🔍 Code Extractor

class AuthenticationStrengthPolicy

Maturity: 54

Represents an Azure AD authentication strength policy that defines specific combinations of authentication methods and metadata for Conditional Access scenarios.

File:
/tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/policies/authentication_strength.py
Lines:
9 - 28
Complexity:
moderate

Purpose

This class models an Azure AD authentication strength policy used in Conditional Access scenarios. It defines which authentication methods must be used to authenticate in specific scenarios and can be either built-in or custom (tenant-defined). The policy may or may not fulfill requirements to grant an MFA claim. The class extends Entity and provides functionality to query which Conditional Access policies reference this authentication strength policy.

Source Code

class AuthenticationStrengthPolicy(Entity):
    """
    A collection of settings that define specific combinations of authentication methods and metadata.
    The authentication strength policy, when applied to a given scenario using Azure AD Conditional Access,
    defines which authentication methods must be used to authenticate in that scenario. An authentication strength
    may be built-in or custom (defined by the tenant) and may or may not fulfill the requirements to grant an MFA claim.
    """

    def usage(self):
        """
        Allows the caller to see which Conditional Access policies reference a specified authentication strength policy.
        The policies are returned in two collections, one containing Conditional Access policies that require an
        MFA claim and the other containing Conditional Access policies that do not require such a claim.
        Policies in the former category are restricted in what kinds of changes may be made to them to prevent
        undermining the MFA requirement of those policies.
        """
        return_type = ClientResult(self.context, AuthenticationStrengthUsage())
        qry = FunctionQuery(self, "usage", None, return_type)
        self.context.add_query(qry)
        return return_type

Parameters

Name Type Default Kind
bases Entity -

Parameter Details

bases: Inherits from Entity class, which provides base functionality for Microsoft Graph API entities including context management and query execution capabilities

Return Value

Instantiation returns an AuthenticationStrengthPolicy object that represents an Azure AD authentication strength policy. The usage() method returns a ClientResult containing an AuthenticationStrengthUsage object that provides information about which Conditional Access policies reference this authentication strength policy, separated into those requiring MFA claims and those that don't.

Class Interface

Methods

usage(self) -> ClientResult

Purpose: Retrieves information about which Conditional Access policies reference this authentication strength policy, separated into MFA-requiring and non-MFA-requiring categories

Returns: ClientResult object containing an AuthenticationStrengthUsage instance with two collections: one for Conditional Access policies requiring MFA claims and another for policies not requiring MFA claims

Attributes

Name Type Description Scope
context ClientContext The client context inherited from Entity base class, used for executing queries against the Microsoft Graph API instance

Dependencies

  • office365.directory.authentication.strength_usage
  • office365.entity
  • office365.runtime.client_result
  • office365.runtime.queries.function

Required Imports

from office365.directory.authentication.strength_usage import AuthenticationStrengthUsage
from office365.entity import Entity
from office365.runtime.client_result import ClientResult
from office365.runtime.queries.function import FunctionQuery

Usage Example

from office365.directory.authentication.strength_policy import AuthenticationStrengthPolicy
from office365.graph_client import GraphClient

# Initialize Graph client with credentials
client = GraphClient(credentials)

# Get an authentication strength policy by ID
policy = client.policies.authentication_strength_policies.get_by_id('policy_id')
client.execute_query()

# Check which Conditional Access policies use this authentication strength
usage_result = policy.usage()
client.execute_query()

# Access the usage information
usage = usage_result.value
print(f'MFA policies: {usage.mfa}')
print(f'Non-MFA policies: {usage.none}')

Best Practices

  • Always execute queries using context.execute_query() after calling methods that return ClientResult objects
  • The usage() method returns a ClientResult that must be executed before accessing the value property
  • Be aware that policies requiring MFA claims have restrictions on what changes can be made to prevent undermining MFA requirements
  • Ensure proper Azure AD permissions are granted before attempting to query authentication strength policies
  • The class inherits from Entity, so it has access to standard entity properties like id, created_datetime, and modified_datetime
  • Use the usage() method to understand policy dependencies before making changes to authentication strength policies
  • The returned AuthenticationStrengthUsage object separates policies into MFA-requiring and non-MFA categories for easier policy management

Tags

azure-ad authentication conditional-access mfa security-policy microsoft-graph identity access-control authentication-methods

Similar Components

AI-powered semantic similarity - components with related functionality:

  • class AuthenticationStrengthUsage 81.6% similar

    A data container class that organizes Conditional Access policies into two collections based on whether they require MFA (Multi-Factor Authentication) claims or not.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/authentication/strength_usage.py

  • class AuthenticationMethodsPolicy 77.0% similar

    A class representing Azure Active Directory authentication methods policy that defines which authentication methods users can use for sign-in and multi-factor authentication (MFA).

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/policies/authentication_methods.py

  • class ConditionalAccessPolicy 74.3% similar

    Represents an Azure Active Directory conditional access policy entity that defines custom rules for access scenarios.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/policies/conditional_access.py

  • class AuthorizationPolicy 67.6% similar

    A singleton class representing Azure Active Directory authorization policy settings that control tenant-level authorization behaviors.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/policies/authorization.py

  • class TenantAppManagementPolicy 66.9% similar

    A class representing a tenant-wide application authentication method policy that enforces app management restrictions for all applications and service principals in Microsoft 365/Azure AD.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/policies/tenant_app_management.py
← Back to Browse