Anteckning
Åtkomst till den här sidan kräver auktorisering. Du kan prova att logga in eller ändra kataloger.
Åtkomst till den här sidan kräver auktorisering. Du kan prova att ändra kataloger.
Namespace: microsoft.graph
Represents grant controls that must be fulfilled to pass the policy.
Properties
| Property | Type | Description |
|---|---|---|
| builtInControls | conditionalAccessGrantControl collection | List of values of built-in controls required by the policy. Possible values: block, mfa, compliantDevice, domainJoinedDevice, approvedApplication, compliantApplication, passwordChange, unknownFutureValue. |
| customAuthenticationFactors | String collection | List of custom controls IDs required by the policy. For more information, see Custom controls. |
| operator | String | Defines the relationship of the grant controls. Possible values: AND, OR. |
| termsOfUse | String collection | List of terms of use IDs required by the policy. |
Special considerations when using passwordChange as a control
Consider the following when you use the passwordChange control:
passwordChangemust be accompanied bymfausing anANDoperator. This combination ensures that the password is updated in a secure way.passwordChangemust be used in a policy containinguserRiskLevels. This is designed to enable scenarios where users must use a secure change password to reset their user risk.- The policy should target
allapplications, and not exclude any applications. - The policy can't contain any other condition except
users,applications, anduserRiskLevels.
Relationships
| Relationship | Type | Description |
|---|---|---|
| authenticationStrength | authenticationStrengthPolicy | The authentication strength required by the conditional access policy. Optional. |
JSON representation
The following JSON representation shows the resource type.
{
"builtInControls": ["String"],
"customAuthenticationFactors": ["String"],
"operator": "String",
"termsOfUse": ["String"]
}