authenticationStrengthPolicy resource type

Article
04/21/2023

Namespace: microsoft.graph

A collection of settings that define specific combinations of authentication methods and metadata. The authentication strength policy, when applied to a given scenario using Microsoft Entra Conditional Access, defines which authentication methods must be used to authenticate in that scenario. An authentication strength may be built-in or custom (defined by the tenant) and may or may not fulfill the requirements to grant an MFA claim.

Methods

Method	Return type	Description
List authenticationStrengthPolicies	authenticationStrengthPolicy collection	Get a list of the authenticationStrengthPolicy objects and their properties.
Create authenticationStrengthPolicy	authenticationStrengthPolicy	Create a new custom authenticationStrengthPolicy object.
Get authenticationStrengthPolicy	authenticationStrengthPolicy	Read the properties and relationships of an authenticationStrengthPolicy object.
Update authenticationStrengthPolicy	authenticationStrengthPolicy	Update the properties of a custom authenticationStrengthPolicy object. You can't update a built-in authenticationStrengthPolicy object.
Delete authenticationStrengthPolicy	None	Delete a custom authenticationStrengthPolicy object. You can't delete a built-in authenticationStrengthPolicy object.
List usage	authenticationStrengthUsage	Find all conditionalAccessPolicies that reference an authentication strength.
updateAllowedCombinations	updateAllowedCombinationsResult	Update the allowed authenticationCombinationConfiguration for a given authenticationStrengthPolicy.

Properties

Property	Type	Description
allowedCombinations	authenticationMethodModes collection	A collection of authentication method modes that are required be used to satify this authentication strength.
createdDateTime	DateTimeOffset	The datetime when this policy was created.
description	String	The human-readable description of this policy.
displayName	String	The human-readable display name of this policy. Supports `$filter` (`eq`, `ne`, `not` , and `in`).
id	String	The system-generated identifier for this mode.
modifiedDateTime	DateTimeOffset	The datetime when this policy was last modified.
policyType	authenticationStrengthPolicyType	A descriptor of whether this policy is built into Microsoft Entra ID or created by an admin for the tenant. The possible values are: `builtIn`, `custom`, `unknownFutureValue`. Supports `$filter` (`eq`, `ne`, `not` , and `in`).
requirementsSatisfied	authenticationStrengthRequirements	A descriptor of whether this authentication strength grants the MFA claim upon successful satisfaction. The possible values are: `none`, `mfa`, `unknownFutureValue`.

Relationships

Relationship	Type	Description
combinationConfigurations	authenticationCombinationConfiguration collection	Settings that may be used to require specific types or instances of an authentication method to be used when authenticating with a specified combination of authentication methods.

JSON representation

The following is a JSON representation of the resource.

{
  "@odata.type": "#microsoft.graph.authenticationStrengthPolicy",
  "id": "String (identifier)",
  "createdDateTime": "String (timestamp)",
  "modifiedDateTime": "String (timestamp)",
  "displayName": "String",
  "description": "String",
  "policyType": "String",
  "requirementsSatisfied": "String",
  "allowedCombinations": [
    "String"
  ]
}