Выберите разрешение или разрешения, помеченные как наименее привилегированные для этого API. Используйте более привилегированное разрешение или разрешения только в том случае, если это требуется приложению. Дополнительные сведения о делегированных разрешениях и разрешениях приложений см. в разделе Типы разрешений. Дополнительные сведения об этих разрешениях см. в справочнике по разрешениям.
В следующей таблице указаны свойства, которые можно обновить.
PATCH https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/x509Certificate
Content-Type: application/json
{
"@odata.type": "#microsoft.graph.x509CertificateAuthenticationMethodConfiguration",
"id": "X509Certificate",
"state": "enabled",
"certificateUserBindings": [
{
"x509CertificateField": "PrincipalName",
"userProperty": "onPremisesUserPrincipalName",
"priority": 1
}
],
"authenticationModeConfiguration": {
"x509CertificateAuthenticationDefaultMode": "x509CertificateMultiFactor",
"rules": [
{
"x509CertificateRuleType": "issuerSubject",
"identifier": "CN=ContosoCA,DC=Contoso,DC=org ",
"x509CertificateAuthenticationMode": "x509CertificateMultiFactor"
},
{
"x509CertificateRuleType": "policyOID",
"identifier": "1.2.3.4",
"x509CertificateAuthenticationMode": "x509CertificateMultiFactor"
}
]
},
"issuerHintsConfiguration": {
"state": "disabled"
},
"includeTargets": [
{
"targetType": "group",
"id": "all_users",
"isRegistrationRequired": false
}
]
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new X509CertificateAuthenticationMethodConfiguration
{
OdataType = "#microsoft.graph.x509CertificateAuthenticationMethodConfiguration",
Id = "X509Certificate",
State = AuthenticationMethodState.Enabled,
CertificateUserBindings = new List<X509CertificateUserBinding>
{
new X509CertificateUserBinding
{
X509CertificateField = "PrincipalName",
UserProperty = "onPremisesUserPrincipalName",
Priority = 1,
},
},
AuthenticationModeConfiguration = new X509CertificateAuthenticationModeConfiguration
{
X509CertificateAuthenticationDefaultMode = X509CertificateAuthenticationMode.X509CertificateMultiFactor,
Rules = new List<X509CertificateRule>
{
new X509CertificateRule
{
X509CertificateRuleType = X509CertificateRuleType.IssuerSubject,
Identifier = "CN=ContosoCA,DC=Contoso,DC=org ",
X509CertificateAuthenticationMode = X509CertificateAuthenticationMode.X509CertificateMultiFactor,
},
new X509CertificateRule
{
X509CertificateRuleType = X509CertificateRuleType.PolicyOID,
Identifier = "1.2.3.4",
X509CertificateAuthenticationMode = X509CertificateAuthenticationMode.X509CertificateMultiFactor,
},
},
},
IssuerHintsConfiguration = new X509CertificateIssuerHintsConfiguration
{
State = X509CertificateIssuerHintsState.Disabled,
},
IncludeTargets = new List<AuthenticationMethodTarget>
{
new AuthenticationMethodTarget
{
TargetType = AuthenticationMethodTargetType.Group,
Id = "all_users",
IsRegistrationRequired = false,
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Policies.AuthenticationMethodsPolicy.AuthenticationMethodConfigurations["{authenticationMethodConfiguration-id}"].PatchAsync(requestBody);
mgc-beta policies authentication-methods-policy authentication-method-configurations patch --authentication-method-configuration-id {authenticationMethodConfiguration-id} --body '{\
"@odata.type": "#microsoft.graph.x509CertificateAuthenticationMethodConfiguration",\
"id": "X509Certificate",\
"state": "enabled",\
"certificateUserBindings": [\
{\
"x509CertificateField": "PrincipalName",\
"userProperty": "onPremisesUserPrincipalName",\
"priority": 1\
}\
],\
"authenticationModeConfiguration": {\
"x509CertificateAuthenticationDefaultMode": "x509CertificateMultiFactor",\
"rules": [\
{\
"x509CertificateRuleType": "issuerSubject",\
"identifier": "CN=ContosoCA,DC=Contoso,DC=org ",\
"x509CertificateAuthenticationMode": "x509CertificateMultiFactor"\
},\
{\
"x509CertificateRuleType": "policyOID",\
