {
    removeUnverifiedEmailClaim: false
};

await client.api('/applications/03ef14b0-ca33-4840-8f4f-d6e91916010e/authenticationBehaviors')
	.version('beta')
	.update(authenticationBehaviors);

Snippet not available

Snippet not available

Snippet not available

Opção 2

PATCH https://graph.microsoft.com/beta/applications/03ef14b0-ca33-4840-8f4f-d6e91916010e
Content-Type: application/json

{
    "authenticationBehaviors": {
        "removeUnverifiedEmailClaim": false
    }
}


// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Beta.Models;

var requestBody = new Application
{
	AuthenticationBehaviors = new AuthenticationBehaviors
	{
		RemoveUnverifiedEmailClaim = false,
	},
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Applications["{application-id}"].PatchAsync(requestBody);



mgc-beta applications patch --application-id {application-id} --body '{\
    "authenticationBehaviors": {\
        "removeUnverifiedEmailClaim": false\
    }\
}\
'



// Code snippets are only available for the latest major version. Current major version is $v0.*

// Dependencies
import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
	  graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
	  //other-imports
)

requestBody := graphmodels.NewApplication()
authenticationBehaviors := graphmodels.NewAuthenticationBehaviors()
removeUnverifiedEmailClaim := false
authenticationBehaviors.SetRemoveUnverifiedEmailClaim(&removeUnverifiedEmailClaim) 
requestBody.SetAuthenticationBehaviors(authenticationBehaviors)

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
applications, err := graphClient.Applications().ByApplicationId("application-id").Patch(context.Background(), requestBody, nil)


// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

Application application = new Application();
AuthenticationBehaviors authenticationBehaviors = new AuthenticationBehaviors();
authenticationBehaviors.setRemoveUnverifiedEmailClaim(false);
application.setAuthenticationBehaviors(authenticationBehaviors);
Application result = graphClient.applications().byApplicationId("{application-id}").patch(application);


const options = {
	authProvider,
};

const client = Client.init(options);

const application = {
    authenticationBehaviors: {
        removeUnverifiedEmailClaim: false
    }
};

await client.api('/applications/03ef14b0-ca33-4840-8f4f-d6e91916010e')
	.version('beta')
	.update(application);


<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\Application;
use Microsoft\Graph\Beta\Generated\Models\AuthenticationBehaviors;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new Application();
$authenticationBehaviors = new AuthenticationBehaviors();
$authenticationBehaviors->setRemoveUnverifiedEmailClaim(false);
$requestBody->setAuthenticationBehaviors($authenticationBehaviors);

$result = $graphServiceClient->applications()->byApplicationId('application-id')->patch($requestBody)->wait();


Import-Module Microsoft.Graph.Beta.Applications

$params = @{
	authenticationBehaviors = @{
		removeUnverifiedEmailClaim = $false
	}
}

Update-MgBetaApplication -ApplicationId $applicationId -BodyParameter $params


# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.application import Application
from msgraph_beta.generated.models.authentication_behaviors import AuthenticationBehaviors
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = Application(
	authentication_behaviors = AuthenticationBehaviors(
		remove_unverified_email_claim = False,
	),
)

result = await graph_client.applications.by_application_id('application-id').patch(request_body)

Restaurar o comportamento predefinido

Opção 1

PATCH https://graph.microsoft.com/beta/applications/03ef14b0-ca33-4840-8f4f-d6e91916010e/authenticationBehaviors
Content-Type: application/json

{
    "removeUnverifiedEmailClaim": null
}

Snippet not available

Snippet not available

Snippet not available

Snippet not available


const options = {
	authProvider,
};

const client = Client.init(options);

const authenticationBehaviors = {
    removeUnverifiedEmailClaim: null
};

await client.api('/applications/03ef14b0-ca33-4840-8f4f-d6e91916010e/authenticationBehaviors')
	.version('beta')
	.update(authenticationBehaviors);

Snippet not available

Snippet not available

Snippet not available

Opção 2

PATCH https://graph.microsoft.com/beta/applications/03ef14b0-ca33-4840-8f4f-d6e91916010e/
Content-Type: application/json

{
    "authenticationBehaviors": {
        "removeUnverifiedEmailClaim": null
    }
}


// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Beta.Models;

var requestBody = new Application
{
	AuthenticationBehaviors = new AuthenticationBehaviors
	{
		RemoveUnverifiedEmailClaim = null,
	},
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Applications["{application-id}"].PatchAsync(requestBody);



mgc-beta applications patch --application-id {application-id} --body '{\
    "authenticationBehaviors": {\
        "removeUnverifiedEmailClaim": null\
    }\
}\
'



// Code snippets are only available for the latest major version. Current major version is $v0.*

// Dependencies
import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
	  graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
	  //other-imports
)

requestBody := graphmodels.NewApplication()
authenticationBehaviors := graphmodels.NewAuthenticationBehaviors()
removeUnverifiedEmailClaim := null
authenticationBehaviors.SetRemoveUnverifiedEmailClaim(&removeUnverifiedEmailClaim) 
requestBody.SetAuthenticationBehaviors(authenticationBehaviors)

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
applications, err := graphClient.Applications().ByApplicationId("application-id").Patch(context.Background(), requestBody, nil)


// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

Application application = new Application();
AuthenticationBehaviors authenticationBehaviors = new AuthenticationBehaviors();
authenticationBehaviors.setRemoveUnverifiedEmailClaim(null);
application.setAuthenticationBehaviors(authenticationBehaviors);
Application result = graphClient.applications().byApplicationId("{application-id}").patch(application);


const options = {
	authProvider,
};

const client = Client.init(options);

const application = {
    authenticationBehaviors: {
        removeUnverifiedEmailClaim: null
    }
};

await client.api('/applications/03ef14b0-ca33-4840-8f4f-d6e91916010e/')
	.version('beta')
	.update(application);


<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\Application;
use Microsoft\Graph\Beta\Generated\Models\AuthenticationBehaviors;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new Application();
$authenticationBehaviors = new AuthenticationBehaviors();
$authenticationBehaviors->setRemoveUnverifiedEmailClaim(null);
$requestBody->setAuthenticationBehaviors($authenticationBehaviors);

$result = $graphServiceClient->applications()->byApplicationId('application-id')->patch($requestBody)->wait();


Import-Module Microsoft.Graph.Beta.Applications

$params = @{
	authenticationBehaviors = @{
		removeUnverifiedEmailClaim = $null
	}
}

Update-MgBetaApplication -ApplicationId $applicationId -BodyParameter $params


# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.application import Application
from msgraph_beta.generated.models.authentication_behaviors import AuthenticationBehaviors
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = Application(
	authentication_behaviors = AuthenticationBehaviors(
		remove_unverified_email_claim = None,
	),
)

result = await graph_client.applications.by_application_id('application-id').patch(request_body)

Permitir acesso alargado Azure AD Graph até 30 de junho de 2025

Por predefinição, as aplicações criadas após 31 de agosto de 2024 receberão um 403 Unauthorized erro ao fazer pedidos para Azure AD Graph APIs, a menos que estejam configuradas para permitir o acesso alargado Azure AD Graph. Além disso, as aplicações existentes criadas antes de 31 de agosto de 2024 e fazer pedidos para Azure AD Graph APIs têm de ser configuradas para permitir o acesso alargado Azure AD Graph até 1 de fevereiro de 2025. Este acesso alargado só está disponível até 30 de junho de 2025, altura em que Azure AD Graph está totalmente descontinuado. Após esta data, todas as aplicações receberão um 403 Unauthorized erro ao fazer pedidos para Azure AD Graph APIs, independentemente da configuração de acesso alargado. Para obter mais informações, consulte Atualização de junho de 2024 sobre Azure AD API do Graph extinção.

O pedido seguinte mostra como atualizar uma aplicação para ativar o acesso alargado Azure AD Graph. A solicitação retorna o código de resposta 204 No Content.

