ESC
Type to search...
Navigate Open ESC Close

Policy.ReadWrite.AuthenticationMethod

Export JSON
Export CSV
Copy URL
Print
ApplicationDelegated Read/Write User Scope

Allows the app to read and write all authentication method policies for the tenant, without a signed-in user.

Permission data: April 6, 2026 at 4:06 AM UTC
Delegated Access App-Only Access

Permission Details

Application Permission

Read and write all authentication method policies

Allows the app to read and write all authentication method policies for the tenant, without a signed-in user.

Permission ID: 29c18626-4985-4dcd-85c0-193eef327366
Delegated Permission Admin consent required

Read and write authentication method policies

Allows the app to read and write the authentication method policies, on behalf of the signed-in user.

User sees: Allows the app to read and write the authentication method policies for your tenant, on your behalf.
Permission ID: 7e823077-d88e-468f-a337-e18f1f0e6c7c

Properties

Microsoft Graph v1.0 mapped-docs

Properties is shown from stable Microsoft Graph v1.0 metadata.

Property Type Description
id String Unique identifier of the policy. Inherited from entity.
activityBasedTimeoutPolicies activityBasedTimeoutPolicy collection The policy that controls the idle time out for web sessions for applications.
adminConsentRequestPolicy object The policy by which consent requests are created and managed for the entire tenant.
appManagementPolicies appManagementPolicy collection The policies that enforce app management restrictions for specific applications and service principals, overriding the defaultAppManagementPolicy.
authenticationFlowsPolicy object The policy configuration of the self-service sign-up experience of external users.
authenticationMethodsPolicy object The authentication methods and the users that are allowed to use them to sign in and perform multifactor authentication (MFA) in Microsoft Entra ID.
authenticationStrengthPolicies authenticationStrengthPolicy collection The authentication method combinations that are to be used in scenarios defined by Microsoft Entra Conditional Access.
authorizationPolicy object The policy that controls Microsoft Entra authorization settings.
claimsMappingPolicies claimsMappingPolicy collection The claim-mapping policies for WS-Fed, SAML, OAuth 2.0, and OpenID Connect protocols, for tokens issued to a specific application.
conditionalAccessPolicies conditionalAccessPolicy collection The custom rules that define an access scenario.
crossTenantAccessPolicy object The custom rules that define an access scenario when interacting with external Microsoft Entra tenants.
defaultAppManagementPolicy object The tenant-wide policy that enforces app management restrictions for all applications and service principals.
deviceRegistrationPolicy object
featureRolloutPolicies featureRolloutPolicy collection The feature rollout policy associated with a directory object.
homeRealmDiscoveryPolicies homeRealmDiscoveryPolicy collection The policy to control Microsoft Entra authentication behavior for federated users.

Showing 15 of 21 properties.

JSON Representation

Microsoft Graph v1.0 mapped-docs

JSON representation is shown from stable Microsoft Graph v1.0 metadata.

JSON representation 
{
  "@odata.type": "#microsoft.graph.policyRoot",
  "id": "String (identifier)"
}

Relationships

Microsoft Graph v1.0 mapped-docs

Relationships is shown from stable Microsoft Graph v1.0 metadata.

