fix: docs for authentication strength and named locations (#751)

# Pull Request Description

## Summary

[Provide a brief description of the changes in this PR]

### Issue Reference

Fixes #[Issue Number]

### Motivation and Context

- Why is this change needed?
- What problem does it solve?
- If it fixes an open issue, please link to the issue here

### Dependencies

- List any dependencies that are required for this change
- Include any configuration changes needed
- Note any version updates required

## Type of Change

Please mark the relevant option with an `x`:

- [ ] 🐛 Bug fix (non-breaking change which fixes an issue)
- [ ] ✨ New feature (non-breaking change which adds functionality)
- [ ] 💥 Breaking change (fix or feature that would cause existing
functionality to not work as expected)
- [ ] 📝 Documentation update (Wiki/README/Code comments)
- [ ] ♻️ Refactor (code improvement without functional changes)
- [ ] 🎨 Style update (formatting, renaming)
- [ ] 🔧 Configuration change
- [ ] 📦 Dependency update

## Testing

- [ ] I have added unit tests that prove my fix is effective or that my
feature works
- [ ] New and existing unit tests pass locally with my changes
- [ ] I have tested this code in the following browsers/environments:
[list environments]

## Quality Checklist

- [ ] I have reviewed my own code before requesting review
- [ ] I have verified there are no other open Pull Requests for the same
update/change
- [ ] All CI/CD pipelines pass without errors or warnings
- [ ] My code follows the established style guidelines of this project
- [ ] I have added necessary documentation (if appropriate)
- [ ] I have commented my code, particularly in complex areas
- [ ] I have made corresponding changes to the README and other relevant
documentation
- [ ] My changes generate no new warnings
- [ ] I have performed a self-review of my own code
- [ ] My code is properly formatted according to project standards

## Screenshots/Recordings (if appropriate)

[Add screenshots or recordings that demonstrate the changes]

## Additional Notes

[Add any additional information that might be helpful for reviewers]

Author: ShocOne

docs/resources/graph_beta_identity_and_access_authentication_strength.md

@@ -1,7 +1,6 @@
 ---
-# generated by https://github.com/hashicorp/terraform-plugin-docs
 page_title: "microsoft365_graph_beta_identity_and_access_authentication_strength Resource - terraform-provider-microsoft365"
-subcategory: ""
+subcategory: "Identity and Access"
 description: |-
   Manages Microsoft 365 Authentication Strength Policies using the /identity/conditionalAccess/authenticationStrength/policies endpoint. Authentication Strength Policies define authentication method combinations that can be used in Conditional Access policies. Learn more here: https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-strength-advanced-options
 ---
@@ -10,7 +9,69 @@ description: |-
 
 Manages Microsoft 365 Authentication Strength Policies using the `/identity/conditionalAccess/authenticationStrength/policies` endpoint. Authentication Strength Policies define authentication method combinations that can be used in Conditional Access policies. Learn more here: https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-strength-advanced-options
 
