Authentication Strength
Conditional Access feature that specifies which authentication methods are acceptable for a given access scenario.
What is Authentication Strength?
Authentication strength moves beyond simply requiring MFA to specifying which types of MFA are acceptable. For high-security scenarios, you can require phishing-resistant methods only (FIDO2, Windows Hello), while allowing any MFA method for lower-risk access. This enables granular control over authentication assurance levels.
In Microsoft 365
Azure AD provides built-in authentication strengths (MFA, passwordless, phishing-resistant) and supports custom authentication strengths. These are applied through Conditional Access policies to require specific methods for specific scenarios—like requiring FIDO2 keys for admin access.
Examples
- 1Requiring phishing-resistant MFA for Global Administrator activation
- 2Allowing any MFA for general user access
- 3Custom strength requiring specific FIDO2 key attestation
Related TrueConfig Controls
These controls help implement and verify authentication strength in your Microsoft 365 environment.
Frequently Asked Questions
What is Authentication Strength?▼
How does Authentication Strength work in Microsoft 365?▼
What are examples of Authentication Strength?▼
Which TrueConfig controls relate to Authentication Strength?▼
Related Terms
Conditional Access
Policy-based access control that evaluates signals and enforces security requirements before granting access.
Phishing-Resistant MFA
Authentication methods that cannot be intercepted or replayed by attackers through phishing attacks.
FIDO2
An open authentication standard that enables passwordless authentication using public key cryptography.