Relationship Type Description
activityBasedTimeoutPolicies activityBasedTimeoutPolicy collection The policy that controls the idle time out for web sessions for applications.
adminConsentRequestPolicy adminConsentRequestPolicy The policy by which consent requests are created and managed for the entire tenant.
appManagementPolicies appManagementPolicy collection The policies that enforce app management restrictions for specific applications and service principals, overriding the defaultAppManagementPolicy.
authenticationFlowsPolicy authenticationFlowsPolicy The policy configuration of the self-service sign-up experience of external users.
authenticationMethodsPolicy authenticationMethodsPolicy The authentication methods and the users that are allowed to use them to sign in and perform multifactor authentication (MFA) in Microsoft Entra ID.
authenticationStrengthPolicies authenticationStrengthPolicy collection The authentication method combinations that are to be used in scenarios defined by Microsoft Entra Conditional Access.
authorizationPolicy authorizationPolicy collection The policy that controls Microsoft Entra authorization settings.
claimsMappingPolicies claimsMappingPolicy collection The claim-mapping policies for WS-Fed, SAML, OAuth 2.0, and OpenID Connect protocols, for tokens issued to a specific application.
conditionalAccessPolicies conditionalAccessPolicy The custom rules that define an access scenario.
crossTenantAccessPolicy crossTenantAccessPolicy The custom rules that define an access scenario when interacting with external Microsoft Entra tenants.
defaultAppManagementPolicy tenantAppManagementPolicy The tenant-wide policy that enforces app management restrictions for all applications and service principals.
featureRolloutPolicies featureRolloutPolicy collection The feature rollout policy associated with a directory object.
homeRealmDiscoveryPolicies homeRealmDiscoveryPolicy collection The policy to control Microsoft Entra authentication behavior for federated users.
identitySecurityDefaultsEnforcementPolicy identitySecurityDefaultsEnforcementPolicy The policy that represents the security defaults that protect against common attacks.
permissionGrantPolicies permissionGrantPolicy collection The policy that specifies the conditions under which consent can be granted.
roleManagementPolicies unifiedRoleManagementPolicy collection Specifies the various policies associated with scopes and roles.
roleManagementPolicyAssignments unifiedRoleManagementPolicyAssignment collection The assignment of a role management policy to a role definition object.
tokenIssuancePolicies tokenIssuancePolicy collection The policy that specifies the characteristics of SAML tokens issued by Microsoft Entra ID.
tokenLifetimePolicies tokenLifetimePolicy collection The policy that controls the lifetime of a JWT access token, an ID token, or a SAML 1.1/2.0 token issued by Microsoft Entra ID.
b2bManagementPolicies b2bManagementPolicy collection The policy to manage Microsoft Entra B2B features in Microsoft Entra External ID for workforce tenants.
mobileAppManagementPolicies mobileAppManagementPolicy collection The policy that defines autoenrollment configuration for a mobility management (MDM or MAM) application.
mobileDeviceManagementPolicies mobileDeviceManagementPolicy collection Related mobileDeviceManagementPolicies data exposed by this resource.
onPremAuthenticationPolicies onPremAuthenticationPolicy collection The policy that controls how authentication requests from on-premises environments are managed.
permissionGrantPreApprovalPolicies permissionGrantPreApprovalPolicy collection Policies that specify the conditions under which consent can be granted to a specific application.
servicePrincipalCreationPolicies servicePrincipalCreationPolicy collection Related servicePrincipalCreationPolicies data exposed by this resource.

Graph Methods

Delegated access App-only access
Exact Microsoft Learn match

Microsoft Graph v1.0 endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

Methods
GET /identity/conditionalAccess/authenticationStrength/authenticationMethodModes
GET /identity/conditionalAccess/authenticationStrength/authenticationMethodModes/{authenticationMethodModeDetailId}
GET /identity/conditionalAccess/authenticationStrength/combinations
GET /identity/conditionalAccess/authenticationStrength/policies/{authenticationStrengthPolicyId}/combinationConfigurations
GET /identity/conditionalAccess/authenticationStrength/policies/{authenticationStrengthPolicyId}/combinationConfigurations/{authenticationCombinationConfigurationId}
GET /policies/authenticationMethodsPolicy
GET /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/{id}
GET /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/email
GET /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/fido2
GET /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/microsoftAuthenticator
GET /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/qrCodePin
GET /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/sms
GET /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/softwareOath
GET /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/temporaryAccessPass
GET /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/voice
GET /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/x509Certificate
GET /policies/authenticationStrengthPolicies
GET /policies/authenticationStrengthPolicies/{authenticationStrengthPolicyId}
GET /policies/authenticationStrengthPolicies/{authenticationStrengthPolicyId}/usage
POST /identity/conditionalAccess/authenticationStrength/policies/{authenticationStrengthPolicyId}/combinationConfigurations
POST /policies/authenticationStrengthPolicies
POST /policies/authenticationStrengthPolicies/{authenticationStrengthPolicyId}/updateAllowedCombinations
PATCH /identity/conditionalAccess/authenticationStrength/policies/{authenticationStrengthPolicyId}/combinationConfigurations/{authenticationCombinationConfigurationId}
PATCH /policies/authenticationMethodsPolicy
PATCH /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/{id}
PATCH /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/email
PATCH /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/fido2
PATCH /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/microsoftAuthenticator
PATCH /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/qrCodePin
PATCH /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/sms
PATCH /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/softwareOath
PATCH /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/TemporaryAccessPass
PATCH /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/voice
PATCH /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/x509Certificate
PATCH /policies/authenticationStrengthPolicies/{authenticationStrengthPolicyId}
DELETE /identity/conditionalAccess/authenticationStrength/policies/{authenticationStrengthPolicyId}/combinationConfigurations/{authenticationCombinationConfigurationId}
DELETE /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/{id}
DELETE /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/email
DELETE /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/fido2
DELETE /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/microsoftAuthenticator
DELETE /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/qrCodePin
DELETE /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/sms
DELETE /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/softwareOath
DELETE /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/temporaryAccessPass
DELETE /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/voice
DELETE /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/x509Certificate
DELETE /policies/authenticationStrengthPolicies/{authenticationStrengthPolicyId}
Exact Microsoft Learn match

