From 5e2f75271af9f7fdcbe2155e7881a5a295d53217 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Queda?= Date: Fri, 22 May 2026 12:54:08 +0100 Subject: [PATCH] Update role requirements for custom authentication strength Doc mentioned that doing this action required at least Security Administrator, which is not correct (according to https://learn.microsoft.com/en-us/graph/api/authenticationstrengthpolicy-update?view=graph-rest-1.0&tabs=http), since Conditional Access Administrator also allows to perform the action and is arguably less privileged. So, changed the doc to indicate that either Conditional Access Administrator or Security Administrator can do it. Alternatively, Security Administrator can be removed all together, leaving only Conditional Access Administrator. --- .../concept-authentication-strength-advanced-options.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/identity/authentication/concept-authentication-strength-advanced-options.md b/docs/identity/authentication/concept-authentication-strength-advanced-options.md index 4366c11d7fe..943d4dc31cb 100644 --- a/docs/identity/authentication/concept-authentication-strength-advanced-options.md +++ b/docs/identity/authentication/concept-authentication-strength-advanced-options.md @@ -18,7 +18,7 @@ An authentication strength is a Microsoft Entra Conditional Access control that ## Create a custom authentication strength -1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Security Administrator](~/identity/role-based-access-control/permissions-reference.md#security-administrator). +1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Conditional Access Administrator](~/identity/role-based-access-comtrol/permissions-reference.md#conditional-access-administrator) or [Security Administrator](~/identity/role-based-access-control/permissions-reference.md#security-administrator). 1. Browse to **Entra ID** > **Authentication methods** > **Authentication strengths**.