authenticationStrengthPolicy: findByMethodMode (deprecated)


APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.

Get a list of the authenticationStrengthPolicy objects and their properties filtered to only include policies that include the authentication method mode specified in the request.


One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permission type Permissions (from least to most privileged)
Delegated (work or school account) Policy.Read.All, Policy.ReadWrite.ConditionalAccess, Policy.ReadWrite.AuthenticationMethod
Delegated (personal Microsoft account) Not supported.
Application Policy.Read.All, Policy.ReadWrite.ConditionalAccess, Policy.ReadWrite.AuthenticationMethod

For delegated scenarios, the calling user must also be assigned one of the following Azure AD roles:

  • Conditional Access administrator
  • Security Administrator
  • Security Reader


The findByMethodMode function is deprecated and will be retired on March 31, 2023. Use the following syntax instead.

GET /policies/authenticationStrengthPolicies?$filter=allowedCombinations/any(x:x has 'sms, password')

HTTP request

GET /policies/authenticationStrengthPolicies/findByMethodMode(authenticationMethodModes=["authenticationMethodMode"])

Function parameters

In the request URL, provide the following query parameters with values. The following table shows the parameters that must be used with this function.

Parameter Type Description
authenticationMethodModes authenticationMethodModes collection The authentication method modes to search for in existing authentication strength policies.

Request headers

Name Description
Authorization Bearer {token}. Required.

Request body

Do not supply a request body for this method.


If successful, this function returns a 200 OK response code and a authenticationStrengthPolicy collection in the response body.



The following is an example of a request.



The following is an example of the response

Note: The response object shown here might be shortened for readability.

HTTP/1.1 200 OK
Content-Type: application/json

  "value": [
      "@odata.type" : "authenticationStrengthPolicy",
      "id": "00000000-0000-0000-0000-000000000002",
      "createdDateTime": "2022-09-30T10:59:01Z",
      "modifiedDateTime": "2022-09-30T10:59:01Z",
      "displayName": "Multi-factor authentication (MFA)",
      "description": "Combinations of methods that satisfy strong authentication, such as a password + SMS",
      "policyType": "builtIn",
      "requirementsSatisfied": "mfa",
      "allowedCombinations": [
          "password, microsoftAuthenticatorPush",
          "password, softwareOath",
          "password, hardwareOath",
          "password, sms",
          "password, voice",
          "federatedSingleFactor, microsoftAuthenticatorPush",
          "federatedSingleFactor, softwareOath",
          "federatedSingleFactor, hardwareOath",
          "federatedSingleFactor, sms",
          "federatedSingleFactor, voice"
      "combinationConfigurations": []