Add API support for Authentication methods > Password protection details #933
Description
Is your feature request related to a problem? Please describe the problem.
Dear Team,
I am currently exploring ways to retrieve Authentication methods configurations using the Microsoft Graph SDK (both GA and Beta).
While APIs exist for authenticationMethodsPolicy (e.g., per-method enable/disable state), I have not been able to identify API endpoints that expose the following two key areas available in the Microsoft Entra admin center (see screenshots):
1. Password protection
- The following settings are not available via Graph:
- Custom smart lockout
- Lockout threshold
- Lockout duration in seconds
- Custom banned passwords
- Enforce custom list (Yes/No)
- Custom banned password list
- Password protection for Windows Server Active Directory
- Enable password protection on Windows Server AD (Yes/No)
- Mode (Enforced/Audit)
2. Authentication methods → Settings
The following tenant-wide settings are also missing from Graph:
- Report suspicious activity
- State (Microsoft-managed / Enabled / Disabled)
- Target (All users / Specific groups)
- Reporting code
- System-preferred multifactor authentication
- State (Enabled / Disabled / Microsoft-managed)
- Target (All users / Specific groups)
Currently, I could not find any API in either v1.0 or beta that surfaces these settings.
Thanks
Describe the solution you'd like.
I would like to add support in the SDK to retrieve above Settings .