Criar authenticationStrengthPolicy

Artigo
07/16/2024

Namespace: microsoft.graph

Crie um novo objeto authenticationStrengthPolicy personalizado.

Esta API está disponível nas seguintes implementações de cloud nacionais.

Serviço global	US Government L4	US Government L5 (DOD)	China operada pela 21Vianet
✅	✅	✅	✅

Permissões

Escolha a permissão ou permissões marcadas como menos privilegiadas para esta API. Utilize uma permissão ou permissões com privilégios mais elevados apenas se a sua aplicação o exigir. Para obter detalhes sobre as permissões delegadas e de aplicação, veja Tipos de permissão. Para saber mais sobre estas permissões, veja a referência de permissões.

Tipo de permissão	Permissões com menos privilégios	Permissões com privilégios superiores
Delegado (conta corporativa ou de estudante)	Policy.ReadWrite.ConditionalAccess	Policy.ReadWrite.AuthenticationMethod
Delegado (conta pessoal da Microsoft)	Sem suporte.	Sem suporte.
Application	Policy.ReadWrite.ConditionalAccess	Policy.ReadWrite.AuthenticationMethod

Importante

Em cenários delegados com contas escolares ou profissionais, o utilizador com sessão iniciada tem de ter uma função de Microsoft Entra suportada ou uma função personalizada com uma permissão de função suportada. As seguintes funções com menos privilégios são suportadas para esta operação.

Administrador de Acesso Condicional
Administrador de Segurança

Solicitação HTTP

POST /policies/authenticationStrengthPolicies

Cabeçalhos de solicitação

Nome	Descrição
Autorização	{token} de portador. Obrigatório. Saiba mais sobre autenticação e autorização.
Content-Type	application/json. Obrigatório.

Corpo da solicitação

No corpo do pedido, forneça uma representação JSON do objeto authenticationStrengthPolicy .

Pode especificar as seguintes propriedades ao criar uma authenticationStrengthPolicy.

Propriedade	Tipo	Descrição
displayName	Cadeia de caracteres	O nome a apresentar da política a ser criada. Obrigatório.
description	Cadeia de caracteres	A descrição da política a ser criada. Opcional.
allowedCombinations	authenticationMethodModes collection	As combinações de métodos de autenticação permitidas por esta política de força de autenticação. Os valores possíveis desta enumeração sinalizada são: `password`, , `hardwareOathvoice`, `softwareOath`, `sms`, `fido2`, `windowsHelloForBusiness`, `microsoftAuthenticatorPush`, `deviceBasedPush`, , `temporaryAccessPassOneTime`, `temporaryAccessPassMultiUse`, , , `email`, `x509CertificateSingleFactorx509CertificateMultiFactor`, , , `federatedSingleFactor`, , `federatedMultiFactor`, `unknownFutureValue`. Para obter a lista de combinações permitidas, chame a API List authenticationMethodModes . Obrigatório.

Resposta

Se for bem-sucedido, este método devolve um 201 Created código de resposta e um objeto authenticationStrengthPolicy no corpo da resposta.

Exemplos

Solicitação

O exemplo a seguir mostra uma solicitação.

POST https://graph.microsoft.com/v1.0/policies/authenticationStrengthPolicies
Content-Type: application/json

{
    "displayName": "Example",
    "requirementsSatisfied": "mfa",
    "allowedCombinations": [
        "fido2"
    ],
    "combinationConfigurations@odata.context": "https://graph.microsoft.com/v1.0/$metadata#policies/authenticationStrengthPolicies('5790842a-5bab-44c2-9cf1-b38d675b70ea')/combinationConfigurations",
    "combinationConfigurations": [
        {
            "@odata.type": "#microsoft.graph.fido2CombinationConfiguration",
            "id": "42235320-c8db-4d8c-9344-8f1ce87f734b",
            "appliesToCombinations": [
                "fido2"
            ],
            "allowedAAGUIDs": [
                "de1e552d-db1d-4423-a619-566b625cdc84",
                "90a3ccdf-635c-4729-a248-9b709135078f"
            ]
        }
    ]
}


// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Models;

var requestBody = new AuthenticationStrengthPolicy
{
	DisplayName = "Example",
	RequirementsSatisfied = AuthenticationStrengthRequirements.Mfa,
	AllowedCombinations = new List<AuthenticationMethodModes?>
	{
		AuthenticationMethodModes.Fido2,
	},
	CombinationConfigurations = new List<AuthenticationCombinationConfiguration>
	{
		new Fido2CombinationConfiguration
		{
			OdataType = "#microsoft.graph.fido2CombinationConfiguration",
			Id = "42235320-c8db-4d8c-9344-8f1ce87f734b",
			AppliesToCombinations = new List<AuthenticationMethodModes?>
			{
				AuthenticationMethodModes.Fido2,
			},
			AllowedAAGUIDs = new List<string>
			{
				"de1e552d-db1d-4423-a619-566b625cdc84",
				"90a3ccdf-635c-4729-a248-9b709135078f",
			},
		},
	},
	AdditionalData = new Dictionary<string, object>
	{
		{
			"combinationConfigurations@odata.context" , "https://graph.microsoft.com/v1.0/$metadata#policies/authenticationStrengthPolicies('5790842a-5bab-44c2-9cf1-b38d675b70ea')/combinationConfigurations"
		},
	},
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Policies.AuthenticationStrengthPolicies.PostAsync(requestBody);

Para obter detalhes sobre como adicionar o SDK ao seu projeto e criar uma instância authProvider, consulte a documentação do SDK.



mgc policies authentication-strength-policies create --body '{\
    "displayName": "Example",\
    "requirementsSatisfied": "mfa",\
    "allowedCombinations": [\
        "fido2"\
    ],\
    "combinationConfigurations@odata.context": "https://graph.microsoft.com/v1.0/$metadata#policies/authenticationStrengthPolicies('5790842a-5bab-44c2-9cf1-b38d675b70ea')/combinationConfigurations",\
    "combinationConfigurations": [\
        {\
            "@odata.type": "#microsoft.graph.fido2CombinationConfiguration",\
            "id": "42235320-c8db-4d8c-9344-8f1ce87f734b",\
            "appliesToCombinations": [\
                "fido2"\
            ],\
            "allowedAAGUIDs": [\
                "de1e552d-db1d-4423-a619-566b625cdc84",\
                "90a3ccdf-635c-4729-a248-9b709135078f"\
            ]\
        }\
    ]\
}\
'

Para obter detalhes sobre como adicionar o SDK ao seu projeto e criar uma instância authProvider, consulte a documentação do SDK.



// Code snippets are only available for the latest major version. Current major version is $v1.*

// Dependencies
import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
	  graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
	  //other-imports
)

requestBody := graphmodels.NewAuthenticationStrengthPolicy()
displayName := "Example"
requestBody.SetDisplayName(&displayName) 
requirementsSatisfied := graphmodels.MFA_AUTHENTICATIONSTRENGTHREQUIREMENTS 
requestBody.SetRequirementsSatisfied(&requirementsSatisfied) 
allowedCombinations := []graphmodels.AuthenticationMethodModesable {
	authenticationMethodModes := graphmodels.FIDO2_AUTHENTICATIONMETHODMODES 
	requestBody.SetAuthenticationMethodModes(&authenticationMethodModes)
}
requestBody.SetAllowedCombinations(allowedCombinations)


