%3CLINGO-SUB%20id%3D%22lingo-sub-1751705%22%20slang%3D%22en-US%22%3EUpdates%20to%20managing%20user%20authentication%20methods%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1751705%22%20slang%3D%22en-US%22%3E%3CP%3EHowdy%20folks!%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%E2%80%99m%20excited%20to%20share%20today%20some%20super%20cool%20new%20features%20for%20managing%20users%E2%80%99%20authentication%20methods%3A%20a%20new%20experience%20for%20admins%20to%20manage%20users%E2%80%99%20methods%20in%20Azure%20Portal%2C%20and%20a%20set%20of%20new%20APIs%20for%20managing%20FIDO2%20security%20keys%2C%20Passwordless%20sign-in%20with%20the%20Microsoft%20Authenticator%20app%2C%20and%20more.%3C%2FP%3E%0A%3CP%3EMichael%20McLaughlin%2C%20one%20of%20our%20Identity%20team%20program%20managers%2C%20is%20back%20with%20a%20new%20guest%20blog%20post%20with%20information%20about%20the%20new%20UX%20and%20APIs.%20%3CSTRONG%3EIf%20your%20organization%20uses%20Azure%20AD%20Connect%20to%20synchronize%20user%20phone%20numbers%2C%20this%20post%20contains%20important%20updates%20for%20you.%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EAs%20always%2C%20we%E2%80%99d%20love%20to%20hear%20any%20feedback%20or%20suggestions%20you%20may%20have.%20Please%20let%20us%20know%20what%20you%20think%20in%20the%20comments%20below%20or%20on%20the%20Azure%20Active%20Directory%20(Azure%20AD)%20feedback%20forum.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EBest%20Regards%2C%3C%2FP%3E%0A%3CP%3EAlex%20Simons%20(Twitter%3A%20%3CA%20href%3D%22http%3A%2F%2Ftwitter.com%2Falex_a_simons%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EAlex_A_Simons%3C%2FA%3E)%3C%2FP%3E%0A%3CP%3ECorporate%20Vice%20President%20Program%20Management%3C%2FP%3E%0A%3CP%3EMicrosoft%20Identity%20Division%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E--------------%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHi%20everyone!%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIn%20April%20I%20told%20you%20about%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-active-directory-identity%2Fmanage-your-authentication-phone-numbers-and-more-in-new%2Fba-p%2F1257359%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3EAPIs%20for%20managing%20authentication%20phone%20numbers%20and%20passwords%3C%2FA%3E%2C%20and%20promised%20you%20more%20was%20coming.%20Here%E2%80%99s%20what%20we%E2%80%99ve%20been%20doing%20since%20then!%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--1210430648%22%20id%3D%22toc-hId--1210430642%22%20id%3D%22toc-hId--1210430642%22%20id%3D%22toc-hId--1210430642%22%20id%3D%22toc-hId--1210430642%22%20id%3D%22toc-hId--1210430642%22%20id%3D%22toc-hId--1210430642%22%20id%3D%22toc-hId--1210430642%22%20id%3D%22toc-hId--1210430642%22%20id%3D%22toc-hId--1210430642%22%20id%3D%22toc-hId--1210430642%22%20id%3D%22toc-hId--1210430642%22%20id%3D%22toc-hId--1210430642%22%20id%3D%22toc-hId--1210430642%22%3ENew%20User%20Authentication%20Methods%20UX%3C%2FH2%3E%0A%3CP%3E%3CBR%20%2F%3EFirst%2C%20we%20have%20a%20new%20user%20experience%20in%20the%20Azure%20AD%20portal%20for%20managing%20users%E2%80%99%20authentication%20methods.%20You%20can%20add%2C%20edit%2C%20and%20delete%20users%E2%80%99%20authentication%20phone%20numbers%20and%20email%20addresses%20in%20this%20delightful%20experience%2C%20and%2C%20as%20we%20release%20new%20authentication%20methods%20over%20the%20coming%20months%2C%20they%E2%80%99ll%20all%20show%20up%20in%20this%20interface%20to%20be%20managed%20in%20one%20place.%20Even%20better%2C%20this%20new%20experience%20is%20built%20entirely%20on%20Microsoft%20Graph%20APIs%20so%20you%20can%20script%20all%20your%20authentication%20method%20management%20scenarios.%3C%2FP%3E%0A%3CDIV%20id%3D%22tinyMceEditorDBada_0%22%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%20id%3D%22tinyMceEditorDBada_1%22%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22devontorres_blog.PNG%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F232353i07CD358B48D8E56F%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22devontorres_blog.PNG%22%20alt%3D%22devontorres_blog.