"identifier": "1.2.3.4",\
"x509CertificateAuthenticationMode": "x509CertificateMultiFactor"\
}\
]\
},\
"issuerHintsConfiguration": {\
"state": "disabled"\
},\
"includeTargets": [\
{\
"targetType": "group",\
"id": "all_users",\
"isRegistrationRequired": false\
}\
]\
}\
'
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewAuthenticationMethodConfiguration()
id := "X509Certificate"
requestBody.SetId(&id)
state := graphmodels.ENABLED_AUTHENTICATIONMETHODSTATE
requestBody.SetState(&state)
x509CertificateUserBinding := graphmodels.NewX509CertificateUserBinding()
x509CertificateField := "PrincipalName"
x509CertificateUserBinding.SetX509CertificateField(&x509CertificateField)
userProperty := "onPremisesUserPrincipalName"
x509CertificateUserBinding.SetUserProperty(&userProperty)
priority := int32(1)
x509CertificateUserBinding.SetPriority(&priority)
certificateUserBindings := []graphmodels.X509CertificateUserBindingable {
x509CertificateUserBinding,
}
requestBody.SetCertificateUserBindings(certificateUserBindings)
authenticationModeConfiguration := graphmodels.NewX509CertificateAuthenticationModeConfiguration()
x509CertificateAuthenticationDefaultMode := graphmodels.X509CERTIFICATEMULTIFACTOR_X509CERTIFICATEAUTHENTICATIONMODE
authenticationModeConfiguration.SetX509CertificateAuthenticationDefaultMode(&x509CertificateAuthenticationDefaultMode)
x509CertificateRule := graphmodels.NewX509CertificateRule()
x509CertificateRuleType := graphmodels.ISSUERSUBJECT_X509CERTIFICATERULETYPE
x509CertificateRule.SetX509CertificateRuleType(&x509CertificateRuleType)
identifier := "CN=ContosoCA,DC=Contoso,DC=org "
x509CertificateRule.SetIdentifier(&identifier)
x509CertificateAuthenticationMode := graphmodels.X509CERTIFICATEMULTIFACTOR_X509CERTIFICATEAUTHENTICATIONMODE
x509CertificateRule.SetX509CertificateAuthenticationMode(&x509CertificateAuthenticationMode)
x509CertificateRule1 := graphmodels.NewX509CertificateRule()
x509CertificateRuleType := graphmodels.POLICYOID_X509CERTIFICATERULETYPE
x509CertificateRule1.SetX509CertificateRuleType(&x509CertificateRuleType)
identifier := "1.2.3.4"
x509CertificateRule1.SetIdentifier(&identifier)
x509CertificateAuthenticationMode := graphmodels.X509CERTIFICATEMULTIFACTOR_X509CERTIFICATEAUTHENTICATIONMODE
x509CertificateRule1.SetX509CertificateAuthenticationMode(&x509CertificateAuthenticationMode)
rules := []graphmodels.X509CertificateRuleable {
x509CertificateRule,
x509CertificateRule1,
}
authenticationModeConfiguration.SetRules(rules)
requestBody.SetAuthenticationModeConfiguration(authenticationModeConfiguration)
issuerHintsConfiguration := graphmodels.NewX509CertificateIssuerHintsConfiguration()
state := graphmodels.DISABLED_X509CERTIFICATEISSUERHINTSSTATE
issuerHintsConfiguration.SetState(&state)
requestBody.SetIssuerHintsConfiguration(issuerHintsConfiguration)
authenticationMethodTarget := graphmodels.NewAuthenticationMethodTarget()
targetType := graphmodels.GROUP_AUTHENTICATIONMETHODTARGETTYPE
authenticationMethodTarget.SetTargetType(&targetType)
id := "all_users"
authenticationMethodTarget.SetId(&id)
isRegistrationRequired := false
authenticationMethodTarget.SetIsRegistrationRequired(&isRegistrationRequired)
includeTargets := []graphmodels.AuthenticationMethodTargetable {
authenticationMethodTarget,
}
requestBody.SetIncludeTargets(includeTargets)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
authenticationMethodConfigurations, err := graphClient.Policies().AuthenticationMethodsPolicy().AuthenticationMethodConfigurations().ByAuthenticationMethodConfigurationId("authenticationMethodConfiguration-id").Patch(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
X509CertificateAuthenticationMethodConfiguration authenticationMethodConfiguration = new X509CertificateAuthenticationMethodConfiguration();
authenticationMethodConfiguration.setOdataType("#microsoft.graph.x509CertificateAuthenticationMethodConfiguration");
