Microsoft
Microsoft
MS Support fixed the issue for us using the graph API:
Resolution: we have followed the below steps to resolved the issue.
Document followed: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fgraph%2Fapi%2Ffido2authenticationmethodconfiguration-get%3Fview%3Dgraph-rest-beta&data=04%7C01%7Cv-satigo%40microsoft.com%7C0a3e5a3e19aa4aa697c308d88a2a37ac%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637411261569632289%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=%2F%2FBLpWQqFp6I9t93A3HyhkyCOfrxXgynV2m%2BMnFgvWk%3D&reserved=0
Open Graph Explorer by login to URL https://developer.microsoft.com/en-us/graph/graph-explorer and Sign in with Global Administrator of tenant.
Run query GET https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/fido2
In general will permission error after running above command as we need to provide consent to "Policy.ReadWrite.AuthenticationMethod" permissions.
Next to user account --> Click on settings button--> Select permissions--> Select Policy.ReadWrite.AuthenticationMethod and click on consent and save it.
After running GET query https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/fido2.
found Option "isSelfServiceRegistrationAllowed" is set to FALSE which means self-registration for security key is not enabled.
Run query PATCH https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/fido2
In Request body mailto:%22%7b%0d%22@odata.type
mailto:%22%7b%0d%22@odata.type": "#microsoft.graph.fido2AuthenticationMethodConfiguration",
"isSelfServiceRegistrationAllowed": "true"
}
Now the value is true.
Hope this helps!
//Jasper
