One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.
Permission type
Permissions (from least to most privileged)
Delegated (work or school account)
Policy.Read.All, Policy.ReadWrite.ConditionalAccess and Application.Read.All
Delegated (personal Microsoft account)
Not supported.
Application
Policy.Read.All, Policy.ReadWrite.ConditionalAccess and Application.Read.All
Note
This API has a known issue related to permissions.
HTTP request
PATCH /identity/conditionalAccess/policies/{id}
Request headers
Name
Description
Authorization
Bearer {token}. Required.
Content-Type
application/json. Required.
Request body
In the request body, supply the values for relevant fields that should be updated. Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values. For best performance, don't include existing values that haven't changed.
var graphClient = new GraphServiceClient(requestAdapter);
var requestBody = new ConditionalAccessPolicy
{
Conditions = new ConditionalAccessConditionSet
{
SignInRiskLevels = new List<RiskLevel?>
{
RiskLevel.High,
RiskLevel.Medium,
RiskLevel.Low,
},
},
};
var result = await graphClient.Identity.ConditionalAccess.Policies["{conditionalAccessPolicy-id}"].PatchAsync(requestBody);
<?php
// THIS SNIPPET IS A PREVIEW FOR THE KIOTA BASED SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($requestAdapter);
$requestBody = new ConditionalAccessPolicy();
$conditions = new ConditionalAccessConditionSet();
$conditions->setSignInRiskLevels([$conditions->setRiskLevel(new RiskLevel('high'));
$conditions->setRiskLevel(new RiskLevel('medium'));
$conditions->setRiskLevel(new RiskLevel('low'));
]);
$requestBody->setConditions($conditions);
$requestResult = $graphServiceClient->identity()->conditionalAccess()->policiesById('conditionalAccessPolicy-id')->patch($requestBody);