authenticationStrengthPolicy resource type
Namespace: microsoft.graph
A collection of settings that define specific combinations of authentication methods and metadata. The authentication strength policy, when applied to a given scenario using Microsoft Entra Conditional Access, defines which authentication methods must be used to authenticate in that scenario. An authentication strength may be built-in or custom (defined by the tenant) and may or may not fulfill the requirements to grant an MFA claim.
Methods
| Method | Return type | Description |
|---|---|---|
| List | authenticationStrengthPolicy collection | Get a list of the authenticationStrengthPolicy objects and their properties. |
| Create | authenticationStrengthPolicy | Create a new custom authenticationStrengthPolicy object. |
| Get | authenticationStrengthPolicy | Read the properties and relationships of an authenticationStrengthPolicy object. |
| Update | authenticationStrengthPolicy | Update the properties of a custom authenticationStrengthPolicy object. You can't update a built-in authenticationStrengthPolicy object. |
| Delete | None | Delete a custom authenticationStrengthPolicy object. You can't delete a built-in authenticationStrengthPolicy object. |
| List usage | authenticationStrengthUsage | Find all conditionalAccessPolicies that reference an authentication strength. |
Properties
| Property | Type | Description |
|---|---|---|
| allowedCombinations | authenticationMethodModes collection | A collection of authentication method modes that are required be used to satify this authentication strength. |
| createdDateTime | DateTimeOffset | The datetime when this policy was created. |
| description | String | The human-readable description of this policy. |
| displayName | String | The human-readable display name of this policy. Supports $filter (eq, ne, not , and in). |
| id | String | The system-generated identifier for this mode. |
| modifiedDateTime | DateTimeOffset | The datetime when this policy was last modified. |
| policyType | authenticationStrengthPolicyType | A descriptor of whether this policy is built into Microsoft Entra ID or created by an admin for the tenant. The possible values are: builtIn, custom, unknownFutureValue. Supports $filter (eq, ne, not , and in). |
| requirementsSatisfied | authenticationStrengthRequirements | A descriptor of whether this authentication strength grants the MFA claim upon successful satisfaction. The possible values are: none, mfa, unknownFutureValue. |
Relationships
| Relationship | Type | Description |
|---|---|---|
| combinationConfigurations | authenticationCombinationConfiguration collection | Settings that may be used to require specific types or instances of an authentication method to be used when authenticating with a specified combination of authentication methods. |
JSON representation
The following JSON representation shows the resource type.
{
"@odata.type": "#microsoft.graph.authenticationStrengthPolicy",
"id": "String (identifier)",
"createdDateTime": "String (timestamp)",
"modifiedDateTime": "String (timestamp)",
"displayName": "String",
"description": "String",
"policyType": "String",
"requirementsSatisfied": "String",
"allowedCombinations": [
"String"
]
}