conditionalAccessGrantControls resource type
Namespace: microsoft.graph
Represents grant controls that must be fulfilled to pass the policy.
Properties
Property | Type | Description |
---|---|---|
builtInControls | conditionalAccessGrantControl collection | List of values of built-in controls required by the policy. Possible values: block , mfa , compliantDevice , domainJoinedDevice , approvedApplication , compliantApplication , passwordChange , unknownFutureValue . |
customAuthenticationFactors | String collection | List of custom controls IDs required by the policy. For more information, see Custom controls. |
operator | String | Defines the relationship of the grant controls. Possible values: AND , OR . |
termsOfUse | String collection | List of terms of use IDs required by the policy. |
Special considerations when using passwordChange
as a control
Consider the following when you use the passwordChange
control:
passwordChange
must be accompanied bymfa
using anAND
operator. This combination ensures that the password is updated in a secure way.passwordChange
must be used in a policy containinguserRiskLevels
. This is designed to enable scenarios where users must use a secure change password to reset their user risk.- The policy should target
all
applications, and not exclude any applications. - The policy can't contain any other condition except
users
,applications
, anduserRiskLevels
.
Relationships
Relationship | Type | Description |
---|---|---|
authenticationStrength | authenticationStrengthPolicy | The authentication strength required by the conditional access policy. Optional. |
JSON representation
The following JSON representation shows the resource type.
{
"builtInControls": ["String"],
"customAuthenticationFactors": ["String"],
"operator": "String",
"termsOfUse": ["String"]
}