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-1277082185%22%20id%3D%22toc-hId-1277082191%22%20id%3D%22toc-hId-1277082191%22%20id%3D%22toc-hId-1277082191%22%20id%3D%22toc-hId-1277082191%22%20id%3D%22toc-hId-1277082191%22%20id%3D%22toc-hId-1277082191%22%20id%3D%22toc-hId-1277082191%22%20id%3D%22toc-hId-1277082191%22%20id%3D%22toc-hId-1277082191%22%20id%3D%22toc-hId-1277082191%22%20id%3D%22toc-hId-1277082191%22%20id%3D%22toc-hId-1277082191%22%20id%3D%22toc-hId-1277082191%22%3E%3CBR%20%2F%3EUpdates%20to%20Authentication%20Phone%20Numbers%3C%2FH2%3E%0A%3CP%3E%3CBR%20%2F%3EAs%20part%20of%20our%20ongoing%20usability%20and%20security%20enhancements%2C%20we%E2%80%99ve%20also%20taken%20this%20opportunity%20to%20simplify%20how%20we%20handle%20phone%20numbers%20in%20Azure%20AD.%20Users%20now%20have%20two%20distinct%20sets%20of%20numbers%3A%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EPublic%20numbers%2C%20which%20are%20managed%20in%20the%20user%20profile%20and%20never%20used%20for%20authentication.%3C%2FLI%3E%0A%3CLI%3EAuthentication%20numbers%2C%20which%20are%20managed%20in%20the%20new%20authentication%20methods%20blade%20and%20always%20kept%20private.%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3EThis%20new%20experience%20is%20now%20fully%20enabled%20for%20all%20cloud-only%20tenants%20and%20will%20be%20rolled%20out%20to%20Directory-synced%20tenants%20by%20May%201%2C%202021.%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EImportantly%20for%20Directory-synced%20tenants%2C%20this%20change%20will%20impact%20which%20phone%20numbers%20are%20used%20for%20authentication.%20Admins%20currently%20prepopulating%20users%E2%80%99%20public%20numbers%20for%20MFA%20will%20need%20to%20update%20authentication%20numbers%20directly.%20%3C%2FSTRONG%3ERead%20about%20how%20to%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-mfa-userdevicesettings%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Emanage%20updates%20to%20your%20users%E2%80%99%20authentication%20numbers%20here%3C%2FA%3E.%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--530372278%22%20id%3D%22toc-hId--530372272%22%20id%3D%22toc-hId--530372272%22%20id%3D%22toc-hId--530372272%22%20id%3D%22toc-hId--530372272%22%20id%3D%22toc-hId--530372272%22%20id%3D%22toc-hId--530372272%22%20id%3D%22toc-hId--530372272%22%20id%3D%22toc-hId--530372272%22%20id%3D%22toc-hId--530372272%22%20id%3D%22toc-hId--530372272%22%20id%3D%22toc-hId--530372272%22%20id%3D%22toc-hId--530372272%22%20id%3D%22toc-hId--530372272%22%3ENew%20Microsoft%20Graph%20APIs%3C%2FH2%3E%0A%3CP%3E%3CBR%20%2F%3EIn%20addition%20to%20all%20the%20above%2C%20we%E2%80%99ve%20released%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fgraph%2Fapi%2Fresources%2Fauthenticationmethods-overview%3Fview%3Dgraph-rest-beta%23what-authentication-methods-can-be-managed-in-microsoft-graph%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Eseveral%20new%20APIs%3C%2FA%3E%20to%20beta%20in%20Microsoft%20Graph!%20Using%20the%20authentication%20method%20APIs%2C%20you%20can%20now%3A%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3ERead%20and%20remove%20a%20user%E2%80%99s%20FIDO2%20security%20keys%3C%2FLI%3E%0A%3CLI%3ERead%20and%20remove%20a%20user%E2%80%99s%20Passwordless%20Phone%20Sign-In%20capability%20with%20Microsoft%20Authenticator%3C%2FLI%3E%0A%3CLI%3ERead%2C%20add%2C%20update%2C%20and%20remove%20a%20user%E2%80%99s%20email%20address%20used%20for%20Self-Service%20Password%20Reset%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3EWe%E2%80%99ve%20also%20added%20new%20APIs%20to%20manage%20your%20authentication%20method%20policies%20for%20FIDO2%20and%20Passwordless%20Microsoft%20Authenticator.