Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Namespace: microsoft.graph
Important
APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
Represents a Microsoft Entra Conditional Access policy. Conditional access policies are custom rules that define an access scenario. For more information, see the Conditional access documentation.
Inherits from policyDeletableItem.
Methods
| Method | Return type | Description |
|---|---|---|
| List | conditionalAccessPolicy collection | Get a list of the conditionalAccessPolicy objects and their properties. |
| Create | conditionalAccessPolicy | Create a new conditionalAccessPolicy object. |
| Get | conditionalAccessPolicy | Read the properties and relationships of conditionalAccessPolicy object. |
| Update | conditionalAccessPolicy | Update the properties of a conditionalAccessPolicy object. |
| Delete | None | Delete a conditionalAccessPolicy object. |
| List deleted policies | conditionalAccessPolicy collection | List all deleted conditionalAccessPolicy objects. |
| Get deleted policy | conditionalAccessPolicy | Get a single deleted conditionalAccessPolicy object. |
| Restore | conditionalAccessPolicy | Restore a conditionalAccessPolicy object. |
| Permanently delete a soft deleted policy | None | Permanently delete a deleted conditionalAccessPolicy object. |
Properties
| Property | Type | Description |
|---|---|---|
| conditions | conditionalAccessConditionSet | Specifies the rules that must be met for the policy to apply. Required. |
| createdDateTime | DateTimeOffset | The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Readonly. |
| description | String | Not used. |
| displayName | String | Specifies a display name for the conditionalAccessPolicy object. |
| grantControls | conditionalAccessGrantControls | Specifies the grant controls that must be fulfilled to pass the policy. |
| id | String | Specifies the identifier of a conditionalAccessPolicy object. Read-only. |
| modifiedDateTime | DateTimeOffset | The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Readonly. |
| sessionControls | conditionalAccessSessionControls | Specifies the session controls that are enforced after sign-in. |
| state | conditionalAccessPolicyState | Specifies the state of the conditionalAccessPolicy object. Possible values are: enabled, disabled, enabledForReportingButNotEnforced. Required. |
| deletedDateTime | DateTimeOffset | Shows the last date and time the policy was deleted.Inherited from policyDeletableItem. |
Relationships
None.
JSON representation
The following JSON representation shows the resource type.
{
"@odata.type": "#microsoft.graph.conditionalAccessPolicy",
"deletedDateTime": "String (timestamp)",
"id": "String (identifier)",
"createdDateTime": "String (timestamp)",
"modifiedDateTime": "String (timestamp)",
"displayName": "String",
"description": "String",
"state": "String",
"conditions": {
"@odata.type": "microsoft.graph.conditionalAccessConditionSet"
},
"grantControls": {
"@odata.type": "microsoft.graph.conditionalAccessGrantControls"
},
"sessionControls": {
"@odata.type": "microsoft.graph.conditionalAccessSessionControls"
}
}