Microsoft Graph beta endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

Methods
GET /directory/authenticationMethodDevices/hardwareOathDevices
GET /directory/authenticationMethodDevices/hardwareOathDevices/{hardwareOathTokenAuthenticationMethodDeviceId}
GET /identity/conditionalAccess/authenticationStrength/authenticationMethodModes
GET /identity/conditionalAccess/authenticationStrength/authenticationMethodModes/{authenticationMethodModeDetailId}
GET /identity/conditionalAccess/authenticationStrength/combinations
GET /identity/conditionalAccess/authenticationStrength/policies/{authenticationStrengthPolicyId}/combinationConfigurations
GET /identity/conditionalAccess/authenticationStrength/policies/{authenticationStrengthPolicyId}/combinationConfigurations/{authenticationCombinationConfigurationId}
GET /me/authentication/requirements
GET /policies/authenticationMethodsPolicy
GET /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/{id}
GET /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/email
GET /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/fido2
GET /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/hardwareOath
GET /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/microsoftAuthenticator
GET /policies/authenticationmethodspolicy/authenticationmethodconfigurations/qrcodepin
GET /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/sms
GET /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/softwareOath
GET /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/temporaryAccessPass
GET /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/VerifiableCredentials
GET /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/VerifiableCredentials/{id}
GET /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/voice
GET /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/x509Certificate
GET /policies/authenticationStrengthPolicies
GET /policies/authenticationStrengthPolicies/{authenticationStrengthPolicyId}
GET /policies/authenticationStrengthPolicies/{authenticationStrengthPolicyId}/usage
GET /policies/authenticationStrengthPolicies/findByMethodMode(authenticationMethodModes={authenticationMethodMode})
GET /users/{id | userPrincipalName}/authentication/requirements
GET /users/{id | userPrincipalName}/authentication/signInPreferences
POST /directory/authenticationMethodDevices/hardwareOathDevices
POST /identity/conditionalAccess/authenticationStrength/policies/{authenticationStrengthPolicyId}/combinationConfigurations
POST /policies/authenticationStrengthPolicies
POST /policies/authenticationStrengthPolicies/{authenticationStrengthPolicyId}/updateAllowedCombinations
PATCH /directory/authenticationMethodDevices/hardwareOathDevices
PATCH /directory/authenticationMethodDevices/hardwareOathDevices/{hardwareOathTokenAuthenticationMethodDeviceId}
PATCH /identity/conditionalAccess/authenticationStrength/policies/{authenticationStrengthPolicyId}/combinationConfigurations/{authenticationCombinationConfigurationId}
PATCH /me/authentication/requirements
PATCH /policies/authenticationMethodsPolicy
PATCH /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/{id}
PATCH /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/email
PATCH /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/fido2
PATCH /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/hardwareOath
PATCH /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/microsoftAuthenticator
PATCH /policies/authenticationmethodspolicy/authenticationmethodconfigurations/qrcodepin
PATCH /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/sms
PATCH /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/softwareOath
PATCH /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/TemporaryAccessPass
PATCH /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/VerifiableCredentials/{id}
PATCH /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/voice
PATCH /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/x509Certificate
PATCH /policies/authenticationStrengthPolicies/{authenticationStrengthPolicyId}
PATCH /policies/b2cAuthenticationMethodsPolicy
PATCH /users/{id | userPrincipalName}/authentication/requirements
PATCH /users/{id | userPrincipalName}/authentication/signInPreferences
DELETE /directory/authenticationMethodDevices/hardwareOathDevices/{hardwareOathTokenAuthenticationMethodDeviceId}
DELETE /identity/conditionalAccess/authenticationStrength/policies/{authenticationStrengthPolicyId}/combinationConfigurations/{authenticationCombinationConfigurationId}
DELETE /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/{id}
DELETE /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/email
DELETE /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/fido2
DELETE /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/hardwareOath
DELETE /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/microsoftAuthenticator
DELETE /policies/authenticationmethodspolicy/authenticationmethodconfigurations/qrcodepin
DELETE /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/sms
DELETE /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/softwareOath
DELETE /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/temporaryAccessPass
DELETE /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/VerifiableCredentials/{id}
DELETE /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/voice
DELETE /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/x509Certificate
DELETE /policies/authenticationStrengthPolicies/{authenticationStrengthPolicyId}
Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell v1.0 commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