%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CP%3EHere%E2%80%99s%20an%20example%20of%20calling%20GET%20all%20methods%20on%20a%20user%20with%20a%20FIDO2%20security%20key%3A%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-160189196%22%20id%3D%22toc-hId-160189202%22%20id%3D%22toc-hId-160189202%22%20id%3D%22toc-hId-160189202%22%20id%3D%22toc-hId-160189202%22%20id%3D%22toc-hId-160189202%22%20id%3D%22toc-hId-160189202%22%20id%3D%22toc-hId-160189202%22%20id%3D%22toc-hId-160189202%22%20id%3D%22toc-hId-160189202%22%20id%3D%22toc-hId-160189202%22%20id%3D%22toc-hId-160189202%22%20id%3D%22toc-hId-160189202%22%20id%3D%22toc-hId-160189202%22%3E%3CBR%20%2F%3ERequest%3A%3C%2FH3%3E%0A%3CP%3EGET%20%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2Fbeta%2Fusers%2F%257b%257busername%257d%257d%2Fauthentication%2Fmethods%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgraph.microsoft.com%2Fbeta%2Fusers%2F%7B%7Busername%7D%7D%2Fauthentication%2Fmethods%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--1647265267%22%20id%3D%22toc-hId--1647265261%22%20id%3D%22toc-hId--1647265261%22%20id%3D%22toc-hId--1647265261%22%20id%3D%22toc-hId--1647265261%22%20id%3D%22toc-hId--1647265261%22%20id%3D%22toc-hId--1647265261%22%20id%3D%22toc-hId--1647265261%22%20id%3D%22toc-hId--1647265261%22%20id%3D%22toc-hId--1647265261%22%20id%3D%22toc-hId--1647265261%22%20id%3D%22toc-hId--1647265261%22%20id%3D%22toc-hId--1647265261%22%20id%3D%22toc-hId--1647265261%22%3EResponse%3A%3C%2FH3%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22auth1.JPG%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F232096i141CE8D82018E82E%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22auth1.JPG%22%20alt%3D%22auth1.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Auth2.JPG%22%20style%3D%22width%3A%20933px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F232097i49C39557F1013960%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Auth2.JPG%22%20alt%3D%22Auth2.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%E2%80%99re%20continuing%20to%20invest%20in%20the%20authentication%20methods%20APIs%2C%20and%20we%20encourage%20you%20to%20use%20them%20via%20Microsoft%20Graph%20or%20the%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-mfa-userdevicesettings%23add-authentication-methods-for-a-user%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMicrosoft%20Graph%20PowerShell%20module%3C%2FA%3E%20for%20your%20authentication%20method%20sync%20and%20pre-registration%20needs.%20As%20we%20add%20more%20authentication%20methods%20to%20the%20APIs%2C%20you%E2%80%99ll%20be%20easily%20able%20to%20include%20those%20in%20your%20scripts%20too!%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CP%3EWe%20have%20several%20more%20exciting%20additions%20and%20changes%20coming%20over%20the%20next%20few%20months%2C%20so%20stay%20tuned!%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CP%3EAll%20the%20best%2C%3C%2FP%3E%0A%3CP%3EMichael%20McLaughlin%3C%2FP%3E%0A%3CP%3EProgram%20Manager%3C%2FP%3E%0A%3CP%3EMicrosoft%20Identity%20Division%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-1751705%22%20slang%3D%22en-US%22%3E%3CP%3EWe've%20got%20some%20cool%20new%20features%20for%20managing%20users%E2%80%99%20authentication%20methods%20for%20you!%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1751705%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EProduct%20Announcements%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1869179%22%20slang%3D%22en-US%22%3ERe%3A%20Updates%20to%20managing%20user%20authentication%20methods%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1869179%22%20slang%3D%22en-US%22%3E%3CP%3EI%20also%20assume%20that%20the%20same%20changes%20will%20effect%20prepopulating%20SSPR%20methods%20through%20AADConnect%20as%20well%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-sspr-authenticationdata%23fields-populated%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-sspr-authenticationdata%23fields-populated%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1870842%22%20slang%3D%22en-US%22%3ERe%3A%20Updates%20to%20managing%20user%20authentication%20methods%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1870842%22%20slang%3D%22en-US%22%3E%3CP%3EGood%20work%20guys!