authenticationMethodConfiguration.setId("X509Certificate");
authenticationMethodConfiguration.setState(AuthenticationMethodState.Enabled);
LinkedList<X509CertificateUserBinding> certificateUserBindings = new LinkedList<X509CertificateUserBinding>();
X509CertificateUserBinding x509CertificateUserBinding = new X509CertificateUserBinding();
x509CertificateUserBinding.setX509CertificateField("PrincipalName");
x509CertificateUserBinding.setUserProperty("onPremisesUserPrincipalName");
x509CertificateUserBinding.setPriority(1);
certificateUserBindings.add(x509CertificateUserBinding);
authenticationMethodConfiguration.setCertificateUserBindings(certificateUserBindings);
X509CertificateAuthenticationModeConfiguration authenticationModeConfiguration = new X509CertificateAuthenticationModeConfiguration();
authenticationModeConfiguration.setX509CertificateAuthenticationDefaultMode(X509CertificateAuthenticationMode.X509CertificateMultiFactor);
LinkedList<X509CertificateRule> rules = new LinkedList<X509CertificateRule>();
X509CertificateRule x509CertificateRule = new X509CertificateRule();
x509CertificateRule.setX509CertificateRuleType(X509CertificateRuleType.IssuerSubject);
x509CertificateRule.setIdentifier("CN=ContosoCA,DC=Contoso,DC=org ");
x509CertificateRule.setX509CertificateAuthenticationMode(X509CertificateAuthenticationMode.X509CertificateMultiFactor);
rules.add(x509CertificateRule);
X509CertificateRule x509CertificateRule1 = new X509CertificateRule();
x509CertificateRule1.setX509CertificateRuleType(X509CertificateRuleType.PolicyOID);
x509CertificateRule1.setIdentifier("1.2.3.4");
x509CertificateRule1.setX509CertificateAuthenticationMode(X509CertificateAuthenticationMode.X509CertificateMultiFactor);
rules.add(x509CertificateRule1);
authenticationModeConfiguration.setRules(rules);
authenticationMethodConfiguration.setAuthenticationModeConfiguration(authenticationModeConfiguration);
X509CertificateIssuerHintsConfiguration issuerHintsConfiguration = new X509CertificateIssuerHintsConfiguration();
issuerHintsConfiguration.setState(X509CertificateIssuerHintsState.Disabled);
authenticationMethodConfiguration.setIssuerHintsConfiguration(issuerHintsConfiguration);
LinkedList<AuthenticationMethodTarget> includeTargets = new LinkedList<AuthenticationMethodTarget>();
AuthenticationMethodTarget authenticationMethodTarget = new AuthenticationMethodTarget();
authenticationMethodTarget.setTargetType(AuthenticationMethodTargetType.Group);
authenticationMethodTarget.setId("all_users");
authenticationMethodTarget.setIsRegistrationRequired(false);
includeTargets.add(authenticationMethodTarget);
authenticationMethodConfiguration.setIncludeTargets(includeTargets);
AuthenticationMethodConfiguration result = graphClient.policies().authenticationMethodsPolicy().authenticationMethodConfigurations().byAuthenticationMethodConfigurationId("{authenticationMethodConfiguration-id}").patch(authenticationMethodConfiguration);
const options = {
authProvider,
};
const client = Client.init(options);
const authenticationMethodConfiguration = {
'@odata.type': '#microsoft.graph.x509CertificateAuthenticationMethodConfiguration',
id: 'X509Certificate',
state: 'enabled',
certificateUserBindings: [
{
x509CertificateField: 'PrincipalName',
userProperty: 'onPremisesUserPrincipalName',
priority: 1
}
],
authenticationModeConfiguration: {
x509CertificateAuthenticationDefaultMode: 'x509CertificateMultiFactor',
rules: [
{
x509CertificateRuleType: 'issuerSubject',
identifier: 'CN=ContosoCA,DC=Contoso,DC=org ',
x509CertificateAuthenticationMode: 'x509CertificateMultiFactor'
},
{
x509CertificateRuleType: 'policyOID',
identifier: '1.2.3.4',
x509CertificateAuthenticationMode: 'x509CertificateMultiFactor'
}
]
},
issuerHintsConfiguration: {
state: 'disabled'
},
includeTargets: [
{
targetType: 'group',
id: 'all_users',
isRegistrationRequired: false