authenticationCombinationConfiguration := graphmodels.NewFido2CombinationConfiguration()
id := "42235320-c8db-4d8c-9344-8f1ce87f734b"
authenticationCombinationConfiguration.SetId(&id) 
appliesToCombinations := []graphmodels.AuthenticationMethodModesable {
	authenticationMethodModes := graphmodels.FIDO2_AUTHENTICATIONMETHODMODES 
	authenticationCombinationConfiguration.SetAuthenticationMethodModes(&authenticationMethodModes)
}
authenticationCombinationConfiguration.SetAppliesToCombinations(appliesToCombinations)
allowedAAGUIDs := []string {
	"de1e552d-db1d-4423-a619-566b625cdc84",
	"90a3ccdf-635c-4729-a248-9b709135078f",
}
authenticationCombinationConfiguration.SetAllowedAAGUIDs(allowedAAGUIDs)

combinationConfigurations := []graphmodels.AuthenticationCombinationConfigurationable {
	authenticationCombinationConfiguration,
}
requestBody.SetCombinationConfigurations(combinationConfigurations)
additionalData := map[string]interface{}{
	"combinationConfigurations@odata.context" : "https://graph.microsoft.com/v1.0/$metadata#policies/authenticationStrengthPolicies('5790842a-5bab-44c2-9cf1-b38d675b70ea')/combinationConfigurations", 
}
requestBody.SetAdditionalData(additionalData)

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
authenticationStrengthPolicies, err := graphClient.Policies().AuthenticationStrengthPolicies().Post(context.Background(), requestBody, nil)

Para obter detalhes sobre como adicionar o SDK ao seu projeto e criar uma instância authProvider, consulte a documentação do SDK.


// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

AuthenticationStrengthPolicy authenticationStrengthPolicy = new AuthenticationStrengthPolicy();
authenticationStrengthPolicy.setDisplayName("Example");
authenticationStrengthPolicy.setRequirementsSatisfied(EnumSet.of(AuthenticationStrengthRequirements.Mfa));
LinkedList<AuthenticationMethodModes> allowedCombinations = new LinkedList<AuthenticationMethodModes>();
allowedCombinations.add(AuthenticationMethodModes.Fido2);
authenticationStrengthPolicy.setAllowedCombinations(allowedCombinations);
LinkedList<AuthenticationCombinationConfiguration> combinationConfigurations = new LinkedList<AuthenticationCombinationConfiguration>();
Fido2CombinationConfiguration authenticationCombinationConfiguration = new Fido2CombinationConfiguration();
authenticationCombinationConfiguration.setOdataType("#microsoft.graph.fido2CombinationConfiguration");
authenticationCombinationConfiguration.setId("42235320-c8db-4d8c-9344-8f1ce87f734b");
LinkedList<AuthenticationMethodModes> appliesToCombinations = new LinkedList<AuthenticationMethodModes>();
appliesToCombinations.add(AuthenticationMethodModes.Fido2);
authenticationCombinationConfiguration.setAppliesToCombinations(appliesToCombinations);
LinkedList<String> allowedAAGUIDs = new LinkedList<String>();
allowedAAGUIDs.add("de1e552d-db1d-4423-a619-566b625cdc84");
allowedAAGUIDs.add("90a3ccdf-635c-4729-a248-9b709135078f");
authenticationCombinationConfiguration.setAllowedAAGUIDs(allowedAAGUIDs);
combinationConfigurations.add(authenticationCombinationConfiguration);
authenticationStrengthPolicy.setCombinationConfigurations(combinationConfigurations);
HashMap<String, Object> additionalData = new HashMap<String, Object>();
additionalData.put("combinationConfigurations@odata.context", "https://graph.microsoft.com/v1.0/$metadata#policies/authenticationStrengthPolicies('5790842a-5bab-44c2-9cf1-b38d675b70ea')/combinationConfigurations");
authenticationStrengthPolicy.setAdditionalData(additionalData);
AuthenticationStrengthPolicy result = graphClient.policies().authenticationStrengthPolicies().post(authenticationStrengthPolicy);

Para obter detalhes sobre como adicionar o SDK ao seu projeto e criar uma instância authProvider, consulte a documentação do SDK.