%20More%20APIs%20to%20manage%20authentication%20-%20always%20good%20news%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1868988%22%20slang%3D%22en-US%22%3ERe%3A%20Updates%20to%20managing%20user%20authentication%20methods%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1868988%22%20slang%3D%22en-US%22%3E%3CP%3EWhat%20I%20am%20looking%20forward%20for%20a%20long%20time%20is%20a%20dark%20mode%20for%20the%20Microsoft%20Authenticator%20app.%20Will%20this%20feature%20be%20added%20soon%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1869153%22%20slang%3D%22en-US%22%3ERe%3A%20Updates%20to%20managing%20user%20authentication%20methods%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1869153%22%20slang%3D%22en-US%22%3E%3CP%3EGreat%20news.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20link%20to%20the%20graph%20PowerShell%20module%20is%20off.%20I%20think%20it%20should%20point%20to%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.powershellgallery.com%2Fpackages%2FMicrosoft.Graph%2F1.1.0%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.powershellgallery.com%2Fpackages%2FMicrosoft.Graph%2F1.1.0%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1883529%22%20slang%3D%22en-US%22%3ERe%3A%20Updates%20to%20managing%20user%20authentication%20methods%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1883529%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20and%20great%20update!%20However%2C%20where%20did%20you%20move%20%22Allow%20self-service%20set%20up%22%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Michael_Berntsen_2-1605253591154.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F233362i67240FF4C0426471%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22Michael_Berntsen_2-1605253591154.png%22%20alt%3D%22Michael_Berntsen_2-1605253591154.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1886455%22%20slang%3D%22en-US%22%3ERe%3A%20Updates%20to%20managing%20user%20authentication%20methods%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1886455%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F863208%22%20target%3D%22_blank%22%3E%40Budak87%3C%2FA%3E%26nbsp%3B-%20we%20know%20there's%20great%20demand%20for%20dark%20mode%20(I%20use%20it%20myself!)%2C%20but%20we%20don't%20have%20timeline%20for%20that%20we%20can%20share%20right%20now%2C%20sorry.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F62729%22%20target%3D%22_blank%22%3E%40Fabian%20Bader%3C%2FA%3E%26nbsp%3B-%20great%20catch%2C%20we'll%20get%20it%20fixed%20up.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1377%22%20target%3D%22_blank%22%3E%40Ryan%20Morash%3C%2FA%3E%26nbsp%3B-%20that's%20correct%2C%20SSPR%20too.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F863297%22%20target%3D%22_blank%22%3E%40fuscob%3C%2FA%3E%26nbsp%3B-%20yes%2C%20we're%20making%20a%20change%20to%20the%20Authenticator%20app%20API%20in%20beta%2C%20and%20once%20that's%20done%20we'll%20plug%20it%20into%20the%20UX%20too.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F292415%22%20target%3D%22_blank%22%3E%40cblackuk%3C%2FA%3E%26nbsp%3B-%20thanks%20for%20the%20kind%20words!%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F795542%22%20target%3D%22_blank%22%3E%40Michael_Berntsen%3C%2FA%3E%26nbsp%3B-%20we're%20working%20on%20re-adding%20that%20now%2C%20you%20should%20see%20it%20show%20up%20again%20soon.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1922163%22%20slang%3D%22en-US%22%3ERe%3A%20Updates%20to%20managing%20user%20authentication%20methods%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1922163%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F160477%22%20target%3D%22_blank%22%3E%40Michael%20McLaughlin%3C%2FA%3E%26nbsp%3Bdo%20you%20know%20when%20the%26nbsp%3B%3CEM%3EUserAuthenticationMethod.ReadWrite.All%26nbsp%3B%3C%2FEM%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fgraph%2Fpermissions-reference%23application-permissions-64%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Eapplication%20permissions%3C%2FA%3E%26nbsp%3Bwill%20be%20leaving%20private%20preview%3F%20This%20will%20make%20life%20a%20lot%20easier%20when%20this%20can%20be%20automated.%3C%2FP%3E%3C%2FLINGO-BODY%3E