+## Microsoft Documentation
 
+- [namedLocation resource type](https://learn.microsoft.com/en-us/graph/api/resources/authenticationstrengthpolicy?view=graph-rest-beta)
+
+## API Permissions
+
+The following API permissions are required in order to use this resource.
+
+### Microsoft Graph
+
+- **Application**: `Policy.ReadWrite.ConditionalAccess`, `Policy.Read.All`
+
+## Version History
+
+| Version | Status | Notes |
+|---------|--------|-------|
+| v0.28.0-alpha | Experimental | Initial release |
+
+## Example Usage
+
+```terraform
+resource "microsoft365_graph_beta_identity_and_access_authentication_strength" "auth_strength_maximal" {
+  display_name = "maximal example of authentication strength combinations"
+  description  = "maximal authentication strength policy with all combinations"
+
+  allowed_combinations = [
+    "deviceBasedPush",
+    "federatedMultiFactor",
+    "federatedSingleFactor",
+    "fido2",
+    "hardwareOath,federatedSingleFactor",
+    "microsoftAuthenticatorPush,federatedSingleFactor",
+    "password",
+    "password,hardwareOath",
+    "password,microsoftAuthenticatorPush",
+    "password,sms",
+    "password,softwareOath",
+    "password,voice",
+    "qrCodePin",
+    "sms",
+    "sms,federatedSingleFactor",
+    "softwareOath,federatedSingleFactor",
+    "temporaryAccessPassMultiUse",
+    "temporaryAccessPassOneTime",
+    "voice,federatedSingleFactor",
+    "windowsHelloForBusiness",
+    "x509CertificateMultiFactor",
+    "x509CertificateSingleFactor"
+  ]
+}
+
+resource "microsoft365_graph_beta_identity_and_access_authentication_strength" "auth_strength_mfa_only" {
+  display_name = "example mfa only authentication strength policy"
+  description  = "MFA-only authentication strength policy"
+
+  allowed_combinations = [
+    "fido2",
+    "windowsHelloForBusiness",
+    "microsoftAuthenticatorPush,federatedSingleFactor",
+    "x509CertificateMultiFactor"
+  ]
+}
+```
 
 <!-- schema generated by tfplugindocs -->
 ## Schema
@@ -42,3 +103,16 @@ Optional:
 - `delete` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
 - `read` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Read operations occur during any refresh or planning operation when refresh is enabled.
 - `update` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+
+## Important Notes
+A collection of settings that define specific combinations of authentication methods and metadata. The authentication strength policy, when applied to a given scenario using Microsoft Entra Conditional Access, defines which authentication methods must be used to authenticate in that scenario. An authentication strength may be built-in or custom (defined by the tenant) and may or may not fulfill the requirements to grant an MFA claim.
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+#!/bin/bash
+# Import using composite ID format: {id}
+terraform import microsoft365_graph_beta_identity_and_access_authentication_strength.example 00000000-0000-0000-0000-000000000000
+``` 

docs/resources/graph_beta_identity_and_access_named_location.md

@@ -1,7 +1,6 @@
 ---
-# generated by https://github.com/hashicorp/terraform-plugin-docs
 page_title: "microsoft365_graph_beta_identity_and_access_named_location Resource - terraform-provider-microsoft365"
-subcategory: ""
+subcategory: "Identity and Access"
 description: |-
   Manages Microsoft 365 Named Locations using the /identity/conditionalAccess/namedLocations endpoint. Named Locations define network locations that can be used in Conditional Access policies. Supports both IP-based and country-based named locations.
 ---
@@ -10,7 +9,87 @@ description: |-
 
 Manages Microsoft 365 Named Locations using the `/identity/conditionalAccess/namedLocations` endpoint. Named Locations define network locations that can be used in Conditional Access policies. Supports both IP-based and country-based named locations.
 
