EIDSCA.AF06 - Authentication Method - FIDO2 security key - Restrict specific keys.
Overview
Defines if list of AADGUID will be used to allow or block registration.
You should use Block or Allow as value to allow- or blocklisting of AAGuids.
Test script
https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy/authenticationMethodConfigurations('Fido2')
.keyRestrictions.aaGuids -notcontains $null -and ($result.keyRestrictions.enforcementType -eq 'allow' -or $result.keyRestrictions.enforcementType -eq 'block') -eq 'true'
Related links
- Open in Graph Explorer
- fido2AuthenticationMethodConfiguration resource type - Microsoft Graph v1.0 | Microsoft Learn
Test Metadata
| Field | Value |
|---|---|
| Test ID | EIDSCA.AF06 |
| Severity | Medium |
| Suite | Entra ID SCA |
| Category | General |
| PowerShell test | Test-MtEidscaAF06 |
| Tags | EIDSCA, EIDSCA.AF06 |
Source
- Pester test:
tests/EIDSCA/Test-EIDSCA.Generated.Tests.ps1 - PowerShell source:
powershell/internal/eidsca/Test-MtEidscaAF06.ps1