Criar authenticationCombinationConfiguration

Namespace: microsoft.graph

Crie um novo objeto authenticationCombinationConfiguration que pode ser de um dos seguintes tipos derivados:

• fido2combinationConfiguration
• x509certificatecombinationconfiguration

Esta API está disponível nas seguintes implementações de cloud nacionais.

Serviço global	US Government L4	US Government L5 (DOD)	China operada pela 21Vianet
✅	✅	✅	✅

Permissões

Escolha a permissão ou permissões marcadas como menos privilegiadas para esta API. Utilize uma permissão ou permissões com privilégios mais elevados apenas se a sua aplicação o exigir. Para obter detalhes sobre as permissões delegadas e de aplicação, veja Tipos de permissão. Para saber mais sobre estas permissões, veja a referência de permissões.

Tipo de permissão	Permissões com menos privilégios	Permissões com privilégios superiores
Delegado (conta corporativa ou de estudante)	Policy.ReadWrite.ConditionalAccess	Policy.ReadWrite.AuthenticationMethod
Delegado (conta pessoal da Microsoft)	Sem suporte.	Sem suporte.
Application	Policy.ReadWrite.ConditionalAccess	Policy.ReadWrite.AuthenticationMethod

Em cenários delegados com contas escolares ou profissionais, o utilizador com sessão iniciada tem de ter uma função suportada do Microsoft Entra ou uma função personalizada com uma permissão de função suportada. As seguintes funções com menos privilégios são suportadas para esta operação.

• Administrador de Acesso Condicional
• Administrador de Segurança

Solicitação HTTP

POST /identity/conditionalAccess/authenticationStrength/policies/{authenticationStrengthPolicyId}/combinationConfigurations

Cabeçalhos de solicitação

Nome	Descrição
Autorização	{token} de portador. Obrigatório. Saiba mais sobre autenticação e autorização.
Content-Type	application/json. Obrigatório.

Corpo da solicitação

No corpo do pedido, forneça uma representação JSON do objeto authenticationCombinationConfiguration .

Pode especificar as seguintes propriedades ao criar uma authenticationCombinationConfiguration. Além disso, tem de fornecer as @odata.type propriedades e necessárias do tipo derivado de authenticationCombinationConfiguration que está a criar. Por exemplo, "@odata.type" : "#microsoft.graph.fido2CombinationConfiguration".

Propriedade	Tipo	Descrição
aplicaToCombinations	authenticationMethodModes collection	As combinações em que esta configuração se aplica. Para fido2combinationConfigurations , utilize "fido2"para x509certificatecombinationconfiguration use "x509CertificateSingleFactor" ou "x509CertificateMultiFactor". Obrigatório.

Resposta

Se for bem-sucedido, este método devolve um 201 Created código de resposta e um objeto authenticationCombinationConfiguration que pode ser um objeto fido2combinationConfigurations ou um objeto x509certificatecombinationconfiguration no corpo da resposta.

Exemplos

Exemplo 1: criar um objeto fido2combinationConfiguration

Solicitação

O exemplo a seguir mostra uma solicitação.

HTTP

POST https://graph.microsoft.com/v1.0/identity/conditionalAccess/authenticationStrength/policies/{authenticationStrengthPolicyId}//combinationConfigurations
Content-Type: application/json
Content-length: 130

{
  "@odata.type" : "#microsoft.graph.fido2CombinationConfiguration",
  "allowedAAGUIDs": [
    "486c3b50-889c-480a-abc5-c04ef7c873e0",
    "c042882f-a621-40c8-94d3-9cde3a826fed",
    "ec454c08-4c77-4012-9d48-45f7f0fccdfb"
  ],
  "appliesToCombinations": ["fido2"]
}

C#

// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Models;

var requestBody = new Fido2CombinationConfiguration
{
	OdataType = "#microsoft.graph.fido2CombinationConfiguration",
	AllowedAAGUIDs = new List<string>
	{
		"486c3b50-889c-480a-abc5-c04ef7c873e0",
		"c042882f-a621-40c8-94d3-9cde3a826fed",
		"ec454c08-4c77-4012-9d48-45f7f0fccdfb",
	},
	AppliesToCombinations = new List<AuthenticationMethodModes?>
	{
		AuthenticationMethodModes.Fido2,
	},
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Identity.ConditionalAccess.AuthenticationStrength.Policies["{authenticationStrengthPolicy-id}"].CombinationConfigurations.PostAsync(requestBody);

Para obter detalhes sobre como adicionar o SDK ao seu projeto e criar uma instância authProvider, consulte a documentação do SDK.