Howdy folks!

 

I’m excited to share today some super cool new features for managing users’ authentication methods: a new experience for admins to manage users’ methods in Azure Portal, and a set of new APIs for managing FIDO2 security keys, Passwordless sign-in with the Microsoft Authenticator app, and more.

Michael McLaughlin, one of our Identity team program managers, is back with a new guest blog post with information about the new UX and APIs. If your organization uses Azure AD Connect to synchronize user phone numbers, this post contains important updates for you.

As always, we’d love to hear any feedback or suggestions you may have. Please let us know what you think in the comments below or on the Azure Active Directory (Azure AD) feedback forum.

 

Best Regards,

Alex Simons (Twitter: Alex_A_Simons)

Corporate Vice President Program Management

Microsoft Identity Division

 

--------------

 

Hi everyone!

 

In April I told you about APIs for managing authentication phone numbers and passwords, and promised you more was coming. Here’s what we’ve been doing since then!

 

New User Authentication Methods UX


First, we have a new user experience in the Azure AD portal for managing users’ authentication methods. You can add, edit, and delete users’ authentication phone numbers and email addresses in this delightful experience, and, as we release new authentication methods over the coming months, they’ll all show up in this interface to be managed in one place. Even better, this new experience is built entirely on Microsoft Graph APIs so you can script all your authentication method management scenarios.

 
 

devontorres_blog.PNG


Updates to Authentication Phone Numbers


As part of our ongoing usability and security enhancements, we’ve also taken this opportunity to simplify how we handle phone numbers in Azure AD. Users now have two distinct sets of numbers:

  • Public numbers, which are managed in the user profile and never used for authentication.
  • Authentication numbers, which are managed in the new authentication methods blade and always kept private.

This new experience is now fully enabled for all cloud-only tenants and will be rolled out to Directory-synced tenants by May 1, 2021.

Importantly for Directory-synced tenants, this change will impact which phone numbers are used for authentication. Admins currently prepopulating users’ public numbers for MFA will need to update authentication numbers directly. Read about how to manage updates to your users’ authentication numbers here.

New Microsoft Graph APIs


In addition to all the above, we’ve released several new APIs to beta in Microsoft Graph! Using the authentication method APIs, you can now:

  • Read and remove a user’s FIDO2 security keys
  • Read and remove a user’s Passwordless Phone Sign-In capability with Microsoft Authenticator
  • Read, add, update, and remove a user’s email address used for Self-Service Password Reset

We’ve also added new APIs to manage your authentication method policies for FIDO2 and Passwordless Microsoft Authenticator.

Here’s an example of calling GET all methods on a user with a FIDO2 security key:


Request:

GET https://graph.microsoft.com/beta/users/{{username}}/authentication/methods

 

Response:

auth1.JPG

Auth2.JPG

 

We’re continuing to invest in the authentication methods APIs, and we encourage you to use them via Microsoft Graph or the Microsoft Graph PowerShell module for your authentication method sync and pre-registration needs. As we add more authentication methods to the APIs, you’ll be easily able to include those in your scripts too!

We have several more exciting additions and changes coming over the next few months, so stay tuned!

All the best,

Michael McLaughlin

Program Manager

Microsoft Identity Division

8 Comments
Occasional Visitor

What I am looking forward for a long time is a dark mode for the Microsoft Authenticator app. Will this feature be added soon? 

Occasional Visitor

Great news.

 

The link to the graph PowerShell module is off. I think it should point to https://www.powershellgallery.com/packages/Microsoft.Graph/1.1.0

Contributor

I also assume that the same changes will effect prepopulating SSPR methods through AADConnect as well: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-authenticationdata...

Occasional Visitor

The text mentions that "as [you] release new authentication methods over the coming months, they’ll all show up in this interface to be managed in one place." Currently, the authenticator app notification/code does not show up in this interface even if a user has it registered, although it is available in the Graph API. Will that be changing soon?

Senior Member

Good work guys! More APIs to manage authentication - always good news :)

Frequent Visitor

Hi and great update! However, where did you move "Allow self-service set up"? 

Michael_Berntsen_2-1605253591154.png

 

@Budak87 - we know there's great demand for dark mode (I use it myself!), but we don't have timeline for that we can share right now, sorry.

 

@Fabian Bader - great catch, we'll get it fixed up.

 

@Ryan Morash - that's correct, SSPR too.

 

@fuscob - yes, we're making a change to the Authenticator app API in beta, and once that's done we'll plug it into the UX too.

 

@cblackuk - thanks for the kind words!

 

@Michael_Berntsen - we're working on re-adding that now, you should see it show up again soon.

Occasional Visitor

@Michael McLaughlin do you know when the UserAuthenticationMethod.ReadWrite.All application permissions will be leaving private preview? This will make life a lot easier when this can be automated.