Create a new authenticationCombinationConfiguration object. In use, only fido2combinationConfigurations may be created, and these may only be created for custom authentication strength policies.
Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
Permission type
Least privileged permissions
Higher privileged permissions
Delegated (work or school account)
Policy.ReadWrite.ConditionalAccess
Policy.ReadWrite.AuthenticationMethod
Delegated (personal Microsoft account)
Not supported.
Not supported.
Application
Policy.ReadWrite.ConditionalAccess
Policy.ReadWrite.AuthenticationMethod
For delegated scenarios, the calling user must also be assigned at least the Conditional Access Administrator or Security AdministratorMicrosoft Entra role.
HTTP request
POST /identity/conditionalAccess/authenticationStrength/policies/{authenticationStrengthPolicyId}/combinationConfigurations
You can specify the following properties when creating an authenticationCombinationConfiguration. Additionally, you must supply the @odata.type and required properties of the derived type of authenticationCombinationConfiguration that you're creating. For example, "@odata.type" : "#microsoft.graph.fido2CombinationConfiguration".
Property
Type
Description
appliesToCombinations
authenticationMethodModes collection
The combinations to which this configuration applies. The only possible value for fido2combinationConfigurations is fido2. Required.
Response
If successful, this method returns a 201 Created response code and a fido2CombinationConfiguration object in the response body.
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new Fido2CombinationConfiguration
{
OdataType = "#microsoft.graph.fido2CombinationConfiguration",
AllowedAAGUIDs = new List<string>
{
"486c3b50-889c-480a-abc5-c04ef7c873e0",
"c042882f-a621-40c8-94d3-9cde3a826fed",
"ec454c08-4c77-4012-9d48-45f7f0fccdfb",
},
AppliesToCombinations = new List<AuthenticationMethodModes?>
{
AuthenticationMethodModes.Fido2,
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Identity.ConditionalAccess.AuthenticationStrength.Policies["{authenticationStrengthPolicy-id}"].CombinationConfigurations.PostAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewAuthenticationCombinationConfiguration()
allowedAAGUIDs := []string {
"486c3b50-889c-480a-abc5-c04ef7c873e0",
"c042882f-a621-40c8-94d3-9cde3a826fed",
"ec454c08-4c77-4012-9d48-45f7f0fccdfb",
}
requestBody.SetAllowedAAGUIDs(allowedAAGUIDs)
appliesToCombinations := []graphmodels.AuthenticationMethodModesable {
authenticationMethodModes := graphmodels.FIDO2_AUTHENTICATIONMETHODMODES
requestBody.SetAuthenticationMethodModes(&authenticationMethodModes)
}
requestBody.SetAppliesToCombinations(appliesToCombinations)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
combinationConfigurations, err := graphClient.Identity().ConditionalAccess().AuthenticationStrength().Policies().ByAuthenticationStrengthPolicyId("authenticationStrengthPolicy-id").CombinationConfigurations().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
Fido2CombinationConfiguration authenticationCombinationConfiguration = new Fido2CombinationConfiguration();
authenticationCombinationConfiguration.setOdataType("#microsoft.graph.fido2CombinationConfiguration");
LinkedList<String> allowedAAGUIDs = new LinkedList<String>();
allowedAAGUIDs.add("486c3b50-889c-480a-abc5-c04ef7c873e0");
allowedAAGUIDs.add("c042882f-a621-40c8-94d3-9cde3a826fed");
allowedAAGUIDs.add("ec454c08-4c77-4012-9d48-45f7f0fccdfb");
authenticationCombinationConfiguration.setAllowedAAGUIDs(allowedAAGUIDs);
LinkedList<AuthenticationMethodModes> appliesToCombinations = new LinkedList<AuthenticationMethodModes>();
appliesToCombinations.add(AuthenticationMethodModes.Fido2);
authenticationCombinationConfiguration.setAppliesToCombinations(appliesToCombinations);
AuthenticationCombinationConfiguration result = graphClient.identity().conditionalAccess().authenticationStrength().policies().byAuthenticationStrengthPolicyId("{authenticationStrengthPolicy-id}").combinationConfigurations().post(authenticationCombinationConfiguration);
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.