CLI

mgc identity conditional-access authentication-strength policies combination-configurations create --authentication-strength-policy-id {authenticationStrengthPolicy-id} --body '{\
  "@odata.type" : "#microsoft.graph.fido2CombinationConfiguration",\
  "allowedAAGUIDs": [\
    "486c3b50-889c-480a-abc5-c04ef7c873e0",\
    "c042882f-a621-40c8-94d3-9cde3a826fed",\
    "ec454c08-4c77-4012-9d48-45f7f0fccdfb"\
  ],\
  "appliesToCombinations": ["fido2"]\
}\
'

Para obter detalhes sobre como adicionar o SDK ao seu projeto e criar uma instância authProvider, consulte a documentação do SDK.

Ir

// Code snippets are only available for the latest major version. Current major version is $v1.*

// Dependencies
import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
	  graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
	  //other-imports
)

requestBody := graphmodels.NewAuthenticationCombinationConfiguration()
allowedAAGUIDs := []string {
	"486c3b50-889c-480a-abc5-c04ef7c873e0",
	"c042882f-a621-40c8-94d3-9cde3a826fed",
	"ec454c08-4c77-4012-9d48-45f7f0fccdfb",
}
requestBody.SetAllowedAAGUIDs(allowedAAGUIDs)
appliesToCombinations := []graphmodels.AuthenticationMethodModesable {
	authenticationMethodModes := graphmodels.FIDO2_AUTHENTICATIONMETHODMODES 
	requestBody.SetAuthenticationMethodModes(&authenticationMethodModes)
}
requestBody.SetAppliesToCombinations(appliesToCombinations)

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
combinationConfigurations, err := graphClient.Identity().ConditionalAccess().AuthenticationStrength().Policies().ByAuthenticationStrengthPolicyId("authenticationStrengthPolicy-id").CombinationConfigurations().Post(context.Background(), requestBody, nil)

Para obter detalhes sobre como adicionar o SDK ao seu projeto e criar uma instância authProvider, consulte a documentação do SDK.

Java

// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

Fido2CombinationConfiguration authenticationCombinationConfiguration = new Fido2CombinationConfiguration();
authenticationCombinationConfiguration.setOdataType("#microsoft.graph.fido2CombinationConfiguration");
LinkedList<String> allowedAAGUIDs = new LinkedList<String>();
allowedAAGUIDs.add("486c3b50-889c-480a-abc5-c04ef7c873e0");
allowedAAGUIDs.add("c042882f-a621-40c8-94d3-9cde3a826fed");
allowedAAGUIDs.add("ec454c08-4c77-4012-9d48-45f7f0fccdfb");
authenticationCombinationConfiguration.setAllowedAAGUIDs(allowedAAGUIDs);
LinkedList<AuthenticationMethodModes> appliesToCombinations = new LinkedList<AuthenticationMethodModes>();
appliesToCombinations.add(AuthenticationMethodModes.Fido2);
authenticationCombinationConfiguration.setAppliesToCombinations(appliesToCombinations);
AuthenticationCombinationConfiguration result = graphClient.identity().conditionalAccess().authenticationStrength().policies().byAuthenticationStrengthPolicyId("{authenticationStrengthPolicy-id}").combinationConfigurations().post(authenticationCombinationConfiguration);

Para obter detalhes sobre como adicionar o SDK ao seu projeto e criar uma instância authProvider, consulte a documentação do SDK.