Commands
Get-MgPolicyAuthenticationMethodPolicy /policies/authenticationMethodsPolicy
Get authenticationMethodsPolicy
Get-MgPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/{id}
Get externalAuthenticationMethodConfiguration
Get-MgPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/email
Get emailAuthenticationMethodConfiguration
Get-MgPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/fido2
Get fido2AuthenticationMethodConfiguration
Get-MgPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/microsoftAuthenticator
Get microsoftAuthenticatorAuthenticationMethodConfiguration
Get-MgPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/qrCodePin
Get qrCodePinAuthenticationMethodConfiguration
Get-MgPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/sms
Get smsAuthenticationMethodConfiguration
Get-MgPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/softwareOath
Get softwareOathAuthenticationMethodConfiguration
Get-MgPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/temporaryAccessPass
Get temporaryAccessPassAuthenticationMethodConfiguration
Get-MgPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/voice
Get voiceAuthenticationMethodConfiguration
Get-MgPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/x509Certificate
Get x509CertificateAuthenticationMethodConfiguration
Get-MgPolicyAuthenticationStrengthPolicy /policies/authenticationStrengthPolicies
List authenticationStrengthPolicies
Get-MgPolicyAuthenticationStrengthPolicy /policies/authenticationStrengthPolicies/{authenticationStrengthPolicyId}
Get authenticationStrengthPolicy
Invoke-MgUsagePolicyAuthenticationStrengthPolicy /policies/authenticationStrengthPolicies/{authenticationStrengthPolicyId}/usage
authenticationStrengthPolicy: usage
New-MgIdentityConditionalAccessAuthenticationStrengthPolicyCombinationConfiguration /identity/conditionalAccess/authenticationStrength/policies/{authenticationStrengthPolicyId}/combinationConfigurations
Create authenticationCombinationConfiguration
New-MgPolicyAuthenticationStrengthPolicy /policies/authenticationStrengthPolicies
Create authenticationStrengthPolicy
Remove-MgPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/{id}
Delete externalAuthenticationMethodConfiguration
Remove-MgPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/email
Delete emailAuthenticationMethodConfiguration
Remove-MgPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/fido2
Delete fido2AuthenticationMethodConfiguration
Remove-MgPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/microsoftAuthenticator
Delete microsoftAuthenticatorAuthenticationMethodConfiguration
Remove-MgPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/qrCodePin
Delete qrCodePinAuthenticationMethodConfiguration
Remove-MgPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/sms
Delete smsAuthenticationMethodConfiguration
Remove-MgPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/softwareOath
Delete softwareOathAuthenticationMethodConfiguration
Remove-MgPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/temporaryAccessPass
Delete temporaryAccessPassAuthenticationMethodConfiguration
Remove-MgPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/voice
Delete voiceAuthenticationMethodConfiguration
Remove-MgPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/x509Certificate
Delete x509CertificateAuthenticationMethodConfiguration
Update-MgPolicyAuthenticationMethodPolicy /policies/authenticationMethodsPolicy
Update authenticationMethodsPolicy
Update-MgPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/{id}
Update externalAuthenticationMethodConfiguration
Update-MgPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/email
Update emailAuthenticationMethodConfiguration
Update-MgPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/fido2
Update fido2AuthenticationMethodConfiguration
Update-MgPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/microsoftAuthenticator
Update microsoftAuthenticatorAuthenticationMethodConfiguration
Update-MgPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/qrCodePin
Update qrCodePinAuthenticationMethodConfiguration
Update-MgPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/sms
Update smsAuthenticationMethodConfiguration
Update-MgPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/softwareOath
Update softwareOathAuthenticationMethodConfiguration
Update-MgPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/TemporaryAccessPass
Update temporaryAccessPassAuthenticationMethodConfiguration
Update-MgPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/voice
Update voiceAuthenticationMethodConfiguration
Update-MgPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/x509Certificate
Update x509CertificateAuthenticationMethodConfiguration
Update-MgPolicyAuthenticationStrengthPolicy /policies/authenticationStrengthPolicies/{authenticationStrengthPolicyId}
Update authenticationStrengthPolicy
Update-MgPolicyAuthenticationStrengthPolicyAllowedCombination /policies/authenticationStrengthPolicies/{authenticationStrengthPolicyId}/updateAllowedCombinations
authenticationStrengthPolicy: updateAllowedCombinations
Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell beta commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

