Create crossTenantAccessPolicyConfigurationPartner
Article
05/13/2023
2 contributors
Feedback
In this article
Namespace: microsoft.graph
Create a new partner configuration in a cross-tenant access policy.
Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions .
Permission type
Permissions (from least to most privileged)
Delegated (work or school account)
Policy.ReadWrite.CrossTenantAccess
Delegated (personal Microsoft account)
Not supported.
Application
Policy.ReadWrite.CrossTenantAccess
HTTP request
POST /policies/crossTenantAccessPolicy/partners
Name
Description
Authorization
Bearer {token}. Required.
Content-Type
application/json. Required.
Request body
In the request body, supply a JSON representation of the crossTenantAccessPolicyConfigurationPartner object.
The following table shows the properties that are required when you create the crossTenantAccessPolicyConfigurationPartner .
Property
Type
Description
automaticUserConsentSettings
inboundOutboundPolicyConfiguration Determines the partner-specific configuration for automatic user consent settings. Unless specifically configured, the inboundAllowed and outboundAllowed properties are null and inherit from the default settings, which is always false.
b2bCollaborationInbound
crossTenantAccessPolicyB2BSetting Defines your partner-specific configuration for users from other organizations accessing your resources via Azure AD B2B collaboration.
b2bCollaborationOutbound
crossTenantAccessPolicyB2BSetting Defines your partner-specific configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B collaboration.
b2bDirectConnectInbound
crossTenantAccessPolicyB2BSetting Defines your partner-specific configuration for users from other organizations accessing your resources via Azure AD B2B direct connect.
b2bDirectConnectOutbound
crossTenantAccessPolicyB2BSetting Defines your partner-specific configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B direct connect.
inboundTrust
crossTenantAccessPolicyInboundTrust Determines the partner-specific configuration for trusting other Conditional Access claims from external Azure AD organizations.
isServiceProvider
Boolean
Identifies whether the partner-specific configuration is a cloud service provider for your organization.
tenantId
String
The tenant identifier for the partner Azure AD organization. Read-only. Key.
Response
If successful, this method returns a 201 Created response code and a crossTenantAccessPolicyConfigurationPartner object in the response body.
Examples
Request
POST https://graph.microsoft.com/v1.0/policies/crossTenantAccessPolicy/partners
Content-Type: application/json
{
"tenantId": "3d0f5dec-5d3d-455c-8016-e2af1ae4d31a",
"b2bDirectConnectOutbound":
{
"usersAndGroups":
{
"accessType": "blocked",
"targets": [
{
"target": "6f546279-4da5-4b53-a095-09ea0cef9971",
"targetType": "group"
}
]
}
},
"b2bDirectConnectInbound":
{
"applications":
{
"accessType": "allowed",
"targets": [
{
"target": "Office365",
"targetType": "application"
}
]
}
}
}
// Code snippets are only available for the latest version. Current version is 5.x
var graphClient = new GraphServiceClient(requestAdapter);
var requestBody = new CrossTenantAccessPolicyConfigurationPartner
{
TenantId = "3d0f5dec-5d3d-455c-8016-e2af1ae4d31a",
B2bDirectConnectOutbound = new CrossTenantAccessPolicyB2BSetting
{
UsersAndGroups = new CrossTenantAccessPolicyTargetConfiguration
{
AccessType = CrossTenantAccessPolicyTargetConfigurationAccessType.Blocked,
Targets = new List<CrossTenantAccessPolicyTarget>
{
new CrossTenantAccessPolicyTarget
{
Target = "6f546279-4da5-4b53-a095-09ea0cef9971",
