Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Namespace: microsoft.graph
Important
APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
A collection of settings that define specific combinations of authentication methods and metadata. The authentication strength policy, when applied to a given scenario using Microsoft Entra Conditional Access, defines which authentication methods must be used to authenticate in that scenario. An authentication strength may be built-in or custom (defined by the tenant) and may or may not fulfill the requirements to grant an MFA claim.
Inherits from entity.
Methods
| Method | Return type | Description |
|---|---|---|
| List | authenticationStrengthPolicy collection | Get a list of the authenticationStrengthPolicy objects and their properties. |
| Create | authenticationStrengthPolicy | Create a new custom authenticationStrengthPolicy object. |
| Get | authenticationStrengthPolicy | Read the properties and relationships of an authenticationStrengthPolicy object. |
| Update | authenticationStrengthPolicy | Update the properties of a custom authenticationStrengthPolicy object. You can't update a built-in authenticationStrengthPolicy object. |
| Delete | None | Delete a custom authenticationStrengthPolicy object. You can't delete a built-in authenticationStrengthPolicy object. |
| List usage | authenticationStrengthUsage | Find all conditionalAccessPolicies that reference an authentication strength. |
| Find by method mode (deprecated) | authenticationStrengthPolicy collection | Find an authenticationStrengthPolicy by allowed mode. |
Properties
| Property | Type | Description |
|---|---|---|
| allowedCombinations | authenticationMethodModes collection | A collection of authentication method modes that are required be used to satify this authentication strength. |
| createdDateTime | DateTimeOffset | The datetime when this policy was created. |
| description | String | The human-readable description of this policy. |
| displayName | String | The human-readable display name of this policy. Supports $filter (eq, ne, not , and in). |
| id | String | The system-generated identifier for this mode. Inherited from entity. |
| modifiedDateTime | DateTimeOffset | The datetime when this policy was last modified. |
| policyType | authenticationStrengthPolicyType | A descriptor of whether this policy is built into Microsoft Entra Conditional Access or created by an admin for the tenant. The possible values are: builtIn, custom, unknownFutureValue. Supports $filter (eq, ne, not , and in). |
| requirementsSatisfied | authenticationStrengthRequirements | A descriptor of whether this authentication strength grants the MFA claim upon successful satisfaction. The possible values are: none, mfa, unknownFutureValue. |
Relationships
| Relationship | Type | Description |
|---|---|---|
| combinationConfigurations | authenticationCombinationConfiguration collection | Settings that may be used to require specific types or instances of an authentication method to be used when authenticating with a specified combination of authentication methods. |
JSON representation
The following JSON representation shows the resource type.
{
"@odata.type": "#microsoft.graph.authenticationStrengthPolicy",
"id": "String (identifier)",
"createdDateTime": "String (timestamp)",
"modifiedDateTime": "String (timestamp)",
"displayName": "String",
"description": "String",
"policyType": "String",
"requirementsSatisfied": "String",
"allowedCombinations": [
"String"
]
}