appliedConditionalAccessPolicy resource type
Namespace: microsoft.graph
Important
APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
Indicates the attributes related to applied conditional access policy or policies that are triggered by the corresponding sign-in activity.
Properties
| Property | Type | Description |
|---|---|---|
| authenticationStrength | authenticationStrength | The custom authentication strength enforced in a Conditional Access policy. |
| conditionsNotSatisfied | conditionalAccessConditions | Refers to the conditional access policy conditions that are not satisfied. The possible values are: none, application, users, devicePlatform, location, clientType, signInRisk, userRisk, time, deviceState, client,ipAddressSeenByAzureAD,ipAddressSeenByResourceProvider,unknownFutureValue,servicePrincipals,servicePrincipalRisk. Note that you must use the Prefer: include-unknown-enum-members request header to get the following values in this evolvable enum: servicePrincipals,servicePrincipalRisk. |
| conditionsSatisfied | conditionalAccessConditions | Refers to the conditional access policy conditions that are satisfied. The possible values are: none, application, users, devicePlatform, location, clientType, signInRisk, userRisk, time, deviceState, client,ipAddressSeenByAzureAD,ipAddressSeenByResourceProvider,unknownFutureValue,servicePrincipals,servicePrincipalRisk. Note that you must use the Prefer: include-unknown-enum-members request header to get the following values in this evolvable enum: servicePrincipals,servicePrincipalRisk. |
| displayName | String | Name of the conditional access policy. |
| enforcedGrantControls | String collection | Refers to the grant controls enforced by the conditional access policy (example: “Require multi-factor authentication”). |
| enforcedSessionControls | String collection | Refers to the session controls enforced by the conditional access policy (example: “Require app enforced controls”). |
| excludeRulesSatisfied | conditionalAccessRuleSatisfied collection | List of key-value pairs containing each matched exclude condition in the conditional access policy. Example: [{"devicePlatform" : "DevicePlatform"}] means the policy didn’t apply, because the DevicePlatform condition was a match. |
| id | String | Identifier of the conditional access policy. |
| includeRulesSatisfied | conditionalAccessRuleSatisfied collection | List of key-value pairs containing each matched include condition in the conditional access policy. Example: [{ "application" : "AllApps"}, {"users": "Group"}], meaning Application condition was a match because AllApps are included and Users condition was a match because the user was part of the included Group rule. |
| result | appliedConditionalAccessPolicyResult | Indicates the result of the CA policy that was triggered. Possible values are: success, failure, notApplied (Policy isn't applied because policy conditions were not met),notEnabled (This is due to the policy in disabled state), unknown, unknownFutureValue, reportOnlySuccess, reportOnlyFailure, reportOnlyNotApplied, reportOnlyInterrupted. Note that you must use the Prefer: include-unknown-enum-members request header to get the following values in this evolvable enum: reportOnlySuccess, reportOnlyFailure, reportOnlyNotApplied, reportOnlyInterrupted. |
| sessionControlsNotSatisfied | String collection | Refers to the session controls that a sign-in activity did not satisfy. (Example: Application enforced Restrictions). |
JSON representation
The following is a JSON representation of the resource.
{
"@odata.type": "#microsoft.graph.appliedConditionalAccessPolicy",
"id": "String (identifier)",
"authenticationStrength": {"@odata.type": "microsoft.graph.authenticationStrength"},
"displayName": "String",
"enforcedGrantControls": [
"String"
],
"enforcedSessionControls": [
"String"
],
"conditionsSatisfied": "String",
"conditionsNotSatisfied": "String",
"includeRulesSatisfied": [
{
"@odata.type": "microsoft.graph.conditionalAccessRuleSatisfied"
}
],
"excludeRulesSatisfied": [
{
"@odata.type": "microsoft.graph.conditionalAccessRuleSatisfied"
}
],
"result": "String"
}
Feedback
Submit and view feedback for