| title | authenticationStrengthPolicy resource type |
|---|---|
| description | A collection of settings that define specific combinations of authentication methods and metadata. The authentication strength policy, when applied to a given scenario using Microsoft Entra Conditional Access, defines which authentication methods must be used to authenticate in that scenario. |
| author | InbarckMS |
| ms.reviewer | conditionalaccesspm |
| ms.localizationpriority | medium |
| ms.subservice | entra-sign-in |
| doc_type | resourcePageType |
| ms.date | 07/22/2024 |
Namespace: microsoft.graph
[!INCLUDE beta-disclaimer]
A collection of settings that define specific combinations of authentication methods and metadata. The authentication strength policy, when applied to a given scenario using Microsoft Entra Conditional Access, defines which authentication methods must be used to authenticate in that scenario. An authentication strength may be built-in or custom (defined by the tenant) and may or may not fulfill the requirements to grant an MFA claim.
Inherits from entity.
| Method | Return type | Description |
|---|---|---|
| List | authenticationStrengthPolicy collection | Get a list of the authenticationStrengthPolicy objects and their properties. |
| Create | authenticationStrengthPolicy | Create a new custom authenticationStrengthPolicy object. |
| Get | authenticationStrengthPolicy | Read the properties and relationships of an authenticationStrengthPolicy object. |
| Update | authenticationStrengthPolicy | Update the properties of a custom authenticationStrengthPolicy object. You can't update a built-in authenticationStrengthPolicy object. |
| Delete | None | Delete a custom authenticationStrengthPolicy object. You can't delete a built-in authenticationStrengthPolicy object. |
| List usage | authenticationStrengthUsage | Find all conditionalAccessPolicies that reference an authentication strength. |
| Find by method mode (deprecated) | authenticationStrengthPolicy collection | Find an authenticationStrengthPolicy by allowed mode. |
| Property | Type | Description |
|---|---|---|
| allowedCombinations | authenticationMethodModes collection | A collection of authentication method modes that are required be used to satify this authentication strength. |
| createdDateTime | DateTimeOffset | The datetime when this policy was created. |
| description | String | The human-readable description of this policy. |
| displayName | String | The human-readable display name of this policy. Supports $filter (eq, ne, not , and in). |
| id | String | The system-generated identifier for this mode. Inherited from entity. |
| modifiedDateTime | DateTimeOffset | The datetime when this policy was last modified. |
| policyType | authenticationStrengthPolicyType | A descriptor of whether this policy is built into Microsoft Entra Conditional Access or created by an admin for the tenant. The possible values are: builtIn, custom, unknownFutureValue. Supports $filter (eq, ne, not , and in). |
| requirementsSatisfied | authenticationStrengthRequirements | A descriptor of whether this authentication strength grants the MFA claim upon successful satisfaction. The possible values are: none, mfa, unknownFutureValue. |
| Relationship | Type | Description |
|---|---|---|
| combinationConfigurations | authenticationCombinationConfiguration collection | Settings that may be used to require specific types or instances of an authentication method to be used when authenticating with a specified combination of authentication methods. |
The following JSON representation shows the resource type.
{
"@odata.type": "#microsoft.graph.authenticationStrengthPolicy",
"id": "String (identifier)",
"createdDateTime": "String (timestamp)",
"modifiedDateTime": "String (timestamp)",
"displayName": "String",
"description": "String",
"policyType": "String",
"requirementsSatisfied": "String",
"allowedCombinations": [
"String"
]
}