TargetType = CrossTenantAccessPolicyTargetType.Group,
},
},
},
},
B2bDirectConnectInbound = new CrossTenantAccessPolicyB2BSetting
{
Applications = new CrossTenantAccessPolicyTargetConfiguration
{
AccessType = CrossTenantAccessPolicyTargetConfigurationAccessType.Allowed,
Targets = new List<CrossTenantAccessPolicyTarget>
{
new CrossTenantAccessPolicyTarget
{
Target = "Office365",
TargetType = CrossTenantAccessPolicyTargetType.Application,
},
},
},
},
};
var result = await graphClient.Policies.CrossTenantAccessPolicy.Partners.PostAsync(requestBody);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
const options = {
authProvider,
};
const client = Client.init(options);
const crossTenantAccessPolicyConfigurationPartner = {
tenantId: '3d0f5dec-5d3d-455c-8016-e2af1ae4d31a',
b2bDirectConnectOutbound:
{
usersAndGroups:
{
accessType: 'blocked',
targets: [
{
target: '6f546279-4da5-4b53-a095-09ea0cef9971',
targetType: 'group'
}
]
}
},
b2bDirectConnectInbound:
{
applications:
{
accessType: 'allowed',
targets: [
{
target: 'Office365',
targetType: 'application'
}
]
}
}
};
await client.api('/policies/crossTenantAccessPolicy/partners')
.post(crossTenantAccessPolicyConfigurationPartner);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();
CrossTenantAccessPolicyConfigurationPartner crossTenantAccessPolicyConfigurationPartner = new CrossTenantAccessPolicyConfigurationPartner();
crossTenantAccessPolicyConfigurationPartner.tenantId = "3d0f5dec-5d3d-455c-8016-e2af1ae4d31a";
CrossTenantAccessPolicyB2BSetting b2bDirectConnectOutbound = new CrossTenantAccessPolicyB2BSetting();
CrossTenantAccessPolicyTargetConfiguration usersAndGroups = new CrossTenantAccessPolicyTargetConfiguration();
usersAndGroups.accessType = CrossTenantAccessPolicyTargetConfigurationAccessType.BLOCKED;
LinkedList<CrossTenantAccessPolicyTarget> targetsList = new LinkedList<CrossTenantAccessPolicyTarget>();
CrossTenantAccessPolicyTarget targets = new CrossTenantAccessPolicyTarget();
targets.target = "6f546279-4da5-4b53-a095-09ea0cef9971";
targets.targetType = CrossTenantAccessPolicyTargetType.GROUP;
targetsList.add(targets);
usersAndGroups.targets = targetsList;
b2bDirectConnectOutbound.usersAndGroups = usersAndGroups;
crossTenantAccessPolicyConfigurationPartner.b2bDirectConnectOutbound = b2bDirectConnectOutbound;
CrossTenantAccessPolicyB2BSetting b2bDirectConnectInbound = new CrossTenantAccessPolicyB2BSetting();
CrossTenantAccessPolicyTargetConfiguration applications = new CrossTenantAccessPolicyTargetConfiguration();
applications.accessType = CrossTenantAccessPolicyTargetConfigurationAccessType.ALLOWED;
LinkedList<CrossTenantAccessPolicyTarget> targetsList1 = new LinkedList<CrossTenantAccessPolicyTarget>();
CrossTenantAccessPolicyTarget targets1 = new CrossTenantAccessPolicyTarget();
targets1.target = "Office365";
targets1.targetType = CrossTenantAccessPolicyTargetType.APPLICATION;
targetsList1.add(targets1);
applications.targets = targetsList1;
b2bDirectConnectInbound.applications = applications;
crossTenantAccessPolicyConfigurationPartner.b2bDirectConnectInbound = b2bDirectConnectInbound;
graphClient.policies().crossTenantAccessPolicy().partners()
.buildRequest()
.post(crossTenantAccessPolicyConfigurationPartner);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
graphClient, err := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)
requestBody := graphmodels.NewCrossTenantAccessPolicyConfigurationPartner()
tenantId := "3d0f5dec-5d3d-455c-8016-e2af1ae4d31a"
requestBody.SetTenantId(&tenantId)
b2bDirectConnectOutbound := graphmodels.NewCrossTenantAccessPolicyB2BSetting()