+## Microsoft Documentation
 
+- [namedLocation resource type](https://learn.microsoft.com/en-us/graph/api/resources/namedlocation?view=graph-rest-beta)
+
+## API Permissions
+
+The following API permissions are required in order to use this resource.
+
+### Microsoft Graph
+
+- **Application**: `Policy.ReadWrite.ConditionalAccess`, `Policy.Read.All`
+
+## Version History
+
+| Version | Status | Notes |
+|---------|--------|-------|
+| v0.28.0-alpha | Experimental | Initial release |
+
+## Example Usage
+
+```terraform
+resource "microsoft365_graph_beta_identity_and_access_named_location" "ipv6_only" {
+  display_name = "example ipv6 named location"
+  is_trusted   = true
+
+  ipv6_ranges = [
+    "2001:db8::/32",
+    "fe80::/10"
+  ]
+}
+
+resource "microsoft365_graph_beta_identity_and_access_named_location" "ipv4_only" {
+  display_name = "example ipv4 named location"
+  is_trusted   = false
+
+  ipv4_ranges = [
+    "192.168.1.0/24"
+  ]
+}
+
+resource "microsoft365_graph_beta_identity_and_access_named_location" "ip_ranges" {
+  display_name = "example ip ranges named location"
+  is_trusted   = true
+
+  ipv4_ranges = [
+    "192.168.0.0/16",
+    "172.16.0.0/12"
+  ]
+
+  ipv6_ranges = [
+    "2001:db8::/32",
+    "fe80::/10",
+    "2001:4860:4860::/48"
+  ]
+}
+
+resource "microsoft365_graph_beta_identity_and_access_named_location" "country_client_ip" {
+  display_name                          = "example country client ip named location"
+  country_lookup_method                 = "clientIpAddress"
+  include_unknown_countries_and_regions = false
+
+  countries_and_regions = [
+    "US",
+    "CA",
+    "GB"
+  ]
+}
+
+resource "microsoft365_graph_beta_identity_and_access_named_location" "country_authenticator_gps" {
+  display_name                          = "example country authenticator gps named location"
+  country_lookup_method                 = "authenticatorAppGps"
+  include_unknown_countries_and_regions = true
+
+  countries_and_regions = [
+    "AD",
+    "AO",
+    "AI",
+    "AQ"
+  ]
+}
+```
 
 <!-- schema generated by tfplugindocs -->
 ## Schema
@@ -44,3 +123,18 @@ Optional:
 - `delete` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
 - `read` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Read operations occur during any refresh or planning operation when refresh is enabled.
 - `update` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+
+## Important Notes
+
+Represents a Microsoft Entra ID named location defined by countries and regions. Named locations are custom rules that define network locations which can then be used in a Conditional Access policy.
+Represents a Microsoft Entra ID named location defined by IP ranges. Named locations are custom rules that define network locations that can then be used in a Conditional Access policy.
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+#!/bin/bash
+# Import using composite ID format: {id}
+terraform import microsoft365_graph_beta_identity_and_access_named_location.example 00000000-0000-0000-0000-000000000000
+``` 

examples/microsoft365_graph_beta/microsoft365_graph_beta_identity_and_access_authentication_strength/import.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+# Import using composite ID format: {id}
+terraform import microsoft365_graph_beta_identity_and_access_authentication_strength.example 00000000-0000-0000-0000-000000000000
+

examples/microsoft365_graph_beta/microsoft365_graph_beta_identity_and_access_authentication_strength/resource.tf

@@ -0,0 +1,41 @@
+resource "microsoft365_graph_beta_identity_and_access_authentication_strength" "auth_strength_maximal" {
+  display_name = "maximal example of authentication strength combinations"
+  description  = "maximal authentication strength policy with all combinations"
+
+  allowed_combinations = [
+    "deviceBasedPush",
+    "federatedMultiFactor",
+    "federatedSingleFactor",
+    "fido2",
+    "hardwareOath,federatedSingleFactor",
+    "microsoftAuthenticatorPush,federatedSingleFactor",
+    "password",
+    "password,hardwareOath",
+    "password,microsoftAuthenticatorPush",
+    "password,sms",
+    "password,softwareOath",
+    "password,voice",
+    "qrCodePin",
+    "sms",
+    "sms,federatedSingleFactor",
+    "softwareOath,federatedSingleFactor",
+    "temporaryAccessPassMultiUse",
+    "temporaryAccessPassOneTime",
+    "voice,federatedSingleFactor",
+    "windowsHelloForBusiness",
+    "x509CertificateMultiFactor",
+    "x509CertificateSingleFactor"
+  ]
+}
+
+resource "microsoft365_graph_beta_identity_and_access_authentication_strength" "auth_strength_mfa_only" {
+  display_name = "example mfa only authentication strength policy"
+  description  = "MFA-only authentication strength policy"
+
+  allowed_combinations = [
+    "fido2",
+    "windowsHelloForBusiness",
+    "microsoftAuthenticatorPush,federatedSingleFactor",
+    "x509CertificateMultiFactor"
+  ]
+}

examples/microsoft365_graph_beta/microsoft365_graph_beta_identity_and_access_named_location/import.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+# Import using composite ID format: {id}
+terraform import microsoft365_graph_beta_identity_and_access_named_location.example 00000000-0000-0000-0000-000000000000
+

examples/microsoft365_graph_beta/microsoft365_graph_beta_identity_and_access_named_location/resource.tf

