Microsoft Graph · Schema
conditionalAccessConditionSet
Azure ADCollaborationContactsDocumentsEmailGraphIdentityMicrosoftOffice 365PresentationsProductivitySpreadsheetsT1Tasks
Properties
| Name | Type | Description |
|---|---|---|
| applications | object | Applications and user actions included in and excluded from the policy. Required. |
| authenticationFlows | object | Authentication flows included in the policy scope. |
| clientApplications | object | Client applications (service principals and workload identities) included in and excluded from the policy. Either users or clientApplications is required. |
| clientAppTypes | array | Client application types included in the policy. The possible values are: all, browser, mobileAppsAndDesktopClients, exchangeActiveSync, easSupported, other. Required. The easUnsupported enumeration m |
| devices | object | Devices in the policy. |
| insiderRiskLevels | object | Insider risk levels included in the policy. The possible values are: minor, moderate, elevated, unknownFutureValue. |
| locations | object | Locations included in and excluded from the policy. |
| platforms | object | Platforms included in and excluded from the policy. |
| servicePrincipalRiskLevels | array | Service principal risk levels included in the policy. The possible values are: low, medium, high, none, unknownFutureValue. |
| signInRiskLevels | array | Sign-in risk levels included in the policy. The possible values are: low, medium, high, hidden, none, unknownFutureValue. Required. |
| userRiskLevels | array | User risk levels included in the policy. The possible values are: low, medium, high, hidden, none, unknownFutureValue. Required. |
| users | object | Users, groups, and roles included in and excluded from the policy. Either users or clientApplications is required. |
| @odata.type | string |
JSON Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "#/components/schemas/microsoft.graph.conditionalAccessConditionSet",
"title": "conditionalAccessConditionSet",
"required": [
"@odata.type"
],
"type": "object",
"properties": {
"applications": {
"anyOf": [
{
"$ref": "#/components/schemas/microsoft.graph.conditionalAccessApplications"
},
{
"type": "object",
"nullable": true
}
],
"description": "Applications and user actions included in and excluded from the policy. Required."
},
"authenticationFlows": {
"anyOf": [
{
"$ref": "#/components/schemas/microsoft.graph.conditionalAccessAuthenticationFlows"
},
{
"type": "object",
"nullable": true
}
],
"description": "Authentication flows included in the policy scope."
},
"clientApplications": {
"anyOf": [
{
"$ref": "#/components/schemas/microsoft.graph.conditionalAccessClientApplications"
},
{
"type": "object",
"nullable": true
}
],
"description": "Client applications (service principals and workload identities) included in and excluded from the policy. Either users or clientApplications is required."
},
"clientAppTypes": {
"type": "array",
"items": {
"$ref": "#/components/schemas/microsoft.graph.conditionalAccessClientApp"
},
"description": "Client application types included in the policy. The possible values are: all, browser, mobileAppsAndDesktopClients, exchangeActiveSync, easSupported, other. Required. The easUnsupported enumeration member will be deprecated in favor of exchangeActiveSync, which includes EAS supported and unsupported platforms."
},
"devices": {
"anyOf": [
{
"$ref": "#/components/schemas/microsoft.graph.conditionalAccessDevices"
},
{
"type": "object",
"nullable": true
}
],
"description": "Devices in the policy."
},
"insiderRiskLevels": {
"anyOf": [
{
"$ref": "#/components/schemas/microsoft.graph.conditionalAccessInsiderRiskLevels"
},
{
"type": "object",
"nullable": true
}
],
"description": "Insider risk levels included in the policy. The possible values are: minor, moderate, elevated, unknownFutureValue."
},
"locations": {
"anyOf": [
{
"$ref": "#/components/schemas/microsoft.graph.conditionalAccessLocations"
},
{
"type": "object",
"nullable": true
}
],
"description": "Locations included in and excluded from the policy."
},
"platforms": {
"anyOf": [
{
"$ref": "#/components/schemas/microsoft.graph.conditionalAccessPlatforms"
},
{
"type": "object",
"nullable": true
}
],
"description": "Platforms included in and excluded from the policy."
},
"servicePrincipalRiskLevels": {
"type": "array",
"items": {
"$ref": "#/components/schemas/microsoft.graph.riskLevel"
},
"description": "Service principal risk levels included in the policy. The possible values are: low, medium, high, none, unknownFutureValue."
},
"signInRiskLevels": {
"type": "array",
"items": {
"$ref": "#/components/schemas/microsoft.graph.riskLevel"
},
"description": "Sign-in risk levels included in the policy. The possible values are: low, medium, high, hidden, none, unknownFutureValue. Required."
},
"userRiskLevels": {
"type": "array",
"items": {
"$ref": "#/components/schemas/microsoft.graph.riskLevel"
},
"description": "User risk levels included in the policy. The possible values are: low, medium, high, hidden, none, unknownFutureValue. Required."
},
"users": {
"anyOf": [
{
"$ref": "#/components/schemas/microsoft.graph.conditionalAccessUsers"
},
{
"type": "object",
"nullable": true
}
],
"description": "Users, groups, and roles included in and excluded from the policy. Either users or clientApplications is required."
},
"@odata.type": {
"type": "string"
}
}
}