列出 authenticationStrengthPolicies

命名空间:microsoft.graph

重要

Microsoft Graph /beta 版本下的 API 可能会发生更改。 不支持在生产应用程序中使用这些 API。 若要确定 API 是否在 v1.0 中可用,请使用 版本 选择器。

获取 authenticationStrengthPolicy 对象及其属性的列表。 此 API 返回内置策略和自定义策略。

此 API 可用于以下国家级云部署

全局服务 美国政府 L4 美国政府 L5 (DOD) 由世纪互联运营的中国

权限

为此 API 选择标记为最低特权的权限。 只有在应用需要它时,才使用更高的特权权限。 有关委派权限和应用程序权限的详细信息,请参阅权限类型。 要了解有关这些权限的详细信息,请参阅 权限参考

权限类型 最低特权权限 更高特权权限
委派(工作或学校帐户) Policy.Read.All Policy.ReadWrite.ConditionalAccess、Policy.ReadWrite.AuthenticationMethod
委派(个人 Microsoft 帐户) 不支持。 不支持。
应用程序 Policy.Read.All Policy.ReadWrite.ConditionalAccess、Policy.ReadWrite.AuthenticationMethod

重要

在具有工作或学校帐户的委托方案中,必须为登录用户分配受支持的Microsoft Entra角色或具有支持的角色权限的自定义角色。 此操作支持以下最低特权角色。

  • 条件访问管理员
  • 安全管理员
  • 安全信息读取者

HTTP 请求

GET /policies/authenticationStrengthPolicies

可选的查询参数

此方法支持 和 filterpolicyName 属性上的 policyType OData 查询参数,以帮助自定义响应。 若要了解一般信息,请参阅 OData 查询参数

请求标头

名称 说明
Authorization 持有者 {token}。 必填。 详细了解 身份验证和授权

请求正文

请勿提供此方法的请求正文。

响应

如果成功,此方法在响应正文中返回响应 200 OK 代码和 authenticationStrengthPolicy 对象的集合。

示例

示例 1:获取所有身份验证强度策略

请求

以下示例显示了一个请求。

GET https://graph.microsoft.com/beta/policies/authenticationStrengthPolicies

响应

以下示例显示了相应的响应。

注意:为了提高可读性,可能缩短了此处显示的响应对象。

HTTP/1.1 200 OK
Content-Type: application/json

{
  "value": [
    {
      "@odata.type" : "authenticationStrengthPolicy",
      "id": "7d718ef4-5493-4313-a52c-7401b7df3a9c",
      "createdDateTime": "2022-09-30T10:59:01Z",
      "modifiedDateTime": "2022-09-30T10:59:01Z",
      "displayName": "Contoso authentication level",
      "description": "The only authentication level allowed to access our secret apps",
      "policyType": "custom",
      "requirementsSatisfied": "mfa",
      "allowedCombinations": [
        "x509CertificateSingleFactor, fido2",
        "fido2"
      ],
      "combinationConfigurations": [
        {
          "@odata.type" : "fido2CombinationConfiguration",
          "id": "675ff4e1-7c6d-4a7f-9803-ad084d1b45b3",
          "allowedAAGUIDs": [
            "2ac80ddb-17bd-4575-b41c-0dc37ae3290d"
          ],
          "appliesToCombinations": ["fido2"]
        }
      ]
    },
    {
      "@odata.type" : "authenticationStrengthPolicy",
      "id": "00000000-0000-0000-0000-000000000002",
      "createdDateTime": "2022-09-30T10:59:01Z",
      "modifiedDateTime": "2022-09-30T10:59:01Z",
      "displayName": "Multifactor authentication",
      "description": "Combinations of methods that satisfy strong authentication, such as a password + SMS",
      "policyType": "builtIn",
      "requirementsSatisfied": "mfa",
      "allowedCombinations": [
        "windowsHelloForBusiness",
        "fido2",
        "x509CertificateMultiFactor",
        "deviceBasedPush",
        "temporaryAccessPassOneTime",
        "temporaryAccessPassMultiUse",
        "password, microsoftAuthenticatorPush",
        "password, softwareOath",
        "password, hardwareOath",
        "password, sms",
        "password, voice",
        "federatedMultiFactor",
        "federatedSingleFactor, microsoftAuthenticatorPush",
        "federatedSingleFactor, softwareOath",
        "federatedSingleFactor, hardwareOath",
        "federatedSingleFactor, sms",
        "federatedSingleFactor, voice"
      ],
      "combinationConfigurations": []
    },
    {
      "@odata.type" : "authenticationStrengthPolicy",
      "id": "00000000-0000-0000-0000-000000000003",
      "createdDateTime": "2022-09-30T10:59:01Z",
      "modifiedDateTime": "2022-09-30T10:59:01Z",
      "displayName": "Passwordless MFA",
      "description": "Passwordless methods that satisfy strong authentication, such as Passwordless sign-in with the Microsoft Authenticator",
      "policyType": "builtIn",
      "requirementsSatisfied": "mfa",
      "allowedCombinations": [
        "windowsHelloForBusiness",
        "fido2",
        "x509CertificateMultiFactor",
        "deviceBasedPush"
      ],
      "combinationConfigurations": []
    },
    {
      "@odata.type" : "authenticationStrengthPolicy",
      "id": "00000000-0000-0000-0000-000000000004",
      "createdDateTime": "2022-09-30T10:59:01Z",
      "modifiedDateTime": "2022-09-30T10:59:01Z",
      "displayName": "Phishing resistant MFA",
      "description": "Phishing resistant, Passwordless methods for the strongest authentication, such as a FIDO2 security key",
      "policyType": "builtIn",
      "requirementsSatisfied": "mfa",
      "allowedCombinations": [
        "windowsHelloForBusiness",
        "fido2",
        "x509CertificateMultiFactor"
      ],
      "combinationConfigurations": []
    }
  ]
}

示例 2:获取包含特定身份验证方法模式的策略

请求

以下示例显示了一个请求。

GET https://graph.microsoft.com/beta/policies/authenticationStrengthPolicies?$filter=allowedCombinations/any(x:x has 'sms, password')

响应

以下示例显示了相应的响应。

注意:为了提高可读性,可能缩短了此处显示的响应对象。

HTTP/1.1 200 OK
Content-Type: application/json

{
    "@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/authenticationStrengthPolicies",
    "value": [
        {
            "id": "00000000-0000-0000-0000-000000000002",
            "createdDateTime": "2021-12-01T00:00:00Z",
            "modifiedDateTime": "2021-12-01T00:00:00Z",
            "displayName": "Multifactor authentication",
            "description": "Combinations of methods that satisfy strong authentication, such as a password + SMS",
            "policyType": "builtIn",
            "requirementsSatisfied": "mfa",
            "allowedCombinations": [
                "windowsHelloForBusiness",
                "fido2",
                "x509CertificateMultiFactor",
                "deviceBasedPush",
                "temporaryAccessPassOneTime",
                "temporaryAccessPassMultiUse",
                "password,microsoftAuthenticatorPush",
                "password,softwareOath",
                "password,hardwareOath",
                "password,sms",
                "password,voice",
                "federatedMultiFactor",
                "microsoftAuthenticatorPush,federatedSingleFactor",
                "softwareOath,federatedSingleFactor",
                "hardwareOath,federatedSingleFactor",
                "sms,federatedSingleFactor",
                "voice,federatedSingleFactor"
            ],
            "combinationConfigurations@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/authenticationStrengthPolicies('00000000-0000-0000-0000-000000000002')/combinationConfigurations",
            "combinationConfigurations": []
        }
    ]
}