Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Namespace: microsoft.graph
Represents the type of conditions that govern when the policy applies.
Properties
| Property | Type | Description |
|---|---|---|
| applications | conditionalAccessApplications | Applications and user actions included in and excluded from the policy. Required. |
| authenticationFlows | conditionalAccessAuthenticationFlows | Authentication flows included in the policy scope. |
| clientApplications | conditionalAccessClientApplications | Client applications (service principals and workload identities) included in and excluded from the policy. Either users or clientApplications is required. |
| clientAppTypes | conditionalAccessClientApp collection | Client application types included in the policy. Possible values are: all, browser, mobileAppsAndDesktopClients, exchangeActiveSync, easSupported, other. Required. The easUnsupported enumeration member will be deprecated in favor of exchangeActiveSync, which includes EAS supported and unsupported platforms. |
| devices | conditionalAccessDevices | Devices in the policy. |
| locations | conditionalAccessLocations | Locations included in and excluded from the policy. |
| platforms | conditionalAccessPlatforms | Platforms included in and excluded from the policy. |
| servicePrincipalRiskLevels | riskLevel collection | Service principal risk levels included in the policy. Possible values are: low, medium, high, none, unknownFutureValue. |
| signInRiskLevels | riskLevel collection | Sign-in risk levels included in the policy. Possible values are: low, medium, high, hidden, none, unknownFutureValue. Required. |
| userRiskLevels | riskLevel collection | User risk levels included in the policy. Possible values are: low, medium, high, hidden, none, unknownFutureValue. Required. |
| users | conditionalAccessUsers | Users, groups, and roles included in and excluded from the policy. Either users or clientApplications is required. |
| insiderRiskLevels | conditionalAccessInsiderRiskLevels | Insider risk levels included in the policy. The possible values are: minor, moderate, elevated, unknownFutureValue. |
Relationships
None.
JSON representation
The following JSON representation shows the resource type.
{
"@odata.type": "#microsoft.graph.conditionalAccessConditionSet",
"applications": {"@odata.type": "microsoft.graph.conditionalAccessApplications"},
"clientApplications": {"@odata.type": "microsoft.graph.conditionalAccessClientApplications"},
"clientAppTypes": ["String"],
"devices": {"@odata.type": "microsoft.graph.conditionalAccessDevices"},
"locations": {"@odata.type": "microsoft.graph.conditionalAccessLocations"},
"platforms": {"@odata.type": "microsoft.graph.conditionalAccessPlatforms"},
"servicePrincipalRiskLevels": ["String"],
"signInRiskLevels": ["String"],
"userRiskLevels": ["String"],
"users": {"@odata.type": "microsoft.graph.conditionalAccessUsers"},
"insiderRiskLevels": "String",
"authenticationFlows": {"@odata.type": "microsoft.graph.conditionalAccessAuthenticationFlows"}
}