Opção 1

PATCH https://graph.microsoft.com/beta/applications/5c142e6f-0bd3-4e58-b510-8a106704f44f/authenticationBehaviors
Content-Type: application/json

{
    "blockAzureADGraphAccess": false
}

Snippet not available

Snippet not available

Snippet not available

Snippet not available


const options = {
	authProvider,
};

const client = Client.init(options);

const authenticationBehaviors = {
    blockAzureADGraphAccess: false
};

await client.api('/applications/5c142e6f-0bd3-4e58-b510-8a106704f44f/authenticationBehaviors')
	.version('beta')
	.update(authenticationBehaviors);

Snippet not available

Snippet not available

Snippet not available

Opção 2

PATCH https://graph.microsoft.com/beta/applications/5c142e6f-0bd3-4e58-b510-8a106704f44f
Content-Type: application/json

{
    "authenticationBehaviors": {
        "blockAzureADGraphAccess": false
    }
}


// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Beta.Models;

var requestBody = new Application
{
	AuthenticationBehaviors = new AuthenticationBehaviors
	{
		BlockAzureADGraphAccess = false,
	},
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Applications["{application-id}"].PatchAsync(requestBody);



mgc-beta applications patch --application-id {application-id} --body '{\
    "authenticationBehaviors": {\
        "blockAzureADGraphAccess": false\
    }\
}\
'



// Code snippets are only available for the latest major version. Current major version is $v0.*

// Dependencies
import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
	  graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
	  //other-imports
)

requestBody := graphmodels.NewApplication()
authenticationBehaviors := graphmodels.NewAuthenticationBehaviors()
blockAzureADGraphAccess := false
authenticationBehaviors.SetBlockAzureADGraphAccess(&blockAzureADGraphAccess) 
requestBody.SetAuthenticationBehaviors(authenticationBehaviors)

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
applications, err := graphClient.Applications().ByApplicationId("application-id").Patch(context.Background(), requestBody, nil)


// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

Application application = new Application();
AuthenticationBehaviors authenticationBehaviors = new AuthenticationBehaviors();
authenticationBehaviors.setBlockAzureADGraphAccess(false);
application.setAuthenticationBehaviors(authenticationBehaviors);
Application result = graphClient.applications().byApplicationId("{application-id}").patch(application);


const options = {
	authProvider,
};

const client = Client.init(options);

const application = {
    authenticationBehaviors: {
        blockAzureADGraphAccess: false
    }
};

await client.api('/applications/5c142e6f-0bd3-4e58-b510-8a106704f44f')
	.version('beta')
	.update(application);


<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\Application;
use Microsoft\Graph\Beta\Generated\Models\AuthenticationBehaviors;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new Application();
$authenticationBehaviors = new AuthenticationBehaviors();
$authenticationBehaviors->setBlockAzureADGraphAccess(false);
$requestBody->setAuthenticationBehaviors($authenticationBehaviors);

$result = $graphServiceClient->applications()->byApplicationId('application-id')->patch($requestBody)->wait();


Import-Module Microsoft.Graph.Beta.Applications

$params = @{
	authenticationBehaviors = @{
		blockAzureADGraphAccess = $false
	}
}

Update-MgBetaApplication -ApplicationId $applicationId -BodyParameter $params


# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.application import Application
from msgraph_beta.generated.models.authentication_behaviors import AuthenticationBehaviors
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = Application(
	authentication_behaviors = AuthenticationBehaviors(
		block_azure_a_d_graph_access = False,
	),
)

result = await graph_client.applications.by_application_id('application-id').patch(request_body)

Compartilhar via

Gerir autenticação de aplicaçõesBehaviors

Ler a definição authenticationBehaviors para uma aplicação

Impedir a emissão de afirmações de e-mail com proprietários de domínio não verificados

Remover endereços de e-mail com proprietários de domínio não verificados de afirmações

Opção 1

Opção 2

Aceitar endereços de e-mail com proprietários de domínio não verificados em afirmações

Opção 1

Opção 2

Restaurar o comportamento predefinido

Opção 1

Opção 2

Permitir acesso alargado Azure AD Graph até 30 de junho de 2025

Opção 1

Opção 2

Comentários

Recursos adicionais

Compartilhar via

Gerir autenticação de aplicaçõesBehaviors

Ler a definição authenticationBehaviors para uma aplicação

Impedir a emissão de afirmações de e-mail com proprietários de domínio não verificados

Remover endereços de e-mail com proprietários de domínio não verificados de afirmações

Opção 1

Opção 2

Aceitar endereços de e-mail com proprietários de domínio não verificados em afirmações

Opção 1

Opção 2

Restaurar o comportamento predefinido

Opção 1

Opção 2

Permitir acesso alargado Azure AD Graph até 30 de junho de 2025

Opção 1

Opção 2

Conteúdo relacionado

Comentários

Recursos adicionais