fido2AuthenticationMethodConfiguration resource type

Namespace: microsoft.graph

Important

APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.

Represents a FIDO2 authentication methods policy. Authentication methods policies define configuration settings and users or groups who are enabled to use the authentication method.

Inherits from authenticationMethodConfiguration.

Methods

Method Return type Description
Get fido2AuthenticationMethodConfiguration Read the properties and relationships of a fido2AuthenticationMethodConfiguration object.
Update None Update the properties of a fido2AuthenticationMethodConfiguration object.
Delete None Reverts the fido2AuthenticationMethodConfiguration object to its default configuration.

Properties

Property Type Description
excludeTargets excludeTarget collection Groups of users that are excluded from the policy.
id String The authentication method policy identifier.
isAttestationEnforced Boolean Determines whether attestation must be enforced for FIDO2 security key registration.
isSelfServiceRegistrationAllowed Boolean Determines if users can register new FIDO2 security keys.
keyRestrictions fido2KeyRestrictions Controls whether key restrictions are enforced on FIDO2 security keys, either allowing or disallowing certain key types as defined by Authenticator Attestation GUID (AAGUID), an identifier that indicates the type (e.g. make and model) of the authenticator.
state authenticationMethodState Possible values are: enabled, disabled.

Relationships

Relationship Type Description
includeTargets authenticationMethodTarget collection A collection of groups that are enabled to use the authentication method.

The following JSON representation shows the resource type. The following is a JSON representation of the resource.

{
  "@odata.type": "#microsoft.graph.fido2AuthenticationMethodConfiguration",
  "id": "String (identifier)",
  "state": "String",
  "excludeTargets": [
    {
      "@odata.type": "microsoft.graph.excludeTarget"
    }
  ],
  "isSelfServiceRegistrationAllowed": "Boolean",
  "isAttestationEnforced": "Boolean",
  "keyRestrictions": {
    "@odata.type": "microsoft.graph.fido2KeyRestrictions"
  },
  "includeTargets": [ { "@odata.type": "microsoft.graph.authenticationMethodTarget" } ]
}