Microsoft Graph Authentication Methods Policies

Microsoft Graph Authentication Methods policies let administrators centrally control which sign-in and verification methods are available in Microsoft Entra ID (Azure AD) and how theyre used. Through Graph API endpoints, you can enable or disable specific methods (for example Microsoft Authenticator, FIDO2/passkeys, Temporary Access Pass, SMS/voice), target them to selected users or groups, and configure behavior such as registration requirements, use for MFA and selfservice password reset, key and device restrictions, TAP lifetimes/onetime use, and features like number matching for Authenticator. These policies support automation at scale, integrate with Conditional Access and authentication strengths to enforce required factors, and provide a consistent way to govern and standardize authentication across your tenant.