usersAndGroups := graphmodels.NewCrossTenantAccessPolicyTargetConfiguration()
accessType := graphmodels.BLOCKED_CROSSTENANTACCESSPOLICYTARGETCONFIGURATIONACCESSTYPE
usersAndGroups.SetAccessType(&accessType)
crossTenantAccessPolicyTarget := graphmodels.NewCrossTenantAccessPolicyTarget()
target := "6f546279-4da5-4b53-a095-09ea0cef9971"
crossTenantAccessPolicyTarget.SetTarget(&target)
targetType := graphmodels.GROUP_CROSSTENANTACCESSPOLICYTARGETTYPE
crossTenantAccessPolicyTarget.SetTargetType(&targetType)
targets := []graphmodels.CrossTenantAccessPolicyTargetable {
crossTenantAccessPolicyTarget,
}
usersAndGroups.SetTargets(targets)
b2bDirectConnectOutbound.SetUsersAndGroups(usersAndGroups)
requestBody.SetB2bDirectConnectOutbound(b2bDirectConnectOutbound)
b2bDirectConnectInbound := graphmodels.NewCrossTenantAccessPolicyB2BSetting()
applications := graphmodels.NewCrossTenantAccessPolicyTargetConfiguration()
accessType := graphmodels.ALLOWED_CROSSTENANTACCESSPOLICYTARGETCONFIGURATIONACCESSTYPE
applications.SetAccessType(&accessType)
crossTenantAccessPolicyTarget := graphmodels.NewCrossTenantAccessPolicyTarget()
target := "Office365"
crossTenantAccessPolicyTarget.SetTarget(&target)
targetType := graphmodels.APPLICATION_CROSSTENANTACCESSPOLICYTARGETTYPE
crossTenantAccessPolicyTarget.SetTargetType(&targetType)
targets := []graphmodels.CrossTenantAccessPolicyTargetable {
crossTenantAccessPolicyTarget,
}
applications.SetTargets(targets)
b2bDirectConnectInbound.SetApplications(applications)
requestBody.SetB2bDirectConnectInbound(b2bDirectConnectInbound)
result, err := graphClient.Policies().CrossTenantAccessPolicy().Partners().Post(context.Background(), requestBody, nil)
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
Import-Module Microsoft.Graph.Identity.SignIns
$params = @{
tenantId = "3d0f5dec-5d3d-455c-8016-e2af1ae4d31a"
b2bDirectConnectOutbound = @{
usersAndGroups = @{
accessType = "blocked"
targets = @(
@{
target = "6f546279-4da5-4b53-a095-09ea0cef9971"
targetType = "group"
}
)
}
}
b2bDirectConnectInbound = @{
applications = @{
accessType = "allowed"
targets = @(
@{
target = "Office365"
targetType = "application"
}
)
}
}
}
New-MgPolicyCrossTenantAccessPolicyPartner -BodyParameter $params
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
<?php
// THIS SNIPPET IS A PREVIEW FOR THE KIOTA BASED SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($requestAdapter);
$requestBody = new CrossTenantAccessPolicyConfigurationPartner();
$requestBody->setTenantId('3d0f5dec-5d3d-455c-8016-e2af1ae4d31a');
$b2bDirectConnectOutbound = new CrossTenantAccessPolicyB2BSetting();
$b2bDirectConnectOutboundUsersAndGroups = new CrossTenantAccessPolicyTargetConfiguration();
$b2bDirectConnectOutboundUsersAndGroups->setAccessType(new CrossTenantAccessPolicyTargetConfigurationAccessType('blocked'));
$targetsCrossTenantAccessPolicyTarget1 = new CrossTenantAccessPolicyTarget();
$targetsCrossTenantAccessPolicyTarget1->setTarget('6f546279-4da5-4b53-a095-09ea0cef9971');
$targetsCrossTenantAccessPolicyTarget1->setTargetType(new CrossTenantAccessPolicyTargetType('group'));
$targetsArray []= $targetsCrossTenantAccessPolicyTarget1;
$b2bDirectConnectOutboundUsersAndGroups->setTargets($targetsArray);
$b2bDirectConnectOutbound->setUsersAndGroups($b2bDirectConnectOutboundUsersAndGroups);
$requestBody->setB2bDirectConnectOutbound($b2bDirectConnectOutbound);
$b2bDirectConnectInbound = new CrossTenantAccessPolicyB2BSetting();
$b2bDirectConnectInboundApplications = new CrossTenantAccessPolicyTargetConfiguration();
