Microsoft Graph · Schema
microsoft.graph.policyRoot
Azure ADCollaborationContactsDocumentsEmailGraphIdentityMicrosoftOffice 365PresentationsProductivitySpreadsheetsT1Tasks
JSON Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "#/components/schemas/microsoft.graph.policyRoot",
"title": "microsoft.graph.policyRoot",
"allOf": [
{
"$ref": "#/components/schemas/microsoft.graph.entity"
},
{
"title": "policyRoot",
"required": [
"@odata.type"
],
"type": "object",
"properties": {
"activityBasedTimeoutPolicies": {
"type": "array",
"items": {
"$ref": "#/components/schemas/microsoft.graph.activityBasedTimeoutPolicy"
},
"description": "The policy that controls the idle time out for web sessions for applications.",
"x-ms-navigationProperty": true
},
"adminConsentRequestPolicy": {
"anyOf": [
{
"$ref": "#/components/schemas/microsoft.graph.adminConsentRequestPolicy"
},
{
"type": "object",
"nullable": true
}
],
"description": "The policy by which consent requests are created and managed for the entire tenant.",
"x-ms-navigationProperty": true
},
"appManagementPolicies": {
"type": "array",
"items": {
"$ref": "#/components/schemas/microsoft.graph.appManagementPolicy"
},
"description": "The policies that enforce app management restrictions for specific applications and service principals, overriding the defaultAppManagementPolicy.",
"x-ms-navigationProperty": true
},
"authenticationFlowsPolicy": {
"anyOf": [
{
"$ref": "#/components/schemas/microsoft.graph.authenticationFlowsPolicy"
},
{
"type": "object",
"nullable": true
}
],
"description": "The policy configuration of the self-service sign-up experience of external users.",
"x-ms-navigationProperty": true
},
"authenticationMethodsPolicy": {
"anyOf": [
{
"$ref": "#/components/schemas/microsoft.graph.authenticationMethodsPolicy"
},
{
"type": "object",
"nullable": true
}
],
"description": "The authentication methods and the users that are allowed to use them to sign in and perform multifactor authentication (MFA) in Microsoft Entra ID.",
"x-ms-navigationProperty": true
},
"authenticationStrengthPolicies": {
"type": "array",
"items": {
"$ref": "#/components/schemas/microsoft.graph.authenticationStrengthPolicy"
},
"description": "The authentication method combinations that are to be used in scenarios defined by Microsoft Entra Conditional Access.",
"x-ms-navigationProperty": true
},
"authorizationPolicy": {
"anyOf": [
{
"$ref": "#/components/schemas/microsoft.graph.authorizationPolicy"
},
{
"type": "object",
"nullable": true
}
],
"description": "The policy that controls Microsoft Entra authorization settings.",
"x-ms-navigationProperty": true
},
"claimsMappingPolicies": {
"type": "array",
"items": {
"$ref": "#/components/schemas/microsoft.graph.claimsMappingPolicy"
},
"description": "The claim-mapping policies for WS-Fed, SAML, OAuth 2.0, and OpenID Connect protocols, for tokens issued to a specific application.",
"x-ms-navigationProperty": true
},
"conditionalAccessPolicies": {
"type": "array",
"items": {
"$ref": "#/components/schemas/microsoft.graph.conditionalAccessPolicy"
},
"description": "The custom rules that define an access scenario.",
"x-ms-navigationProperty": true
},
"crossTenantAccessPolicy": {
"anyOf": [
{
"$ref": "#/components/schemas/microsoft.graph.crossTenantAccessPolicy"
},
{
"type": "object",
"nullable": true
}
],
"description": "The custom rules that define an access scenario when interacting with external Microsoft Entra tenants.",
"x-ms-navigationProperty": true
},
"defaultAppManagementPolicy": {
"anyOf": [
{
"$ref": "#/components/schemas/microsoft.graph.tenantAppManagementPolicy"
},
{
"type": "object",
"nullable": true
}
],
"description": "The tenant-wide policy that enforces app management restrictions for all applications and service principals.",
"x-ms-navigationProperty": true
},
"deviceRegistrationPolicy": {
"anyOf": [
{
"$ref": "#/components/schemas/microsoft.graph.deviceRegistrationPolicy"
},
{
"type": "object",
"nullable": true
}
],
"x-ms-navigationProperty": true
},
"featureRolloutPolicies": {
"type": "array",
"items": {
"$ref": "#/components/schemas/microsoft.graph.featureRolloutPolicy"
},
"description": "The feature rollout policy associated with a directory object.",
"x-ms-navigationProperty": true
},
"homeRealmDiscoveryPolicies": {
"type": "array",
"items": {
"$ref": "#/components/schemas/microsoft.graph.homeRealmDiscoveryPolicy"
},
"description": "The policy to control Microsoft Entra authentication behavior for federated users.",
"x-ms-navigationProperty": true
},
"identitySecurityDefaultsEnforcementPolicy": {
"anyOf": [
{
"$ref": "#/components/schemas/microsoft.graph.identitySecurityDefaultsEnforcementPolicy"
},
{
"type": "object",
"nullable": true
}
],
"description": "The policy that represents the security defaults that protect against common attacks.",
"x-ms-navigationProperty": true
},
"permissionGrantPolicies": {
"type": "array",
"items": {
"$ref": "#/components/schemas/microsoft.graph.permissionGrantPolicy"
},
"description": "The policy that specifies the conditions under which consent can be granted.",
"x-ms-navigationProperty": true
},
"roleManagementPolicies": {
"type": "array",
"items": {
"$ref": "#/components/schemas/microsoft.graph.unifiedRoleManagementPolicy"
},
"description": "Specifies the various policies associated with scopes and roles.",
"x-ms-navigationProperty": true
},
"roleManagementPolicyAssignments": {
"type": "array",
"items": {
"$ref": "#/components/schemas/microsoft.graph.unifiedRoleManagementPolicyAssignment"
},
"description": "The assignment of a role management policy to a role definition object.",
"x-ms-navigationProperty": true
},
"tokenIssuancePolicies": {
"type": "array",
"items": {
"$ref": "#/components/schemas/microsoft.graph.tokenIssuancePolicy"
},
"description": "The policy that specifies the characteristics of SAML tokens issued by Microsoft Entra ID.",
"x-ms-navigationProperty": true
},
"tokenLifetimePolicies": {
"type": "array",
"items": {
"$ref": "#/components/schemas/microsoft.graph.tokenLifetimePolicy"
},
"description": "The policy that controls the lifetime of a JWT access token, an ID token, or a SAML 1.1/2.0 token issued by Microsoft Entra ID.",
"x-ms-navigationProperty": true
},
"@odata.type": {
"type": "string"
}
}
}
],
"x-ms-discriminator-value": "#microsoft.graph.policyRoot"
}