Create crossTenantAccessPolicyConfigurationPartner
Article
03/02/2023
4 minutes to read
1 contributor
Feedback
In this article
Namespace: microsoft.graph
Create a new partner configuration in a cross-tenant access policy.
Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions .
Permission type
Permissions (from least to most privileged)
Delegated (work or school account)
Policy.ReadWrite.CrossTenantAccess
Delegated (personal Microsoft account)
Not applicable
Application
Policy.ReadWrite.CrossTenantAccess
HTTP request
POST /policies/crossTenantAccessPolicy/partners
Name
Description
Authorization
Bearer {token}. Required.
Content-Type
application/json. Required.
Request body
In the request body, supply a JSON representation of the crossTenantAccessPolicyConfigurationPartner object.
The following table shows the properties that are required when you create the crossTenantAccessPolicyConfigurationPartner .
Property
Type
Description
b2bCollaborationInbound
crossTenantAccessPolicyB2BSetting Defines your partner-specific configuration for users from other organizations accessing your resources via Azure AD B2B collaboration.
b2bCollaborationOutbound
crossTenantAccessPolicyB2BSetting Defines your partner-specific configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B collaboration.
b2bDirectConnectInbound
crossTenantAccessPolicyB2BSetting Defines your partner-specific configuration for users from other organizations accessing your resources via Azure AD B2B direct connect.
b2bDirectConnectOutbound
crossTenantAccessPolicyB2BSetting Defines your partner-specific configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B direct connect.
inboundTrust
crossTenantAccessPolicyInboundTrust Determines the partner-specific configuration for trusting other Conditional Access claims from external Azure AD organizations.
tenantId
String
The tenant identifier for the partner Azure Active Directory (Azure AD) organization.
Response
If successful, this method returns a 201 Created response code and a crossTenantAccessPolicyConfigurationPartner object in the response body.
Examples
Request
POST https://graph.microsoft.com/v1.0/policies/crossTenantAccessPolicy/partners
Content-Type: application/json
{
"tenantId": "3d0f5dec-5d3d-455c-8016-e2af1ae4d31a",
"b2bDirectConnectOutbound":
{
"usersAndGroups":
{
"accessType": "blocked",
"targets": [
{
"target": "6f546279-4da5-4b53-a095-09ea0cef9971",
"targetType": "group"
}
]
}
},
"b2bDirectConnectInbound":
{
"applications":
{
"accessType": "allowed",
"targets": [
{
"target": "Office365",
"targetType": "application"
}
]
}
}
}
var graphClient = new GraphServiceClient(requestAdapter);
var requestBody = new CrossTenantAccessPolicyConfigurationPartner
{
TenantId = "3d0f5dec-5d3d-455c-8016-e2af1ae4d31a",
B2bDirectConnectOutbound = new CrossTenantAccessPolicyB2BSetting
{
UsersAndGroups = new CrossTenantAccessPolicyTargetConfiguration
{
AccessType = CrossTenantAccessPolicyTargetConfigurationAccessType.Blocked,
Targets = new List<CrossTenantAccessPolicyTarget>
{
new CrossTenantAccessPolicyTarget
{
Target = "6f546279-4da5-4b53-a095-09ea0cef9971",
TargetType = CrossTenantAccessPolicyTargetType.Group,
},
},
},
},
B2bDirectConnectInbound = new CrossTenantAccessPolicyB2BSetting
{
Applications = new CrossTenantAccessPolicyTargetConfiguration
{
AccessType = CrossTenantAccessPolicyTargetConfigurationAccessType.Allowed,
Targets = new List<CrossTenantAccessPolicyTarget>
{
new CrossTenantAccessPolicyTarget
{
Target = "Office365",
TargetType = CrossTenantAccessPolicyTargetType.Application,
},
},
},
},
};
var result = await graphClient.Policies.CrossTenantAccessPolicy.Partners.PostAsync(requestBody);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
const options = {
authProvider,
};
const client = Client.init(options);
