我希望能够通过图谱API激活PIM角色。 我的API请求可用于不需要MFA的任何角色,但我想进一步介绍并将其用于需要它的角色。
这是我正在发送的请求:
POST https://graph.microsoft.com/beta/privilegedAccess/aadroles/roleAssignmentRequests
{
"resourceId": "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx",
"roleDefinitionId": "8c23cd3e-055d-4558-8f05-b8061ce4b985",
"subjectId": "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx",
"type": "UserAdd",
"assignmentState": "Active",
"reason": "Test activation roleMFA"
}
返回以下错误:
{
"error": {
"code": "RoleAssignmentRequestPolicyValidationFailed",
"message": "The following policy rules failed: [\"EligibilityRule\",\"MfaRule\"]",
"innerError": {
"request-id": "e747b5aa-d720-4482-ad10-b72ea93dd365",
"date": "2020-03-20T13:30:41"
}
} }
是否有一种方法可以激活这些角色而又无需避免MFA要求?