authenticationStrengthPolicy resource type

Namespace: microsoft.graph


APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.

A collection of settings that define specific combinations of authentication methods and metadata. The authentication strength policy, when applied to a given scenario using Azure AD Conditional Access, defines which authentication methods must be used to authenticate in that scenario. An authentication strength may be built-in or custom (defined by the tenant) and may or may not fulfill the requirements to grant an MFA claim.

Inherits from entity.


Method Return type Description
List authenticationStrengthPolicies authenticationStrengthPolicy collection Get a list of the authenticationStrengthPolicy objects and their properties.
Create authenticationStrengthPolicy authenticationStrengthPolicy Create a new custom authenticationStrengthPolicy object.
Get authenticationStrengthPolicy authenticationStrengthPolicy Read the properties and relationships of an authenticationStrengthPolicy object.
Update authenticationStrengthPolicy authenticationStrengthPolicy Update the properties of a custom authenticationStrengthPolicy object. You can't update a built-in authenticationStrengthPolicy object.
Delete authenticationStrengthPolicy None Delete a custom authenticationStrengthPolicy object. You can't delete a built-in authenticationStrengthPolicy object.
findByMethodMode (deprecated) authenticationStrengthPolicy collection Find an authenticationStrengthPolicy by allowed mode.
List usage authenticationStrengthUsage Find all conditionalAccessPolicies that reference an authentication strength.
updateAllowedCombinations updateAllowedCombinationsResult Update the allowed authenticationCombinationConfiguration for a given authenticationStrengthPolicy.
List combinationConfigurations authenticationCombinationConfiguration collection Get the authenticationCombinationConfiguration resources from the combinationConfigurations navigation property.
Create authenticationCombinationConfiguration authenticationCombinationConfiguration Create a new authenticationCombinationConfiguration object.


Property Type Description
allowedCombinations authenticationMethodModes collection A collection of authentication method modes that are required be used to satify this authentication strength.
createdDateTime DateTimeOffset The datetime when this policy was created.
description String The human-readable description of this policy.
displayName String The human-readable display name of this policy.

Supports $filter (eq, ne, not , and in).
id String The system-generated identifier for this mode. Inherited from entity.
modifiedDateTime DateTimeOffset The datetime when this policy was last modified.
policyType authenticationStrengthPolicyType A descriptor of whether this policy is built into Azure AD or created by an admin for the tenant. The possible values are: builtIn, custom, unknownFutureValue.

Supports $filter (eq, ne, not , and in).
requirementsSatisfied authenticationStrengthRequirements A descriptor of whether this authentication strength grants the MFA claim upon successful satisfaction. The possible values are: none, mfa, unknownFutureValue.


Relationship Type Description
combinationConfigurations authenticationCombinationConfiguration collection Settings that may be used to require specific types or instances of an authentication method to be used when authenticating with a specified combination of authentication methods.

JSON representation

The following is a JSON representation of the resource.

  "@odata.type": "#microsoft.graph.authenticationStrengthPolicy",
  "id": "String (identifier)",
  "createdDateTime": "String (timestamp)",
  "modifiedDateTime": "String (timestamp)",
  "displayName": "String",
  "description": "String",
  "policyType": "String",
  "requirementsSatisfied": "String",
  "allowedCombinations": [