Commands
Get-MgBetaDirectoryAuthenticationMethodDeviceHardwareOathDevice /directory/authenticationMethodDevices/hardwareOathDevices
List hardwareOathDevices
Get-MgBetaDirectoryAuthenticationMethodDeviceHardwareOathDevice /directory/authenticationMethodDevices/hardwareOathDevices/{hardwareOathTokenAuthenticationMethodDeviceId}
Get hardwareOathTokenAuthenticationMethodDevice
Get-MgBetaPolicyAuthenticationMethodPolicy /policies/authenticationMethodsPolicy
Get authenticationMethodsPolicy
Get-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/{id}
Get externalAuthenticationMethodConfiguration
Get-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/email
Get emailAuthenticationMethodConfiguration
Get-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/fido2
Get fido2AuthenticationMethodConfiguration
Get-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/hardwareOath
Get hardwareOathAuthenticationMethodConfiguration
Get-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/microsoftAuthenticator
Get microsoftAuthenticatorAuthenticationMethodConfiguration
Get-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationmethodspolicy/authenticationmethodconfigurations/qrcodepin
Get qrCodePinAuthenticationMethodConfiguration
Get-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/sms
Get smsAuthenticationMethodConfiguration
Get-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/softwareOath
Get softwareOathAuthenticationMethodConfiguration
Get-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/temporaryAccessPass
Get temporaryAccessPassAuthenticationMethodConfiguration
Get-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/VerifiableCredentials
List verifiableCredentialsAuthenticationMethodConfiguration objects
Get-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/voice
Get voiceAuthenticationMethodConfiguration
Get-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/x509Certificate
Get x509CertificateAuthenticationMethodConfiguration
Get-MgBetaPolicyAuthenticationStrengthPolicy /policies/authenticationStrengthPolicies
List authenticationStrengthPolicies
Get-MgBetaPolicyAuthenticationStrengthPolicy /policies/authenticationStrengthPolicies/{authenticationStrengthPolicyId}
Get authenticationStrengthPolicy
Get-MgBetaPolicyAuthenticationStrengthPolicy /policies/authenticationStrengthPolicies/findByMethodMode(authenticationMethodModes={authenticationMethodMode})
authenticationStrengthPolicy: findByMethodMode (deprecated)
Get-MgBetaUserAuthenticationRequirement /users/{id | userPrincipalName}/authentication/signInPreferences
Get authentication states
Get-MgBetaUserAuthenticationSignInPreference /users/{id | userPrincipalName}/authentication/signInPreferences
Get authentication states
Invoke-MgBetaUsagePolicyAuthenticationStrengthPolicy /policies/authenticationStrengthPolicies/{authenticationStrengthPolicyId}/usage
authenticationStrengthPolicy: usage
New-MgBetaDirectoryAuthenticationMethodDeviceHardwareOathDevice /directory/authenticationMethodDevices/hardwareOathDevices
Create hardwareOathTokenAuthenticationMethodDevice
New-MgBetaDirectoryAuthenticationMethodDeviceHardwareOathDevice /directory/authenticationMethodDevices/hardwareOathDevices
Create one or more hardwareOathTokenAuthenticationMethodDevice
New-MgBetaPolicyAuthenticationStrengthPolicy /policies/authenticationStrengthPolicies
Create authenticationStrengthPolicy
Remove-MgBetaDirectoryAuthenticationMethodDeviceHardwareOathDevice /directory/authenticationMethodDevices/hardwareOathDevices/{hardwareOathTokenAuthenticationMethodDeviceId}
Delete hardwareOathTokenAuthenticationMethodDevice
Remove-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/{id}
Delete externalAuthenticationMethodConfiguration
Remove-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/email
Delete emailAuthenticationMethodConfiguration
Remove-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/fido2
Delete fido2AuthenticationMethodConfiguration
Remove-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/hardwareOath
Delete hardwareOathAuthenticationMethodConfiguration
Remove-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/microsoftAuthenticator
Delete microsoftAuthenticatorAuthenticationMethodConfiguration
Remove-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/sms
Delete smsAuthenticationMethodConfiguration
Remove-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/softwareOath
Delete softwareOathAuthenticationMethodConfiguration
Remove-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/temporaryAccessPass
Delete temporaryAccessPassAuthenticationMethodConfiguration
Remove-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/VerifiableCredentials/{id}
Delete verifiableCredentialsAuthenticationMethodConfiguration
Remove-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/voice
Delete voiceAuthenticationMethodConfiguration
Remove-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/x509Certificate
Delete x509CertificateAuthenticationMethodConfiguration
Update-MgBetaDirectoryAuthenticationMethodDeviceHardwareOathDevice /directory/authenticationMethodDevices/hardwareOathDevices/{hardwareOathTokenAuthenticationMethodDeviceId}
Update hardwareOathTokenAuthenticationMethodDevice
Update-MgBetaPolicyAuthenticationMethodPolicy /policies/authenticationMethodsPolicy
Update authenticationMethodsPolicy
Update-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/{id}
Update externalAuthenticationMethodConfiguration
Update-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/email
Update emailAuthenticationMethodConfiguration
Update-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/fido2
Update fido2AuthenticationMethodConfiguration
Update-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/hardwareOath
Update hardwareOathAuthenticationMethodConfiguration
Update-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/microsoftAuthenticator
Update microsoftAuthenticatorAuthenticationMethodConfiguration
Update-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationmethodspolicy/authenticationmethodconfigurations/qrcodepin
Update qrCodePinAuthenticationMethodConfiguration
Update-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/sms
Update smsAuthenticationMethodConfiguration
Update-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/softwareOath
Update softwareOathAuthenticationMethodConfiguration
Update-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/TemporaryAccessPass
Update temporaryAccessPassAuthenticationMethodConfiguration
Update-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/voice
Update voiceAuthenticationMethodConfiguration
Update-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/x509Certificate
Update x509CertificateAuthenticationMethodConfiguration
Update-MgBetaPolicyAuthenticationStrengthPolicy /policies/authenticationStrengthPolicies/{authenticationStrengthPolicyId}
Update authenticationStrengthPolicy
Update-MgBetaPolicyAuthenticationStrengthPolicyAllowedCombination /policies/authenticationStrengthPolicies/{authenticationStrengthPolicyId}/updateAllowedCombinations
authenticationStrengthPolicy: updateAllowedCombinations
Update-MgBetaPolicyB2CAuthenticationMethodPolicy /policies/b2cAuthenticationMethodsPolicy
Update b2cAuthenticationMethodsPolicy
Update-MgBetaUserAuthenticationRequirement /users/{id | userPrincipalName}/authentication/signInPreferences
Update authentication method states
Update-MgBetaUserAuthenticationSignInPreference /users/{id | userPrincipalName}/authentication/signInPreferences
Update authentication method states