@@ -0,0 +1,59 @@
+resource "microsoft365_graph_beta_identity_and_access_named_location" "ipv6_only" {
+  display_name = "example ipv6 named location"
+  is_trusted   = true
+
+  ipv6_ranges = [
+    "2001:db8::/32",
+    "fe80::/10"
+  ]
+}
+
+resource "microsoft365_graph_beta_identity_and_access_named_location" "ipv4_only" {
+  display_name = "example ipv4 named location"
+  is_trusted   = false
+
+  ipv4_ranges = [
+    "192.168.1.0/24"
+  ]
+}
+
+resource "microsoft365_graph_beta_identity_and_access_named_location" "ip_ranges" {
+  display_name = "example ip ranges named location"
+  is_trusted   = true
+
+  ipv4_ranges = [
+    "192.168.0.0/16",
+    "172.16.0.0/12"
+  ]
+
+  ipv6_ranges = [
+    "2001:db8::/32",
+    "fe80::/10",
+    "2001:4860:4860::/48"
+  ]
+}
+
+resource "microsoft365_graph_beta_identity_and_access_named_location" "country_client_ip" {
+  display_name                          = "example country client ip named location"
+  country_lookup_method                 = "clientIpAddress"
+  include_unknown_countries_and_regions = false
+
+  countries_and_regions = [
+    "US",
+    "CA",
+    "GB"
+  ]
+}
+
+resource "microsoft365_graph_beta_identity_and_access_named_location" "country_authenticator_gps" {
+  display_name                          = "example country authenticator gps named location"
+  country_lookup_method                 = "authenticatorAppGps"
+  include_unknown_countries_and_regions = true
+
+  countries_and_regions = [
+    "AD",
+    "AO",
+    "AI",
+    "AQ"
+  ]
+}

templates/resources/graph_beta_identity_and_access_authentication_strength.md.tmpl

@@ -0,0 +1,43 @@
+---
+page_title: "{{.Name}} {{.Type}} - {{.ProviderName}}"
+subcategory: "Identity and Access"
+description: |-
+{{ .Description | plainmarkdown | trimspace | prefixlines "  " }}
+---
+
+# {{.Name}} ({{.Type}})
+
+{{ .Description | trimspace }}
+
+## Microsoft Documentation
+
+- [namedLocation resource type](https://learn.microsoft.com/en-us/graph/api/resources/authenticationstrengthpolicy?view=graph-rest-beta)
+
+## API Permissions
+
+The following API permissions are required in order to use this resource.
+
+### Microsoft Graph
+
+- **Application**: `Policy.ReadWrite.ConditionalAccess`, `Policy.Read.All`
+
+## Version History
+
+| Version | Status | Notes |
+|---------|--------|-------|
+| v0.28.0-alpha | Experimental | Initial release |
+
+## Example Usage
+
+{{ tffile "examples/microsoft365_graph_beta/microsoft365_graph_beta_identity_and_access_authentication_strength/resource.tf" }}
+
+{{ .SchemaMarkdown | trimspace }}
+
+## Important Notes
+A collection of settings that define specific combinations of authentication methods and metadata. The authentication strength policy, when applied to a given scenario using Microsoft Entra Conditional Access, defines which authentication methods must be used to authenticate in that scenario. An authentication strength may be built-in or custom (defined by the tenant) and may or may not fulfill the requirements to grant an MFA claim.
+
+## Import
+
+Import is supported using the following syntax:
+
+{{ codefile "shell" "examples/microsoft365_graph_beta/microsoft365_graph_beta_identity_and_access_authentication_strength/import.sh" }}