}
]
};
await client.api('/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/x509Certificate')
.version('beta')
.update(authenticationMethodConfiguration);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\X509CertificateAuthenticationMethodConfiguration;
use Microsoft\Graph\Beta\Generated\Models\AuthenticationMethodState;
use Microsoft\Graph\Beta\Generated\Models\X509CertificateUserBinding;
use Microsoft\Graph\Beta\Generated\Models\X509CertificateAuthenticationModeConfiguration;
use Microsoft\Graph\Beta\Generated\Models\X509CertificateAuthenticationMode;
use Microsoft\Graph\Beta\Generated\Models\X509CertificateRule;
use Microsoft\Graph\Beta\Generated\Models\X509CertificateRuleType;
use Microsoft\Graph\Beta\Generated\Models\X509CertificateIssuerHintsConfiguration;
use Microsoft\Graph\Beta\Generated\Models\X509CertificateIssuerHintsState;
use Microsoft\Graph\Beta\Generated\Models\AuthenticationMethodTarget;
use Microsoft\Graph\Beta\Generated\Models\AuthenticationMethodTargetType;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new X509CertificateAuthenticationMethodConfiguration();
$requestBody->setOdataType('#microsoft.graph.x509CertificateAuthenticationMethodConfiguration');
$requestBody->setId('X509Certificate');
$requestBody->setState(new AuthenticationMethodState('enabled'));
$certificateUserBindingsX509CertificateUserBinding1 = new X509CertificateUserBinding();
$certificateUserBindingsX509CertificateUserBinding1->setX509CertificateField('PrincipalName');
$certificateUserBindingsX509CertificateUserBinding1->setUserProperty('onPremisesUserPrincipalName');
$certificateUserBindingsX509CertificateUserBinding1->setPriority(1);
$certificateUserBindingsArray []= $certificateUserBindingsX509CertificateUserBinding1;
$requestBody->setCertificateUserBindings($certificateUserBindingsArray);
$authenticationModeConfiguration = new X509CertificateAuthenticationModeConfiguration();
$authenticationModeConfiguration->setX509CertificateAuthenticationDefaultMode(new X509CertificateAuthenticationMode('x509CertificateMultiFactor'));
$rulesX509CertificateRule1 = new X509CertificateRule();
$rulesX509CertificateRule1->setX509CertificateRuleType(new X509CertificateRuleType('issuerSubject'));
$rulesX509CertificateRule1->setIdentifier('CN=ContosoCA,DC=Contoso,DC=org ');
$rulesX509CertificateRule1->setX509CertificateAuthenticationMode(new X509CertificateAuthenticationMode('x509CertificateMultiFactor'));
$rulesArray []= $rulesX509CertificateRule1;
$rulesX509CertificateRule2 = new X509CertificateRule();
$rulesX509CertificateRule2->setX509CertificateRuleType(new X509CertificateRuleType('policyOID'));
$rulesX509CertificateRule2->setIdentifier('1.2.3.4');
$rulesX509CertificateRule2->setX509CertificateAuthenticationMode(new X509CertificateAuthenticationMode('x509CertificateMultiFactor'));
$rulesArray []= $rulesX509CertificateRule2;
$authenticationModeConfiguration->setRules($rulesArray);
$requestBody->setAuthenticationModeConfiguration($authenticationModeConfiguration);
$issuerHintsConfiguration = new X509CertificateIssuerHintsConfiguration();
$issuerHintsConfiguration->setState(new X509CertificateIssuerHintsState('disabled'));
$requestBody->setIssuerHintsConfiguration($issuerHintsConfiguration);
$includeTargetsAuthenticationMethodTarget1 = new AuthenticationMethodTarget();
$includeTargetsAuthenticationMethodTarget1->setTargetType(new AuthenticationMethodTargetType('group'));
$includeTargetsAuthenticationMethodTarget1->setId('all_users');
$includeTargetsAuthenticationMethodTarget1->setIsRegistrationRequired(false);
$includeTargetsArray []= $includeTargetsAuthenticationMethodTarget1;
$requestBody->setIncludeTargets($includeTargetsArray);
$result = $graphServiceClient->policies()->authenticationMethodsPolicy()->authenticationMethodConfigurations()->byAuthenticationMethodConfigurationId('authenticationMethodConfiguration-id')->patch($requestBody)->wait();
