authenticationStrengthPolicy resource type

Namespace: microsoft.graph

Important

APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.

A collection of settings that define specific combinations of authentication methods and metadata. The authentication strength policy, when applied to a given scenario using Azure AD Conditional Access, defines which authentication methods must be used to authenticate in that scenario. An authentication strength may be built-in or custom (defined by the tenant) and may or may not fulfill the requirements to grant an MFA claim.

Inherits from entity.

Methods

Method	Return type	Description
List authenticationStrengthPolicies	authenticationStrengthPolicy collection	Get a list of the authenticationStrengthPolicy objects and their properties.
Create authenticationStrengthPolicy	authenticationStrengthPolicy	Create a new custom authenticationStrengthPolicy object.
Get authenticationStrengthPolicy	authenticationStrengthPolicy	Read the properties and relationships of an authenticationStrengthPolicy object.
Update authenticationStrengthPolicy	authenticationStrengthPolicy	Update the properties of a custom authenticationStrengthPolicy object. You can't update a built-in authenticationStrengthPolicy object.
Delete authenticationStrengthPolicy	None	Delete a custom authenticationStrengthPolicy object. You can't delete a built-in authenticationStrengthPolicy object.
findByMethodMode (deprecated)	authenticationStrengthPolicy collection	Find an authenticationStrengthPolicy by allowed mode.
List usage	authenticationStrengthUsage	Find all conditionalAccessPolicies that reference an authentication strength.
updateAllowedCombinations	updateAllowedCombinationsResult	Update the allowed authenticationCombinationConfiguration for a given authenticationStrengthPolicy.
List combinationConfigurations	authenticationCombinationConfiguration collection	Get the authenticationCombinationConfiguration resources from the combinationConfigurations navigation property.
Create authenticationCombinationConfiguration	authenticationCombinationConfiguration	Create a new authenticationCombinationConfiguration object.

Properties

Property	Type	Description
allowedCombinations	authenticationMethodModes collection	A collection of authentication method modes that are required be used to satify this authentication strength.
createdDateTime	DateTimeOffset	The datetime when this policy was created.
description	String	The human-readable description of this policy.
displayName	String	The human-readable display name of this policy. Supports $filter (eq, ne, not , and in).
id	String	The system-generated identifier for this mode. Inherited from entity.
modifiedDateTime	DateTimeOffset	The datetime when this policy was last modified.
policyType	authenticationStrengthPolicyType	A descriptor of whether this policy is built into Azure AD or created by an admin for the tenant. The possible values are: builtIn, custom, unknownFutureValue. Supports $filter (eq, ne, not , and in).
requirementsSatisfied	authenticationStrengthRequirements	A descriptor of whether this authentication strength grants the MFA claim upon successful satisfaction. The possible values are: none, mfa, unknownFutureValue.

Relationships

Relationship	Type	Description
combinationConfigurations	authenticationCombinationConfiguration collection	Settings that may be used to require specific types or instances of an authentication method to be used when authenticating with a specified combination of authentication methods.

JSON representation

The following is a JSON representation of the resource.

{
  "@odata.type": "#microsoft.graph.authenticationStrengthPolicy",
  "id": "String (identifier)",
  "createdDateTime": "String (timestamp)",
  "modifiedDateTime": "String (timestamp)",
  "displayName": "String",
  "description": "String",
  "policyType": "String",
  "requirementsSatisfied": "String",
  "allowedCombinations": [
    "String"
  ]
}