JavaScript

const options = {
	authProvider,
};

const client = Client.init(options);

const authenticationCombinationConfiguration = {
  '@odata.type': '#microsoft.graph.fido2CombinationConfiguration',
  allowedAAGUIDs: [
    '486c3b50-889c-480a-abc5-c04ef7c873e0',
    'c042882f-a621-40c8-94d3-9cde3a826fed',
    'ec454c08-4c77-4012-9d48-45f7f0fccdfb'
  ],
  appliesToCombinations: ['fido2']
};

await client.api('/identity/conditionalAccess/authenticationStrength/policies/{authenticationStrengthPolicyId}//combinationConfigurations')
	.post(authenticationCombinationConfiguration);

Para obter detalhes sobre como adicionar o SDK ao seu projeto e criar uma instância authProvider, consulte a documentação do SDK.

PHP

<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\Fido2CombinationConfiguration;
use Microsoft\Graph\Generated\Models\AuthenticationMethodModes;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new Fido2CombinationConfiguration();
$requestBody->setOdataType('#microsoft.graph.fido2CombinationConfiguration');
$requestBody->setAllowedAAGUIDs(['486c3b50-889c-480a-abc5-c04ef7c873e0', 'c042882f-a621-40c8-94d3-9cde3a826fed', 'ec454c08-4c77-4012-9d48-45f7f0fccdfb', 	]);
$requestBody->setAppliesToCombinations([new AuthenticationMethodModes('fido2'),	]);

$result = $graphServiceClient->identity()->conditionalAccess()->authenticationStrength()->policies()->byAuthenticationStrengthPolicyId('authenticationStrengthPolicy-id')->combinationConfigurations()->post($requestBody)->wait();

Para obter detalhes sobre como adicionar o SDK ao seu projeto e criar uma instância authProvider, consulte a documentação do SDK.

PowerShell

Import-Module Microsoft.Graph.Identity.SignIns

$params = @{
	"@odata.type" = "#microsoft.graph.fido2CombinationConfiguration"
	allowedAAGUIDs = @(
	"486c3b50-889c-480a-abc5-c04ef7c873e0"
"c042882f-a621-40c8-94d3-9cde3a826fed"
"ec454c08-4c77-4012-9d48-45f7f0fccdfb"
)
appliesToCombinations = @(
"fido2"
)
}

New-MgIdentityConditionalAccessAuthenticationStrengthPolicyCombinationConfiguration -AuthenticationStrengthPolicyId $authenticationStrengthPolicyId -BodyParameter $params

Para obter detalhes sobre como adicionar o SDK ao seu projeto e criar uma instância authProvider, consulte a documentação do SDK.

Python

# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.fido2_combination_configuration import Fido2CombinationConfiguration
from msgraph.generated.models.authentication_method_modes import AuthenticationMethodModes
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = Fido2CombinationConfiguration(
	odata_type = "#microsoft.graph.fido2CombinationConfiguration",
	allowed_a_a_g_u_i_ds = [
		"486c3b50-889c-480a-abc5-c04ef7c873e0",
		"c042882f-a621-40c8-94d3-9cde3a826fed",
		"ec454c08-4c77-4012-9d48-45f7f0fccdfb",
	],
	applies_to_combinations = [
		AuthenticationMethodModes.Fido2,
	],
)

result = await graph_client.identity.conditional_access.authentication_strength.policies.by_authentication_strength_policy_id('authenticationStrengthPolicy-id').combination_configurations.post(request_body)

Para obter detalhes sobre como adicionar o SDK ao seu projeto e criar uma instância authProvider, consulte a documentação do SDK.

Resposta

O exemplo a seguir mostra a resposta.

Observação: o objeto de resposta mostrado aqui pode ser encurtado para legibilidade.

HTTP/1.1 201 Created
Content-Type: application/json

{
  "@odata.type" : "#microsoft.graph.fido2CombinationConfiguration",
  "id": "96cb1a17-e45e-4b4f-8b4b-4a9490d63d66",
  "allowedAAGUIDs": [
    "486c3b50-889c-480a-abc5-c04ef7c873e0",
    "c042882f-a621-40c8-94d3-9cde3a826fed",
    "ec454c08-4c77-4012-9d48-45f7f0fccdfb"
  ],
  "appliesToCombinations": ["fido2"]
}

Exemplo 2: criar um objeto x509CertificateCombinationConfiguration

Solicitação

O exemplo a seguir mostra uma solicitação.

