Resource: azuread_authentication_strength_policy

Manages a Authentication Strength Policy within Azure Active Directory.

API Permissions

The following API permissions are required in order to use this resource.

When authenticated with a service principal, this resource requires the following application roles: Policy.ReadWrite.ConditionalAccess and Policy.Read.All

When authenticated with a user principal, this resource requires one of the following directory roles: Conditional Access Administrator or Global Administrator

Example Usage

resource "azuread_authentication_strength_policy" "example" {
  display_name = "Example Authentication Strength Policy"
  description  = "Policy for demo purposes"
  allowed_combinations = [
    "fido2",
    "password",
  ]
}

resource "azuread_authentication_strength_policy" "example2" {
  display_name = "Example Authentication Strength Policy"
  description  = "Policy for demo purposes with all possible combinations"
  allowed_combinations = [
    "fido2",
    "password",
    "deviceBasedPush",
    "temporaryAccessPassOneTime",
    "federatedMultiFactor",
    "federatedSingleFactor",
    "hardwareOath,federatedSingleFactor",
    "microsoftAuthenticatorPush,federatedSingleFactor",
    "password,hardwareOath",
    "password,microsoftAuthenticatorPush",
    "password,sms",
    "password,softwareOath",
    "password,voice",
    "sms",
    "sms,federatedSingleFactor",
    "softwareOath,federatedSingleFactor",
    "temporaryAccessPassMultiUse",
    "voice,federatedSingleFactor",
    "windowsHelloForBusiness",
    "x509CertificateMultiFactor",
    "x509CertificateSingleFactor",
  ]
}

Argument Reference

The following arguments are supported:

Attributes Reference

In addition to all arguments above, the following attributes are exported:

Import

Authentication Strength Policies can be imported using the id, e.g.

terraform import azuread_authentication_strength_policy.my_policy 00000000-0000-0000-0000-000000000000