New-MgPolicyAuthenticationStrengthPolicy

Create a new custom authenticationStrengthPolicy object.

Note

To view the beta release of this cmdlet, view New-MgBetaPolicyAuthenticationStrengthPolicy

Syntax

New-MgPolicyAuthenticationStrengthPolicy
   [-ResponseHeadersVariable <String>]
   [-AdditionalProperties <Hashtable>]
   [-AllowedCombinations <String[]>]
   [-CombinationConfigurations <IMicrosoftGraphAuthenticationCombinationConfiguration[]>]
   [-CreatedDateTime <DateTime>]
   [-Description <String>]
   [-DisplayName <String>]
   [-Id <String>]
   [-ModifiedDateTime <DateTime>]
   [-PolicyType <String>]
   [-RequirementsSatisfied <String>]
   [-Headers <IDictionary>]
   [-ProgressAction <ActionPreference>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
New-MgPolicyAuthenticationStrengthPolicy
   -BodyParameter <IMicrosoftGraphAuthenticationStrengthPolicy>
   [-ResponseHeadersVariable <String>]
   [-Headers <IDictionary>]
   [-ProgressAction <ActionPreference>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

Create a new custom authenticationStrengthPolicy object.

Permissions

Permission type Least privileged permissions Higher privileged permissions
Delegated (work or school account) Policy.ReadWrite.ConditionalAccess Policy.ReadWrite.AuthenticationMethod
Delegated (personal Microsoft account) Not supported. Not supported.
Application Policy.ReadWrite.ConditionalAccess Policy.ReadWrite.AuthenticationMethod

Examples

Example 1: Code snippet

Import-Module Microsoft.Graph.Identity.SignIns

$params = @{
	displayName = "Example"
	requirementsSatisfied = "mfa"
	allowedCombinations = @(
	"fido2"
)
"combinationConfigurations@odata.context" = "https://graph.microsoft.com/v1.0/$metadata#policies/authenticationStrengthPolicies('5790842a-5bab-44c2-9cf1-b38d675b70ea')/combinationConfigurations"
combinationConfigurations = @(
	@{
		"@odata.type" = "#microsoft.graph.fido2CombinationConfiguration"
		id = "42235320-c8db-4d8c-9344-8f1ce87f734b"
		appliesToCombinations = @(
		"fido2"
	)
	allowedAAGUIDs = @(
	"de1e552d-db1d-4423-a619-566b625cdc84"
"90a3ccdf-635c-4729-a248-9b709135078f"
)
}
)
}

New-MgPolicyAuthenticationStrengthPolicy -BodyParameter $params

This example shows how to use the New-MgPolicyAuthenticationStrengthPolicy Cmdlet.

Parameters

-AdditionalProperties

Additional Parameters

Type:Hashtable
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AllowedCombinations

A collection of authentication method modes that are required be used to satify this authentication strength.

Type:String[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-BodyParameter

authenticationStrengthPolicy To construct, see NOTES section for BODYPARAMETER properties and create a hash table.

Type:IMicrosoftGraphAuthenticationStrengthPolicy
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-CombinationConfigurations

Settings that may be used to require specific types or instances of an authentication method to be used when authenticating with a specified combination of authentication methods. To construct, see NOTES section for COMBINATIONCONFIGURATIONS properties and create a hash table.

Type:IMicrosoftGraphAuthenticationCombinationConfiguration[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-CreatedDateTime

The datetime when this policy was created.

Type:DateTime
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Description

The human-readable description of this policy.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DisplayName

The human-readable display name of this policy. Supports $filter (eq, ne, not , and in).

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Headers

Optional headers that will be added to the request.

Type:IDictionary
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-Id

The unique identifier for an entity. Read-only.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ModifiedDateTime

The datetime when this policy was last modified.

Type:DateTime
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PolicyType

authenticationStrengthPolicyType

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ProgressAction

{{ Fill ProgressAction Description }}

Type:ActionPreference
Aliases:proga
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-RequirementsSatisfied

authenticationStrengthRequirements

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ResponseHeadersVariable

Optional Response Headers Variable.

Type:String
Aliases:RHV
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

Microsoft.Graph.PowerShell.Models.IMicrosoftGraphAuthenticationStrengthPolicy

System.Collections.IDictionary

Outputs

Microsoft.Graph.PowerShell.Models.IMicrosoftGraphAuthenticationStrengthPolicy

Notes

COMPLEX PARAMETER PROPERTIES

To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.

BODYPARAMETER <IMicrosoftGraphAuthenticationStrengthPolicy>: authenticationStrengthPolicy

  • [(Any) <Object>]: This indicates any property can be added to this object.
  • [Id <String>]: The unique identifier for an entity. Read-only.
  • [AllowedCombinations <String- []>]: A collection of authentication method modes that are required be used to satify this authentication strength.
  • [CombinationConfigurations <IMicrosoftGraphAuthenticationCombinationConfiguration- []>]: Settings that may be used to require specific types or instances of an authentication method to be used when authenticating with a specified combination of authentication methods.
    • [Id <String>]: The unique identifier for an entity. Read-only.
    • [AppliesToCombinations <String- []>]: Which authentication method combinations this configuration applies to. Must be an allowedCombinations object, part of the authenticationStrengthPolicy. The only possible value for fido2combinationConfigurations is 'fido2'.
  • [CreatedDateTime <DateTime?>]: The datetime when this policy was created.
  • [Description <String>]: The human-readable description of this policy.
  • [DisplayName <String>]: The human-readable display name of this policy. Supports $filter (eq, ne, not , and in).
  • [ModifiedDateTime <DateTime?>]: The datetime when this policy was last modified.
  • [PolicyType <String>]: authenticationStrengthPolicyType
  • [RequirementsSatisfied <String>]: authenticationStrengthRequirements

COMBINATIONCONFIGURATIONS <IMicrosoftGraphAuthenticationCombinationConfiguration- []>: Settings that may be used to require specific types or instances of an authentication method to be used when authenticating with a specified combination of authentication methods.

  • [Id <String>]: The unique identifier for an entity. Read-only.
  • [AppliesToCombinations <String- []>]: Which authentication method combinations this configuration applies to. Must be an allowedCombinations object, part of the authenticationStrengthPolicy. The only possible value for fido2combinationConfigurations is 'fido2'.