const options = {
	authProvider,
};

const client = Client.init(options);

const authenticationStrengthPolicy = {
    displayName: 'Example',
    requirementsSatisfied: 'mfa',
    allowedCombinations: [
        'fido2'
    ],
    'combinationConfigurations@odata.context': 'https://graph.microsoft.com/v1.0/$metadata#policies/authenticationStrengthPolicies(\'5790842a-5bab-44c2-9cf1-b38d675b70ea\')/combinationConfigurations',
    combinationConfigurations: [
        {
            '@odata.type': '#microsoft.graph.fido2CombinationConfiguration',
            id: '42235320-c8db-4d8c-9344-8f1ce87f734b',
            appliesToCombinations: [
                'fido2'
            ],
            allowedAAGUIDs: [
                'de1e552d-db1d-4423-a619-566b625cdc84',
                '90a3ccdf-635c-4729-a248-9b709135078f'
            ]
        }
    ]
};

await client.api('/policies/authenticationStrengthPolicies')
	.post(authenticationStrengthPolicy);

Para obter detalhes sobre como adicionar o SDK ao seu projeto e criar uma instância authProvider, consulte a documentação do SDK.


<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\AuthenticationStrengthPolicy;
use Microsoft\Graph\Generated\Models\AuthenticationStrengthRequirements;
use Microsoft\Graph\Generated\Models\AuthenticationMethodModes;
use Microsoft\Graph\Generated\Models\AuthenticationCombinationConfiguration;
use Microsoft\Graph\Generated\Models\Fido2CombinationConfiguration;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new AuthenticationStrengthPolicy();
$requestBody->setDisplayName('Example');
$requestBody->setRequirementsSatisfied(new AuthenticationStrengthRequirements('mfa'));
$requestBody->setAllowedCombinations([new AuthenticationMethodModes('fido2'),	]);
$combinationConfigurationsAuthenticationCombinationConfiguration1 = new Fido2CombinationConfiguration();
$combinationConfigurationsAuthenticationCombinationConfiguration1->setOdataType('#microsoft.graph.fido2CombinationConfiguration');
$combinationConfigurationsAuthenticationCombinationConfiguration1->setId('42235320-c8db-4d8c-9344-8f1ce87f734b');
$combinationConfigurationsAuthenticationCombinationConfiguration1->setAppliesToCombinations([new AuthenticationMethodModes('fido2'),	]);
$combinationConfigurationsAuthenticationCombinationConfiguration1->setAllowedAAGUIDs(['de1e552d-db1d-4423-a619-566b625cdc84', '90a3ccdf-635c-4729-a248-9b709135078f', 	]);
$combinationConfigurationsArray []= $combinationConfigurationsAuthenticationCombinationConfiguration1;
$requestBody->setCombinationConfigurations($combinationConfigurationsArray);

$additionalData = [
'combinationConfigurations@odata.context' => 'https://graph.microsoft.com/v1.0/$metadata#policies/authenticationStrengthPolicies(\'5790842a-5bab-44c2-9cf1-b38d675b70ea\')/combinationConfigurations',
];
$requestBody->setAdditionalData($additionalData);

$result = $graphServiceClient->policies()->authenticationStrengthPolicies()->post($requestBody)->wait();

Para obter detalhes sobre como adicionar o SDK ao seu projeto e criar uma instância authProvider, consulte a documentação do SDK.


