AuthenticationContext.ReadWrite.All

Permission Details

Application Permission

Read and write all authentication context information

Allows the app to read and update the authentication context information in your organization without a signed-in user.

Permission ID: a88eef72-fed0-4bf7-a2a9-f19df33f8b83

Delegated Permission

Read and write all authentication context information

Allows the app to read and update all authentication context information in your organization on behalf of the signed-in user.

Permission ID: ba6d575a-1344-4516-b777-1404f5593057

Properties

Microsoft Graph beta exact-category-docs

Properties is shown from beta metadata because a stable v1.0 schema is not available for this resource mapping.

Property	Type	Description
`detail`	`authenticationContextDetail`	Describes how the conditional access authentication context was triggered. A value of previouslySatisfied means the auth context was because the user already satisfied the requirements for that authentication context in some previous authentication event. A value of required means the user had to meet the authentication context requirement as part of the sign-in flow. The possible values are: required, previouslySatisfied, notApplicable, unknownFutureValue.
`id`	`String`Nullable	The identifier of an authentication context in your tenant.

JSON Representation

Microsoft Graph beta exact-category-docs

JSON representation is shown from beta metadata because a stable v1.0 schema is not available for this resource mapping.

JSON representation

{
  "@odata.type": "#microsoft.graph.authenticationContext",
  "id": "String (identifier)",
  "detail": "String"
}

Relationships

Relationships metadata is not available for this permission mapping.

View resource documentation

Graph Methods

Delegated access App-only access

Exact Microsoft Learn match

Microsoft Graph v1.0 endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

Methods
GET `/identity/conditionalAccess/authenticationContextClassReferences`
GET `/identity/conditionalAccess/authenticationContextClassReferences/{id}`
PATCH `/identity/conditionalAccess/authenticationContextClassReferences/{id}`
DELETE `/identity/conditionalAccess/authenticationContextClassReferences/{id}`

Exact Microsoft Learn match

Microsoft Graph beta endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

Methods
GET `/identity/conditionalAccess/authenticationContextClassReferences`
GET `/identity/conditionalAccess/authenticationContextClassReferences/{id}`
POST `/identity/conditionalAccess/authenticationContextClassReferences`
PATCH `/identity/conditionalAccess/authenticationContextClassReferences/{id}`
DELETE `/identity/conditionalAccess/authenticationContextClassReferences/{authenticationContextClassReferenceId}`

Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell v1.0 commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

Commands
`Get-MgIdentityConditionalAccessAuthenticationContextClassReference` /identity/conditionalAccess/authenticationContextClassReferences List authenticationContextClassReferences
`Get-MgIdentityConditionalAccessAuthenticationContextClassReference` /identity/conditionalAccess/authenticationContextClassReferences/{id} Get authenticationContextClassReference
`Remove-MgIdentityConditionalAccessAuthenticationContextClassReference` /identity/conditionalAccess/authenticationContextClassReferences/{id} Delete authenticationContextClassReference
`Update-MgIdentityConditionalAccessAuthenticationContextClassReference` /identity/conditionalAccess/authenticationContextClassReferences/{id} Create or Update authenticationContextClassReference

Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell beta commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

Commands
`Get-MgBetaIdentityConditionalAccessAuthenticationContextClassReference` /identity/conditionalAccess/authenticationContextClassReferences List authenticationContextClassReferences
`Get-MgBetaIdentityConditionalAccessAuthenticationContextClassReference` /identity/conditionalAccess/authenticationContextClassReferences/{id} Get authenticationContextClassReference
`New-MgBetaIdentityConditionalAccessAuthenticationContextClassReference` /identity/conditionalAccess/authenticationContextClassReferences Create authenticationContextClassReference
`Remove-MgBetaIdentityConditionalAccessAuthenticationContextClassReference` /identity/conditionalAccess/authenticationContextClassReferences/{authenticationContextClassReferenceId} Delete authenticationContextClassReference
`Update-MgBetaIdentityConditionalAccessAuthenticationContextClassReference` /identity/conditionalAccess/authenticationContextClassReferences/{id} Update authenticationContextClassReference

Code Examples

C# / .NET SDK

Create or Update authenticationContextClassReference

View official example on Microsoft Learn

// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Models;

var requestBody = new AuthenticationContextClassReference
{
	DisplayName = "Contoso medium",
	Description = "Medium protection level defined for Contoso policy",
	IsAvailable = true,
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Identity.ConditionalAccess.AuthenticationContextClassReferences["{authenticationContextClassReference-id}"].PatchAsync(requestBody);

JavaScript

Create or Update authenticationContextClassReference

View official example on Microsoft Learn

const options = {
	authProvider,
};

const client = Client.init(options);

const authenticationContextClassReference = {
    displayName: 'Contoso medium',
    description: 'Medium protection level defined for Contoso policy',
    isAvailable: true
};

await client.api('/identity/conditionalAccess/authenticationContextClassReferences/c1')
	.update(authenticationContextClassReference);

PowerShell

Create or Update authenticationContextClassReference

View official example on Microsoft Learn

Import-Module Microsoft.Graph.Identity.SignIns

$params = @{
	displayName = "Contoso medium"
	description = "Medium protection level defined for Contoso policy"
	isAvailable = $true
}

Update-MgIdentityConditionalAccessAuthenticationContextClassReference -AuthenticationContextClassReferenceId $authenticationContextClassReferenceId -BodyParameter $params

Python

Create or Update authenticationContextClassReference

View official example on Microsoft Learn

# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.authentication_context_class_reference import AuthenticationContextClassReference
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = AuthenticationContextClassReference(
	display_name = "Contoso medium",
	description = "Medium protection level defined for Contoso policy",
	is_available = True,
)

result = await graph_client.identity.conditional_access.authentication_context_class_references.by_authentication_context_class_reference_id('authenticationContextClassReference-id').patch(request_body)

App Registration

1

Navigate to Azure Portal

Go to App registrations in Microsoft Entra admin center

2

Add API Permission

Select your app → API permissions → Add a permission → Microsoft Graph

3

Select Permission Type

Choose Application permissions or delegated permissions and search for AuthenticationContext.ReadWrite.All

4

Grant Admin Consent

Application permissions always require admin consent.