$b2bDirectConnectInboundApplications->setAccessType(new CrossTenantAccessPolicyTargetConfigurationAccessType('allowed'));
$targetsCrossTenantAccessPolicyTarget1 = new CrossTenantAccessPolicyTarget();
$targetsCrossTenantAccessPolicyTarget1->setTarget('Office365');
$targetsCrossTenantAccessPolicyTarget1->setTargetType(new CrossTenantAccessPolicyTargetType('application'));
$targetsArray []= $targetsCrossTenantAccessPolicyTarget1;
$b2bDirectConnectInboundApplications->setTargets($targetsArray);
$b2bDirectConnectInbound->setApplications($b2bDirectConnectInboundApplications);
$requestBody->setB2bDirectConnectInbound($b2bDirectConnectInbound);
$result = $graphServiceClient->policies()->crossTenantAccessPolicy()->partners()->post($requestBody);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
// THE PYTHON SDK IS IN PREVIEW. NON-PRODUCTION USE ONLY
client = GraphServiceClient(request_adapter)
request_body = CrossTenantAccessPolicyConfigurationPartner()
request_body.tenant_id = '3d0f5dec-5d3d-455c-8016-e2af1ae4d31a'
b2b_direct_connect_outbound = CrossTenantAccessPolicyB2BSetting()
b2b_direct_connect_outboundusers_and_groups = CrossTenantAccessPolicyTargetConfiguration()
b2b_direct_connect_outboundusers_and_groups.accesstype(CrossTenantAccessPolicyTargetConfigurationAccessType.Blocked('crosstenantaccesspolicytargetconfigurationaccesstype.blocked'))
targets_cross_tenant_access_policy_target1 = CrossTenantAccessPolicyTarget()
targets_cross_tenant_access_policy_target1.target = '6f546279-4da5-4b53-a095-09ea0cef9971'
targets_cross_tenant_access_policy_target1.targettype(CrossTenantAccessPolicyTargetType.Group('crosstenantaccesspolicytargettype.group'))
targetsArray []= targetsCrossTenantAccessPolicyTarget1;
b2b_direct_connect_outboundusers_and_groups.targets(targetsArray)
b2b_direct_connect_outbound.users_and_groups = b2b_direct_connect_outboundusers_and_groups
request_body.b2b_direct_connect_outbound = b2b_direct_connect_outbound
b2b_direct_connect_inbound = CrossTenantAccessPolicyB2BSetting()
b2b_direct_connect_inboundapplications = CrossTenantAccessPolicyTargetConfiguration()
b2b_direct_connect_inboundapplications.accesstype(CrossTenantAccessPolicyTargetConfigurationAccessType.Allowed('crosstenantaccesspolicytargetconfigurationaccesstype.allowed'))
targets_cross_tenant_access_policy_target1 = CrossTenantAccessPolicyTarget()
targets_cross_tenant_access_policy_target1.target = 'Office365'
targets_cross_tenant_access_policy_target1.targettype(CrossTenantAccessPolicyTargetType.Application('crosstenantaccesspolicytargettype.application'))
targetsArray []= targetsCrossTenantAccessPolicyTarget1;
b2b_direct_connect_inboundapplications.targets(targetsArray)
b2b_direct_connect_inbound.applications = b2b_direct_connect_inboundapplications
request_body.b2b_direct_connect_inbound = b2b_direct_connect_inbound
result = await client.policies.cro_tenant_acce_policy.partners.post(request_body = request_body)
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
Response
The following is an example of the response.
Note: The response object shown here might be shortened for readability.
HTTP/1.1 201 Created
Content-Type: application/json
{
"tenantId": "3d0f5dec-5d3d-455c-8016-e2af1ae4d31a",
"inboundTrust": null,
"b2bCollaborationInbound": null,
"b2bCollaborationOutbound": null,
"b2bDirectConnectOutbound":
{
"usersAndGroups":
{
"accessType": "blocked",
"targets": [
{
"target": "6f546279-4da5-4b53-a095-09ea0cef9971",
"targetType": "group"
}
]
}
},
"b2bDirectConnectInbound":
{
"applications":
{
"accessType": "allowed",
"targets": [
{
"target": "Office365",
"targetType": "application"
}
]
}
}
}