authenticationStrengthPolicy resource type

Namespace: microsoft.graph

A collection of settings that define specific combinations of authentication methods and metadata. The authentication strength policy, when applied to a given scenario using Azure AD Conditional Access, defines which authentication methods must be used to authenticate in that scenario. An authentication strength may be built-in or custom (defined by the tenant) and may or may not fulfill the requirements to grant an MFA claim.


Method Return type Description
List authenticationStrengthPolicies authenticationStrengthPolicy collection Get a list of the authenticationStrengthPolicy objects and their properties.
Create authenticationStrengthPolicy authenticationStrengthPolicy Create a new custom authenticationStrengthPolicy object.
Get authenticationStrengthPolicy authenticationStrengthPolicy Read the properties and relationships of an authenticationStrengthPolicy object.
Update authenticationStrengthPolicy authenticationStrengthPolicy Update the properties of a custom authenticationStrengthPolicy object. You can't update a built-in authenticationStrengthPolicy object.
Delete authenticationStrengthPolicy None Delete a custom authenticationStrengthPolicy object. You can't delete a built-in authenticationStrengthPolicy object.
List usage authenticationStrengthUsage Find all conditionalAccessPolicies that reference an authentication strength.
updateAllowedCombinations updateAllowedCombinationsResult Update the allowed authenticationCombinationConfiguration for a given authenticationStrengthPolicy.


Property Type Description
allowedCombinations authenticationMethodModes collection A collection of authentication method modes that are required be used to satify this authentication strength.
createdDateTime DateTimeOffset The datetime when this policy was created.
description String The human-readable description of this policy.
displayName String The human-readable display name of this policy.

Supports $filter (eq, ne, not , and in).
id String The system-generated identifier for this mode.
modifiedDateTime DateTimeOffset The datetime when this policy was last modified.
policyType authenticationStrengthPolicyType A descriptor of whether this policy is built into Azure AD or created by an admin for the tenant. The possible values are: builtIn, custom, unknownFutureValue.

Supports $filter (eq, ne, not , and in).
requirementsSatisfied authenticationStrengthRequirements A descriptor of whether this authentication strength grants the MFA claim upon successful satisfaction. The possible values are: none, mfa, unknownFutureValue.


Relationship Type Description
combinationConfigurations authenticationCombinationConfiguration collection Settings that may be used to require specific types or instances of an authentication method to be used when authenticating with a specified combination of authentication methods.

JSON representation

The following is a JSON representation of the resource.

  "@odata.type": "#microsoft.graph.authenticationStrengthPolicy",
  "id": "String (identifier)",
  "createdDateTime": "String (timestamp)",
  "modifiedDateTime": "String (timestamp)",
  "displayName": "String",
  "description": "String",
  "policyType": "String",
  "requirementsSatisfied": "String",
  "allowedCombinations": [