HTTP

POST https://graph.microsoft.com/v1.0/identity/conditionalAccess/authenticationStrength/policies/{authenticationStrengthPolicyId}/combinationConfigurations 
 
{ 
    "@odata.type": "#microsoft.graph.x509CertificateCombinationConfiguration", 
    "allowedIssuerSkis": [ 
        "9A4248C6AC8C2931AB2A86537818E92E7B6C97B6" 
    ], 
    "allowedPolicyOIDs": [], 
    "appliesToCombinations": [ 
        "x509CertificateSingleFactor " 
    ] 
} 

C#

// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Models;

var requestBody = new X509CertificateCombinationConfiguration
{
	OdataType = "#microsoft.graph.x509CertificateCombinationConfiguration",
	AllowedIssuerSkis = new List<string>
	{
		"9A4248C6AC8C2931AB2A86537818E92E7B6C97B6",
	},
	AllowedPolicyOIDs = new List<string>
	{
	},
	AppliesToCombinations = new List<AuthenticationMethodModes?>
	{
		AuthenticationMethodModes.X509CertificateSingleFactor,
	},
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Identity.ConditionalAccess.AuthenticationStrength.Policies["{authenticationStrengthPolicy-id}"].CombinationConfigurations.PostAsync(requestBody);

Para obter detalhes sobre como adicionar o SDK ao seu projeto e criar uma instância authProvider, consulte a documentação do SDK.

CLI

mgc identity conditional-access authentication-strength policies combination-configurations create --authentication-strength-policy-id {authenticationStrengthPolicy-id}

Para obter detalhes sobre como adicionar o SDK ao seu projeto e criar uma instância authProvider, consulte a documentação do SDK.

Ir

// Code snippets are only available for the latest major version. Current major version is $v1.*

// Dependencies
import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
	  graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
	  //other-imports
)

requestBody := graphmodels.NewAuthenticationCombinationConfiguration()
allowedIssuerSkis := []string {
	"9A4248C6AC8C2931AB2A86537818E92E7B6C97B6",
}
requestBody.SetAllowedIssuerSkis(allowedIssuerSkis)
allowedPolicyOIDs := []string {

}
requestBody.SetAllowedPolicyOIDs(allowedPolicyOIDs)
appliesToCombinations := []graphmodels.AuthenticationMethodModesable {
	authenticationMethodModes := graphmodels.X509CERTIFICATESINGLEFACTOR _AUTHENTICATIONMETHODMODES 
	requestBody.SetAuthenticationMethodModes(&authenticationMethodModes)
}
requestBody.SetAppliesToCombinations(appliesToCombinations)

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
combinationConfigurations, err := graphClient.Identity().ConditionalAccess().AuthenticationStrength().Policies().ByAuthenticationStrengthPolicyId("authenticationStrengthPolicy-id").CombinationConfigurations().Post(context.Background(), requestBody, nil)

Para obter detalhes sobre como adicionar o SDK ao seu projeto e criar uma instância authProvider, consulte a documentação do SDK.

Java

// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

X509CertificateCombinationConfiguration authenticationCombinationConfiguration = new X509CertificateCombinationConfiguration();
authenticationCombinationConfiguration.setOdataType("#microsoft.graph.x509CertificateCombinationConfiguration");
LinkedList<String> allowedIssuerSkis = new LinkedList<String>();
allowedIssuerSkis.add("9A4248C6AC8C2931AB2A86537818E92E7B6C97B6");
authenticationCombinationConfiguration.setAllowedIssuerSkis(allowedIssuerSkis);
LinkedList<String> allowedPolicyOIDs = new LinkedList<String>();
authenticationCombinationConfiguration.setAllowedPolicyOIDs(allowedPolicyOIDs);
LinkedList<AuthenticationMethodModes> appliesToCombinations = new LinkedList<AuthenticationMethodModes>();
appliesToCombinations.add(AuthenticationMethodModes.X509CertificateSingleFactor);
authenticationCombinationConfiguration.setAppliesToCombinations(appliesToCombinations);
AuthenticationCombinationConfiguration result = graphClient.identity().conditionalAccess().authenticationStrength().policies().byAuthenticationStrengthPolicyId("{authenticationStrengthPolicy-id}").combinationConfigurations().post(authenticationCombinationConfiguration);

Para obter detalhes sobre como adicionar o SDK ao seu projeto e criar uma instância authProvider, consulte a documentação do SDK.

