conditionalAccessConditionSet resource type

Namespace: microsoft.graph

Represents the type of conditions that govern when the policy applies.

Properties

Property Type Description
applications conditionalAccessApplications Applications and user actions included in and excluded from the policy. Required.
authenticationFlows conditionalAccessAuthenticationFlows Authentication flows included in the policy scope.
clientApplications conditionalAccessClientApplications Client applications (service principals and workload identities) included in and excluded from the policy. Either users or clientApplications is required.
clientAppTypes conditionalAccessClientApp collection Client application types included in the policy. Possible values are: all, browser, mobileAppsAndDesktopClients, exchangeActiveSync, easSupported, other. Required.

The easUnsupported enumeration member will be deprecated in favor of exchangeActiveSync, which includes EAS supported and unsupported platforms.
devices conditionalAccessDevices Devices in the policy.
locations conditionalAccessLocations Locations included in and excluded from the policy.
platforms conditionalAccessPlatforms Platforms included in and excluded from the policy.
servicePrincipalRiskLevels riskLevel collection Service principal risk levels included in the policy. Possible values are: low, medium, high, none, unknownFutureValue.
signInRiskLevels riskLevel collection Sign-in risk levels included in the policy. Possible values are: low, medium, high, hidden, none, unknownFutureValue. Required.
userRiskLevels riskLevel collection User risk levels included in the policy. Possible values are: low, medium, high, hidden, none, unknownFutureValue. Required.
users conditionalAccessUsers Users, groups, and roles included in and excluded from the policy. Either users or clientApplications is required.
insiderRiskLevels conditionalAccessInsiderRiskLevels Insider risk levels included in the policy. The possible values are: minor, moderate, elevated, unknownFutureValue.

Relationships

None.

JSON representation

The following JSON representation shows the resource type.

{
  "@odata.type": "#microsoft.graph.conditionalAccessConditionSet",
  "applications": {"@odata.type": "microsoft.graph.conditionalAccessApplications"},
  "clientApplications": {"@odata.type": "microsoft.graph.conditionalAccessClientApplications"},
  "clientAppTypes": ["String"],
  "devices": {"@odata.type": "microsoft.graph.conditionalAccessDevices"},
  "locations": {"@odata.type": "microsoft.graph.conditionalAccessLocations"},
  "platforms": {"@odata.type": "microsoft.graph.conditionalAccessPlatforms"},
  "servicePrincipalRiskLevels": ["String"],
  "signInRiskLevels": ["String"],
  "userRiskLevels": ["String"],
  "users": {"@odata.type": "microsoft.graph.conditionalAccessUsers"},
  "insiderRiskLevels": "String",
  "authenticationFlows": {"@odata.type": "microsoft.graph.conditionalAccessAuthenticationFlows"}
}