Forum Discussion
Authentication methods for SSPR
Hi, that is an interesting one. The confusing part is that "Graph call succeeded" and "method is usable for SSPR" are not always the same observable state immediately afterward.
I would test a small sample without batching first. Add one method, wait a few minutes, then read back the user's authentication methods with Graph and compare that to the Entra portal. Also watch for throttling or partial failures inside the batch response, because batch success at the wrapper level can hide per-request details.
The `StrongAuthenticationUserDetails` difference is a good clue. It suggests a backend registration/configuration step is happening for some users but not others. I would collect correlation IDs, timestamps, affected user IDs, and before/after Graph reads, then open a Microsoft support case. For thousands of users, I would also throttle the process and add a verification/retry pass rather than assuming the first successful POST made the method SSPR-ready.