Import-Module Microsoft.Graph.Identity.SignIns

$params = @{
	displayName = "Example"
	requirementsSatisfied = "mfa"
	allowedCombinations = @(
	"fido2"
)
"combinationConfigurations@odata.context" = "https://graph.microsoft.com/v1.0/$metadata#policies/authenticationStrengthPolicies('5790842a-5bab-44c2-9cf1-b38d675b70ea')/combinationConfigurations"
combinationConfigurations = @(
	@{
		"@odata.type" = "#microsoft.graph.fido2CombinationConfiguration"
		id = "42235320-c8db-4d8c-9344-8f1ce87f734b"
		appliesToCombinations = @(
		"fido2"
	)
	allowedAAGUIDs = @(
	"de1e552d-db1d-4423-a619-566b625cdc84"
"90a3ccdf-635c-4729-a248-9b709135078f"
)
}
)
}

New-MgPolicyAuthenticationStrengthPolicy -BodyParameter $params

Para obter detalhes sobre como adicionar o SDK ao seu projeto e criar uma instância authProvider, consulte a documentação do SDK.


# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.authentication_strength_policy import AuthenticationStrengthPolicy
from msgraph.generated.models.authentication_strength_requirements import AuthenticationStrengthRequirements
from msgraph.generated.models.authentication_method_modes import AuthenticationMethodModes
from msgraph.generated.models.authentication_combination_configuration import AuthenticationCombinationConfiguration
from msgraph.generated.models.fido2_combination_configuration import Fido2CombinationConfiguration
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = AuthenticationStrengthPolicy(
	display_name = "Example",
	requirements_satisfied = AuthenticationStrengthRequirements.Mfa,
	allowed_combinations = [
		AuthenticationMethodModes.Fido2,
	],
	combination_configurations = [
		Fido2CombinationConfiguration(
			odata_type = "#microsoft.graph.fido2CombinationConfiguration",
			id = "42235320-c8db-4d8c-9344-8f1ce87f734b",
			applies_to_combinations = [
				AuthenticationMethodModes.Fido2,
			],
			allowed_a_a_g_u_i_ds = [
				"de1e552d-db1d-4423-a619-566b625cdc84",
				"90a3ccdf-635c-4729-a248-9b709135078f",
			],
		),
	],
	additional_data = {
			"combination_configurations@odata_context" : "https://graph.microsoft.com/v1.0/$metadata#policies/authenticationStrengthPolicies('5790842a-5bab-44c2-9cf1-b38d675b70ea')/combinationConfigurations",
	}
)

result = await graph_client.policies.authentication_strength_policies.post(request_body)

Para obter detalhes sobre como adicionar o SDK ao seu projeto e criar uma instância authProvider, consulte a documentação do SDK.

Resposta

O exemplo a seguir mostra a resposta.

Observação: o objeto de resposta mostrado aqui pode ser encurtado para legibilidade.

HTTP/1.1 201 Created
Content-Type: application/json

{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#policies/authenticationStrengthPolicies/$entity",
    "id": "7daf2132-6a2d-4e78-a699-b823babf4436",
    "createdDateTime": "2024-07-23T17:10:58.1492045Z",
    "modifiedDateTime": "2024-07-23T17:10:58.1492045Z",
    "displayName": "Example",
    "description": "",
    "policyType": "custom",
    "requirementsSatisfied": "mfa",
    "allowedCombinations": [
        "fido2"
    ],
    "combinationConfigurations@odata.context": "https://graph.microsoft.com/v1.0/$metadata#policies/authenticationStrengthPolicies('7daf2132-6a2d-4e78-a699-b823babf4436')/combinationConfigurations",
    "combinationConfigurations": [
        {
            "@odata.type": "#microsoft.graph.fido2CombinationConfiguration",
            "id": "c0fdf2f9-3b3f-4bbf-988c-17606ea4b4e4",
            "appliesToCombinations": [
                "fido2"
            ],
            "allowedAAGUIDs": [
                "de1e552d-db1d-4423-a619-566b625cdc84",
                "90a3ccdf-635c-4729-a248-9b709135078f"
            ]
        }
    ]
}

Compartilhar via

Criar authenticationStrengthPolicy

Permissões

Solicitação HTTP

Cabeçalhos de solicitação

Corpo da solicitação

Resposta

Exemplos

Solicitação

Resposta

Comentários

Recursos adicionais