const crossTenantAccessPolicyConfigurationPartner = {
tenantId: '3d0f5dec-5d3d-455c-8016-e2af1ae4d31a',
b2bDirectConnectOutbound:
{
usersAndGroups:
{
accessType: 'blocked',
targets: [
{
target: '6f546279-4da5-4b53-a095-09ea0cef9971',
targetType: 'group'
}
]
}
},
b2bDirectConnectInbound:
{
applications:
{
accessType: 'allowed',
targets: [
{
target: 'Office365',
targetType: 'application'
}
]
}
}
};
await client.api('/policies/crossTenantAccessPolicy/partners')
.post(crossTenantAccessPolicyConfigurationPartner);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();
CrossTenantAccessPolicyConfigurationPartner crossTenantAccessPolicyConfigurationPartner = new CrossTenantAccessPolicyConfigurationPartner();
crossTenantAccessPolicyConfigurationPartner.tenantId = "3d0f5dec-5d3d-455c-8016-e2af1ae4d31a";
CrossTenantAccessPolicyB2BSetting b2bDirectConnectOutbound = new CrossTenantAccessPolicyB2BSetting();
CrossTenantAccessPolicyTargetConfiguration usersAndGroups = new CrossTenantAccessPolicyTargetConfiguration();
usersAndGroups.accessType = CrossTenantAccessPolicyTargetConfigurationAccessType.BLOCKED;
LinkedList<CrossTenantAccessPolicyTarget> targetsList = new LinkedList<CrossTenantAccessPolicyTarget>();
CrossTenantAccessPolicyTarget targets = new CrossTenantAccessPolicyTarget();
targets.target = "6f546279-4da5-4b53-a095-09ea0cef9971";
targets.targetType = CrossTenantAccessPolicyTargetType.GROUP;
targetsList.add(targets);
usersAndGroups.targets = targetsList;
b2bDirectConnectOutbound.usersAndGroups = usersAndGroups;
crossTenantAccessPolicyConfigurationPartner.b2bDirectConnectOutbound = b2bDirectConnectOutbound;
CrossTenantAccessPolicyB2BSetting b2bDirectConnectInbound = new CrossTenantAccessPolicyB2BSetting();
CrossTenantAccessPolicyTargetConfiguration applications = new CrossTenantAccessPolicyTargetConfiguration();
applications.accessType = CrossTenantAccessPolicyTargetConfigurationAccessType.ALLOWED;
LinkedList<CrossTenantAccessPolicyTarget> targetsList1 = new LinkedList<CrossTenantAccessPolicyTarget>();
CrossTenantAccessPolicyTarget targets1 = new CrossTenantAccessPolicyTarget();
targets1.target = "Office365";
targets1.targetType = CrossTenantAccessPolicyTargetType.APPLICATION;
targetsList1.add(targets1);
applications.targets = targetsList1;
b2bDirectConnectInbound.applications = applications;
crossTenantAccessPolicyConfigurationPartner.b2bDirectConnectInbound = b2bDirectConnectInbound;
graphClient.policies().crossTenantAccessPolicy().partners()
.buildRequest()
.post(crossTenantAccessPolicyConfigurationPartner);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
//THE GO SDK IS IN PREVIEW. NON-PRODUCTION USE ONLY
graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)
requestBody := graphmodels.NewCrossTenantAccessPolicyConfigurationPartner()
tenantId := "3d0f5dec-5d3d-455c-8016-e2af1ae4d31a"
requestBody.SetTenantId(&tenantId)
b2bDirectConnectOutbound := graphmodels.NewCrossTenantAccessPolicyB2BSetting()
usersAndGroups := graphmodels.NewCrossTenantAccessPolicyTargetConfiguration()
accessType := graphmodels.BLOCKED_CROSSTENANTACCESSPOLICYTARGETCONFIGURATIONACCESSTYPE
usersAndGroups.SetAccessType(&accessType)
crossTenantAccessPolicyTarget := graphmodels.NewCrossTenantAccessPolicyTarget()
target := "6f546279-4da5-4b53-a095-09ea0cef9971"
crossTenantAccessPolicyTarget.SetTarget(&target)
targetType := graphmodels.GROUP_CROSSTENANTACCESSPOLICYTARGETTYPE
crossTenantAccessPolicyTarget.SetTargetType(&targetType)
targets := []graphmodels.CrossTenantAccessPolicyTargetable {
crossTenantAccessPolicyTarget,
}
usersAndGroups.SetTargets(targets)
b2bDirectConnectOutbound.SetUsersAndGroups(usersAndGroups)
requestBody.SetB2bDirectConnectOutbound(b2bDirectConnectOutbound)
b2bDirectConnectInbound := graphmodels.NewCrossTenantAccessPolicyB2BSetting()