JavaScript

const options = {
	authProvider,
};

const client = Client.init(options);

const authenticationCombinationConfiguration = {
    '@odata.type': '#microsoft.graph.x509CertificateCombinationConfiguration', 
    allowedIssuerSkis: [ 
        '9A4248C6AC8C2931AB2A86537818E92E7B6C97B6' 
    ], 
    allowedPolicyOIDs: [], 
    appliesToCombinations: [ 
        'x509CertificateSingleFactor ' 
    ] 
};

await client.api('/identity/conditionalAccess/authenticationStrength/policies/{authenticationStrengthPolicyId}/combinationConfigurations')
	.post(authenticationCombinationConfiguration);

Para obter detalhes sobre como adicionar o SDK ao seu projeto e criar uma instância authProvider, consulte a documentação do SDK.

PHP

<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\X509CertificateCombinationConfiguration;
use Microsoft\Graph\Generated\Models\AuthenticationMethodModes;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new X509CertificateCombinationConfiguration();
$requestBody->setOdataType('#microsoft.graph.x509CertificateCombinationConfiguration');
$requestBody->setAllowedIssuerSkis(['9A4248C6AC8C2931AB2A86537818E92E7B6C97B6', 	]);
$requestBody->setAllowedPolicyOIDs([	]);
$requestBody->setAppliesToCombinations([new AuthenticationMethodModes('x509CertificateSingleFactor '),	]);

$result = $graphServiceClient->identity()->conditionalAccess()->authenticationStrength()->policies()->byAuthenticationStrengthPolicyId('authenticationStrengthPolicy-id')->combinationConfigurations()->post($requestBody)->wait();

Para obter detalhes sobre como adicionar o SDK ao seu projeto e criar uma instância authProvider, consulte a documentação do SDK.

PowerShell

Import-Module Microsoft.Graph.Identity.SignIns

$params = @{
	"@odata.type" = "#microsoft.graph.x509CertificateCombinationConfiguration"
	allowedIssuerSkis = @(
	"9A4248C6AC8C2931AB2A86537818E92E7B6C97B6"
)
allowedPolicyOIDs = @(
)
appliesToCombinations = @(
"x509CertificateSingleFactor "
)
}

New-MgIdentityConditionalAccessAuthenticationStrengthPolicyCombinationConfiguration -AuthenticationStrengthPolicyId $authenticationStrengthPolicyId -BodyParameter $params

Para obter detalhes sobre como adicionar o SDK ao seu projeto e criar uma instância authProvider, consulte a documentação do SDK.

Python

# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.x509_certificate_combination_configuration import X509CertificateCombinationConfiguration
from msgraph.generated.models.authentication_method_modes import AuthenticationMethodModes
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = X509CertificateCombinationConfiguration(
	odata_type = "#microsoft.graph.x509CertificateCombinationConfiguration",
	allowed_issuer_skis = [
		"9A4248C6AC8C2931AB2A86537818E92E7B6C97B6",
	],
	allowed_policy_o_i_ds = [
	],
	applies_to_combinations = [
		AuthenticationMethodModes.X509CertificateSingleFactor,
	],
)

result = await graph_client.identity.conditional_access.authentication_strength.policies.by_authentication_strength_policy_id('authenticationStrengthPolicy-id').combination_configurations.post(request_body)

Para obter detalhes sobre como adicionar o SDK ao seu projeto e criar uma instância authProvider, consulte a documentação do SDK.

Resposta

O exemplo a seguir mostra a resposta.

Observação: o objeto de resposta mostrado aqui pode ser encurtado para legibilidade.

HTTP/1.1 201 Created
Content-Type: application/json

{ 
    "@odata.type": "#microsoft.graph.x509CertificateCombinationConfiguration", 
    "id" : "96cb1a17-e45e-4b4f-8b4b-4a9490d63d66",
    "allowedIssuerSkis": [ 
        "9A4248C6AC8C2931AB2A86537818E92E7B6C97B6" 
    ], 
    "allowedPolicyOIDs": [], 
    "appliesToCombinations": [ 
        "x509CertificateSingleFactor " 
    ] 
}