🔍 Code Extractor

A data container class that organizes Conditional Access policies into two collections based on whether they require MFA (Multi-Factor Authentication) claims or not.

Purpose

This class serves as a structured representation of authentication strength usage across Conditional Access policies in Microsoft 365/Azure AD environments. It categorizes policies that reference a specific authentication strength into two groups: those requiring MFA claims and those that don't. This is useful for auditing, reporting, and managing authentication requirements across an organization's security policies.

Source Code

class AuthenticationStrengthUsage(ClientValue):
    """
    An object containing two collections of Conditional Access policies that reference the specified authentication
    strength. One collection references Conditional Access policies that require an MFA claim; the other collection
    references Conditional Access policies that don't require such a claim.
    """

    def __init__(self, mfa=None, none=None):
        """
        :param list[ConditionalAccessPolicy] mfa: A collection of Conditional Access policies that reference the
             specified authentication strength policy and that require an MFA claim.
        :param list[ConditionalAccessPolicy] none: A collection of Conditional Access policies that reference the
             specified authentication strength policy and that do not require an MFA claim.
        """
        self.mfa = ClientValueCollection(ConditionalAccessPolicy, mfa)
        self.none = ClientValueCollection(ConditionalAccessPolicy, none)

Parameters

Parameter Details

mfa: A list of ConditionalAccessPolicy objects representing policies that reference the specified authentication strength and require an MFA claim. Can be None or an empty list if no such policies exist. This parameter is optional and defaults to None.

none: A list of ConditionalAccessPolicy objects representing policies that reference the specified authentication strength but do not require an MFA claim. Can be None or an empty list if no such policies exist. This parameter is optional and defaults to None.

Return Value

Instantiation returns an AuthenticationStrengthUsage object with two attributes: 'mfa' and 'none', both of which are ClientValueCollection instances containing ConditionalAccessPolicy objects. These collections can be iterated over or accessed like lists to retrieve individual policies.

Class Interface

Methods

Attributes

Dependencies

• office365

Required Imports

from office365.directory.policies.conditional_access import ConditionalAccessPolicy
from office365.runtime.client_value import ClientValue
from office365.runtime.client_value_collection import ClientValueCollection

Usage Example

from office365.directory.policies.conditional_access import ConditionalAccessPolicy
from office365.runtime.client_value_collection import ClientValueCollection

# Create sample policies (normally retrieved from Microsoft Graph API)
policy1 = ConditionalAccessPolicy()
policy2 = ConditionalAccessPolicy()
policy3 = ConditionalAccessPolicy()

# Instantiate with policies requiring MFA and policies not requiring MFA
auth_strength_usage = AuthenticationStrengthUsage(
    mfa=[policy1, policy2],
    none=[policy3]
)

# Access MFA-required policies
for policy in auth_strength_usage.mfa:
    print(f"MFA Policy: {policy}")

# Access non-MFA policies
for policy in auth_strength_usage.none:
    print(f"Non-MFA Policy: {policy}")

# Can also instantiate with empty collections
auth_strength_usage_empty = AuthenticationStrengthUsage()

Best Practices

• This class is primarily a data container and should be instantiated with ConditionalAccessPolicy objects retrieved from Microsoft Graph API
• The class inherits from ClientValue, indicating it's part of the Office365 SDK's value object pattern for representing API responses
• Both 'mfa' and 'none' attributes are automatically wrapped in ClientValueCollection, providing collection-like behavior
• This class is immutable after construction - attributes are set in __init__ and not modified afterward
• When passing None to either parameter, an empty ClientValueCollection will be created automatically
• This class is typically not instantiated directly by users but rather returned as part of API responses when querying authentication strength usage
• The class does not perform any validation or business logic - it's purely for data organization and transport

Tags

Similar Components

AI-powered semantic similarity - components with related functionality:

• class AuthenticationStrengthPolicy 81.6% similar

  Represents an Azure AD authentication strength policy that defines specific combinations of authentication methods and metadata for Conditional Access scenarios.

  From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/policies/authentication_strength.py

• class AuthenticationMethodsPolicy 66.1% similar

  A class representing Azure Active Directory authentication methods policy that defines which authentication methods users can use for sign-in and multi-factor authentication (MFA).

  From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/policies/authentication_methods.py

• class ConditionalAccessPolicy 61.7% similar

  Represents an Azure Active Directory conditional access policy entity that defines custom rules for access scenarios.

  From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/policies/conditional_access.py

• class UserRegistrationDetails 58.1% similar

  A data class representing the authentication and security registration state of a user, including MFA, passwordless, and self-service password reset capabilities.

  From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/authentication/methods/details.py

• class AuthenticationMethodsRoot 57.2% similar

  A container class for navigating and accessing Azure AD authentication methods resources, providing access to user registration details and authentication method statistics.

  From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/authentication/methods/root.py