conditionalAccessConditionSet resource type
Namespace: microsoft.graph
Important
APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
Represents the type of conditions that govern when the policy applies.
Properties
| Property | Type | Description |
|---|---|---|
| applications | conditionalAccessApplications | Applications and user actions included in and excluded from the policy. Required. |
| authenticationFlows | conditionalAccessAuthenticationFlows | Authentication flows included in the policy scope. For more information, see Conditional Access: Authentication flows. |
| users | conditionalAccessUsers | Users, groups, and roles included in and excluded from the policy. Either users or clientApplications is required. |
| clientApplications | conditionalAccessClientApplications | Client applications (service principals and workload identities) included in and excluded from the policy. Either users or clientApplications is required. |
| clientAppTypes | conditionalAccessClientApp collection | Client application types included in the policy. Possible values are: all, browser, mobileAppsAndDesktopClients, exchangeActiveSync, easSupported, other. Required. The easUnsupported enumeration member is deprecated in favor of exchangeActiveSync, which includes EAS supported and unsupported platforms. |
| deviceStates | conditionalAccessDeviceStates | Device states in the policy. To be deprecated and removed. Use the devices property instead. |
| devices | conditionalAccessDevices | Devices in the policy. |
| locations | conditionalAccessLocations | Locations included in and excluded from the policy. |
| platforms | conditionalAccessPlatforms | Platforms included in and excluded from the policy. |
| servicePrincipalRiskLevels | riskLevel collection | Service principal risk levels included in the policy. Possible values are: low, medium, high, none, unknownFutureValue. |
| signInRiskLevels | riskLevel collection | Sign-in risk levels included in the policy. Possible values are: low, medium, high, hidden, none, unknownFutureValue. Required. |
| userRiskLevels | riskLevel collection | User risk levels included in the policy. Possible values are: low, medium, high, hidden, none, unknownFutureValue. Required. |
| insiderRiskLevels | conditionalAccessInsiderRiskLevels | Insider risk levels included in the policy. The possible values are: minor, moderate, elevated, unknownFutureValue. |
Relationships
None.
JSON representation
The following JSON representation shows the resource type.
{
"@odata.type": "#microsoft.graph.conditionalAccessConditionSet",
"applications": {"@odata.type": "microsoft.graph.conditionalAccessApplications"},
"users": {"@odata.type": "microsoft.graph.conditionalAccessUsers"},
"clientApplications": {"@odata.type": "microsoft.graph.conditionalAccessClientApplications"},
"clientAppTypes": ["String"],
"deviceStates": {"@odata.type": "microsoft.graph.conditionalAccessDeviceStates"},
"devices": {"@odata.type": "microsoft.graph.conditionalAccessDevices"},
"locations": {"@odata.type": "microsoft.graph.conditionalAccessLocations"},
"platforms": {"@odata.type": "microsoft.graph.conditionalAccessPlatforms"},
"servicePrincipalRiskLevels": ["String"],
"signInRiskLevels": ["String"],
"authenticationFlows": {"@odata.type": "microsoft.graph.conditionalAccessAuthenticationFlows"},
"insiderRiskLevels": "String"
}