Import-Module Microsoft.Graph.Beta.Identity.SignIns
$params = @{
"@odata.type" = "#microsoft.graph.x509CertificateAuthenticationMethodConfiguration"
id = "X509Certificate"
state = "enabled"
certificateUserBindings = @(
@{
x509CertificateField = "PrincipalName"
userProperty = "onPremisesUserPrincipalName"
priority =
}
)
authenticationModeConfiguration = @{
x509CertificateAuthenticationDefaultMode = "x509CertificateMultiFactor"
rules = @(
@{
x509CertificateRuleType = "issuerSubject"
identifier = "CN=ContosoCA,DC=Contoso,DC=org "
x509CertificateAuthenticationMode = "x509CertificateMultiFactor"
}
@{
x509CertificateRuleType = "policyOID"
identifier = "1.2.3.4"
x509CertificateAuthenticationMode = "x509CertificateMultiFactor"
}
)
}
issuerHintsConfiguration = @{
state = "disabled"
}
includeTargets = @(
@{
targetType = "group"
id = "all_users"
isRegistrationRequired = $false
}
)
}
Update-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration -AuthenticationMethodConfigurationId $authenticationMethodConfigurationId -BodyParameter $params
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.x509_certificate_authentication_method_configuration import X509CertificateAuthenticationMethodConfiguration
from msgraph_beta.generated.models.authentication_method_state import AuthenticationMethodState
from msgraph_beta.generated.models.x509_certificate_user_binding import X509CertificateUserBinding
from msgraph_beta.generated.models.x509_certificate_authentication_mode_configuration import X509CertificateAuthenticationModeConfiguration
from msgraph_beta.generated.models.x509_certificate_authentication_mode import X509CertificateAuthenticationMode
from msgraph_beta.generated.models.x509_certificate_rule import X509CertificateRule
from msgraph_beta.generated.models.x509_certificate_rule_type import X509CertificateRuleType
from msgraph_beta.generated.models.x509_certificate_issuer_hints_configuration import X509CertificateIssuerHintsConfiguration
from msgraph_beta.generated.models.x509_certificate_issuer_hints_state import X509CertificateIssuerHintsState
from msgraph_beta.generated.models.authentication_method_target import AuthenticationMethodTarget
from msgraph_beta.generated.models.authentication_method_target_type import AuthenticationMethodTargetType
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = X509CertificateAuthenticationMethodConfiguration(
odata_type = "#microsoft.graph.x509CertificateAuthenticationMethodConfiguration",
id = "X509Certificate",
state = AuthenticationMethodState.Enabled,
certificate_user_bindings = [
X509CertificateUserBinding(
x509_certificate_field = "PrincipalName",
user_property = "onPremisesUserPrincipalName",
priority = 1,
),
],
authentication_mode_configuration = X509CertificateAuthenticationModeConfiguration(
x509_certificate_authentication_default_mode = X509CertificateAuthenticationMode.X509CertificateMultiFactor,
rules = [
X509CertificateRule(
x509_certificate_rule_type = X509CertificateRuleType.IssuerSubject,
identifier = "CN=ContosoCA,DC=Contoso,DC=org ",
x509_certificate_authentication_mode = X509CertificateAuthenticationMode.X509CertificateMultiFactor,
),
X509CertificateRule(
x509_certificate_rule_type = X509CertificateRuleType.PolicyOID,
identifier = "1.2.3.4",
x509_certificate_authentication_mode = X509CertificateAuthenticationMode.X509CertificateMultiFactor,
),
],
),
issuer_hints_configuration = X509CertificateIssuerHintsConfiguration(
state = X509CertificateIssuerHintsState.Disabled,
),
include_targets = [
AuthenticationMethodTarget(
target_type = AuthenticationMethodTargetType.Group,
id = "all_users",
is_registration_required = False,
),
],
)
result = await graph_client.policies.authentication_methods_policy.authentication_method_configurations.by_authentication_method_configuration_id('authenticationMethodConfiguration-id').patch(request_body)