Code Examples

C# / .NET SDK
Delete emailAuthenticationMethodConfiguration
View official example on Microsoft Learn
// Code snippets are only available for the latest version. Current version is 5.x

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
await graphClient.Policies.AuthenticationMethodsPolicy.AuthenticationMethodConfigurations["{authenticationMethodConfiguration-id}"].DeleteAsync();
JavaScript
Delete emailAuthenticationMethodConfiguration
View official example on Microsoft Learn
const options = {
	authProvider,
};

const client = Client.init(options);

await client.api('/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/email')
	.delete();
PowerShell
Delete emailAuthenticationMethodConfiguration
View official example on Microsoft Learn
Import-Module Microsoft.Graph.Identity.SignIns

Remove-MgPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration -AuthenticationMethodConfigurationId $authenticationMethodConfigurationId
Python
Delete emailAuthenticationMethodConfiguration
View official example on Microsoft Learn
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python

await graph_client.policies.authentication_methods_policy.authentication_method_configurations.by_authentication_method_configuration_id('authenticationMethodConfiguration-id').delete()

App Registration

1

Navigate to Azure Portal

Go to App registrations in Microsoft Entra admin center

2

Add API Permission

Select your app → API permissions → Add a permission → Microsoft Graph

3

Select Permission Type

Choose Application permissions or delegated permissions and search for Policy.ReadWrite.AuthenticationMethod

4

Grant Admin Consent

Application permissions always require admin consent.