title | description | author | ms.reviewer | ms.localizationpriority | ms.subservice | doc_type |
---|---|---|---|---|---|---|
authenticationStrengthPolicy resource type |
A collection of settings that define specific combinations of authentication methods and metadata. The authentication strength policy, when applied to a given scenario using Microsoft Entra Conditional Access, defines which authentication methods must be used to authenticate in that scenario. |
InbarckMS |
conditionalaccesspm |
medium |
entra-sign-in |
resourcePageType |
Namespace: microsoft.graph
[!INCLUDE beta-disclaimer]
A collection of settings that define specific combinations of authentication methods and metadata. The authentication strength policy, when applied to a given scenario using Microsoft Entra Conditional Access, defines which authentication methods must be used to authenticate in that scenario. An authentication strength may be built-in or custom (defined by the tenant) and may or may not fulfill the requirements to grant an MFA claim.
Inherits from entity.
Method | Return type | Description |
---|---|---|
List | authenticationStrengthPolicy collection | Get a list of the authenticationStrengthPolicy objects and their properties. |
Create | authenticationStrengthPolicy | Create a new custom authenticationStrengthPolicy object. |
Get | authenticationStrengthPolicy | Read the properties and relationships of an authenticationStrengthPolicy object. |
Update | authenticationStrengthPolicy | Update the properties of a custom authenticationStrengthPolicy object. You can't update a built-in authenticationStrengthPolicy object. |
Delete | None | Delete a custom authenticationStrengthPolicy object. You can't delete a built-in authenticationStrengthPolicy object. |
List usage | authenticationStrengthUsage | Find all conditionalAccessPolicies that reference an authentication strength. |
Find by method mode (deprecated) | authenticationStrengthPolicy collection | Find an authenticationStrengthPolicy by allowed mode. |
Property | Type | Description |
---|---|---|
allowedCombinations | authenticationMethodModes collection | A collection of authentication method modes that are required be used to satify this authentication strength. |
createdDateTime | DateTimeOffset | The datetime when this policy was created. |
description | String | The human-readable description of this policy. |
displayName | String | The human-readable display name of this policy. Supports $filter (eq , ne , not , and in ). |
id | String | The system-generated identifier for this mode. Inherited from entity. |
modifiedDateTime | DateTimeOffset | The datetime when this policy was last modified. |
policyType | authenticationStrengthPolicyType | A descriptor of whether this policy is built into Microsoft Entra Conditional Access or created by an admin for the tenant. The possible values are: builtIn , custom , unknownFutureValue . Supports $filter (eq , ne , not , and in ). |
requirementsSatisfied | authenticationStrengthRequirements | A descriptor of whether this authentication strength grants the MFA claim upon successful satisfaction. The possible values are: none , mfa , unknownFutureValue . |
Relationship | Type | Description |
---|---|---|
combinationConfigurations | authenticationCombinationConfiguration collection | Settings that may be used to require specific types or instances of an authentication method to be used when authenticating with a specified combination of authentication methods. |
The following JSON representation shows the resource type.
{
"@odata.type": "#microsoft.graph.authenticationStrengthPolicy",
"id": "String (identifier)",
"createdDateTime": "String (timestamp)",
"modifiedDateTime": "String (timestamp)",
"displayName": "String",
"description": "String",
"policyType": "String",
"requirementsSatisfied": "String",
"allowedCombinations": [
"String"
]
}