Skip to content

Latest commit

 

History

History
175 lines (144 loc) · 7.53 KB

recommendation-postpone.md

File metadata and controls

175 lines (144 loc) · 7.53 KB
Raw
title description author ms.localizationpriority ms.subservice doc_type
recommendation: postpone
Postpone action on a recommendation object to a specified future date and time.
ddeeps2610
medium
entra-monitoring-health
apiPageType

recommendation: postpone

Namespace: microsoft.graph

[!INCLUDE beta-disclaimer]

Postpone action on a recommendation object to a specified future date and time by marking its status as postponed. On the date and time provided, Microsoft Entra ID will automatically update the status of the recommendation object to active again.

[!INCLUDE national-cloud-support]

Permissions

Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.

[!INCLUDE permissions-table]

[!INCLUDE rbac-directory-recommendations-apis-write]

HTTP request

POST /directory/recommendations/{recommendationId}/postpone

Request headers

Name Description
Authorization Bearer {token}. Required. Learn more about authentication and authorization.
Content-Type application/json. Required.

Request body

In the request body, supply a JSON representation of the parameters.

The following table shows the parameters that are required with this action.

Parameter Type Description
postponeUntilDateTime DateTimeOffset The future date and time when the status of a postponed recommendation will be active again.

Response

If successful, this action returns a 200 OK response code and a recommendation in the response body.

Examples

Request

The following example shows a request.

HTTP

POST https://graph.microsoft.com/beta/directory/recommendations/0cb31920-84b9-471f-a6fb-468c1a847088_Microsoft.Identity.IAM.Insights.TurnOffPerUserMFA/postpone
Content-Type: application/json

{
  "postponeUntilDateTime": "2023-02-01T02:53:00Z"
}

C#

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

CLI

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

Go

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

Java

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

JavaScript

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

PHP

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

PowerShell

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

Python

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

Response

The following example shows the response.

Note: The response object shown here might be shortened for readability.

HTTP/1.1 200 OK
Content-Type: application/json

{
    "@odata.context": "https://graph.microsoft.com/beta/$metadata#recommendation",
    "@odata.type": "#microsoft.graph.recommendation",
    "id": "0cb31920-84b9-471f-a6fb-468c1a847088_Microsoft.Identity.IAM.Insights.TurnOffPerUserMFA",
    "recommendationType": "turnOffPerUserMFA",
    "createdDateTime": "2022-02-28T02:53:00Z",
    "impactStartDateTime": "2022-02-28T02:53:00Z",
    "postponeUntilDateTime": "2023-02-01T02:53:00Z",
    "lastModifiedDateTime": "2023-01-20T02:15:06.0794158Z",
    "lastModifiedBy": "b5fa65db-0d2b-4233-8788-ab0213567669",
    "currentScore": 0.0,
    "maxScore": 5.0,
    "displayName": "Convert from per-user MFA to Conditional Access MFA",
    "featureAreas": [
        "conditionalAccess"
    ],
    "insights": "13 users are currently configured for per-user Multi-Factor Authentication (MFA). However, there are 6 users configured for Conditional Access (CA) MFA. The per-user MFA configuration supersedes the MFA settings applied via CA policies, potentially creating unnecessary MFA prompts.",
    "benefits": "Improve user productivity and minimize sign-in time with fewer MFA prompts. Ensure that your most sensitive resources can have the tighest controls, while your least sensitive resources can be more freely accessible.",
    "category": "identityBestPractice",
    "status": "postponed",
    "priority": "medium",
    "impactType": "users",
    "remediationImpact": "",
    "actionSteps": [
        {
            "stepNumber": 1,
            "text": "1. To get started, confirm that there is an existing CA policy with an MFA requirement. Ensure that you are covering all resources and users you would like to secure with MFA.",
            "actionUrl": {
                "displayName": "Click here to view your CA policies",
                "url": "https://portal.azure.com/#blade/Microsoft_AAD_IAM/PoliciesTemplateBlade"
            }
        },
        {
            "stepNumber": 2,
            "text": "2. To require MFA via a CA policy, follow the steps in this tutorial.",
            "actionUrl": {
                "displayName": "Secure user sign-in events with Azure AD Multi-Factor Authentication",
                "url": "https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-azure-mfa?toc=/azure/active-directory/conditional-access/toc.json&bc=/azure/active-directory/conditional-access/breadcrumb/toc.json"
            }
        },
        {
            "stepNumber": 3,
            "text": "3. Ensure that the per-user MFA configuration is turned off",
            "actionUrl": {
                "displayName": "Navigate to MFA settings.",
                "url": "https://account.activedirectory.windowsazure.com/UserManagement/MfaSettings.aspx"
            }
        }
    ]
}