applications := graphmodels.NewCrossTenantAccessPolicyTargetConfiguration()
accessType := graphmodels.ALLOWED_CROSSTENANTACCESSPOLICYTARGETCONFIGURATIONACCESSTYPE
applications.SetAccessType(&accessType)
crossTenantAccessPolicyTarget := graphmodels.NewCrossTenantAccessPolicyTarget()
target := "Office365"
crossTenantAccessPolicyTarget.SetTarget(&target)
targetType := graphmodels.APPLICATION_CROSSTENANTACCESSPOLICYTARGETTYPE
crossTenantAccessPolicyTarget.SetTargetType(&targetType)
targets := []graphmodels.CrossTenantAccessPolicyTargetable {
crossTenantAccessPolicyTarget,
}
applications.SetTargets(targets)
b2bDirectConnectInbound.SetApplications(applications)
requestBody.SetB2bDirectConnectInbound(b2bDirectConnectInbound)
result, err := graphClient.Policies().CrossTenantAccessPolicy().Partners().Post(context.Background(), requestBody, nil)
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
Import-Module Microsoft.Graph.Identity.SignIns
$params = @{
TenantId = "3d0f5dec-5d3d-455c-8016-e2af1ae4d31a"
B2bDirectConnectOutbound = @{
UsersAndGroups = @{
AccessType = "blocked"
Targets = @(
@{
Target = "6f546279-4da5-4b53-a095-09ea0cef9971"
TargetType = "group"
}
)
}
}
B2bDirectConnectInbound = @{
Applications = @{
AccessType = "allowed"
Targets = @(
@{
Target = "Office365"
TargetType = "application"
}
)
}
}
}
New-MgPolicyCrossTenantAccessPolicyPartner -BodyParameter $params
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
<?php
// THIS SNIPPET IS A PREVIEW FOR THE KIOTA BASED SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($requestAdapter);
$requestBody = new CrossTenantAccessPolicyConfigurationPartner();
$requestBody->setTenantId('3d0f5dec-5d3d-455c-8016-e2af1ae4d31a');
$b2bDirectConnectOutbound = new CrossTenantAccessPolicyB2BSetting();
$b2bDirectConnectOutboundUsersAndGroups = new CrossTenantAccessPolicyTargetConfiguration();
$b2bDirectConnectOutboundUsersAndGroups->setAccessType(new CrossTenantAccessPolicyTargetConfigurationAccessType('blocked'));
$targetsCrossTenantAccessPolicyTarget1 = new CrossTenantAccessPolicyTarget();
$targetsCrossTenantAccessPolicyTarget1->setTarget('6f546279-4da5-4b53-a095-09ea0cef9971');
$targetsCrossTenantAccessPolicyTarget1->setTargetType(new CrossTenantAccessPolicyTargetType('group'));
$targetsArray []= $targetsCrossTenantAccessPolicyTarget1;
$b2bDirectConnectOutboundUsersAndGroups->setTargets($targetsArray);
$b2bDirectConnectOutbound->setUsersAndGroups($b2bDirectConnectOutboundUsersAndGroups);
$requestBody->setB2bDirectConnectOutbound($b2bDirectConnectOutbound);
$b2bDirectConnectInbound = new CrossTenantAccessPolicyB2BSetting();
$b2bDirectConnectInboundApplications = new CrossTenantAccessPolicyTargetConfiguration();
$b2bDirectConnectInboundApplications->setAccessType(new CrossTenantAccessPolicyTargetConfigurationAccessType('allowed'));
$targetsCrossTenantAccessPolicyTarget1 = new CrossTenantAccessPolicyTarget();
$targetsCrossTenantAccessPolicyTarget1->setTarget('Office365');
$targetsCrossTenantAccessPolicyTarget1->setTargetType(new CrossTenantAccessPolicyTargetType('application'));
$targetsArray []= $targetsCrossTenantAccessPolicyTarget1;
$b2bDirectConnectInboundApplications->setTargets($targetsArray);
$b2bDirectConnectInbound->setApplications($b2bDirectConnectInboundApplications);
$requestBody->setB2bDirectConnectInbound($b2bDirectConnectInbound);
$requestResult = $graphServiceClient->policies()->crossTenantAccessPolicy()->partners()->post($requestBody);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
Response
The following is an example of the response.
Note: The response object shown here might be shortened for readability.
HTTP/1.1 201 Created
Content-Type: application/json
{
"tenantId": "3d0f5dec-5d3d-455c-8016-e2af1ae4d31a",
"inboundTrust": null,
"b2bCollaborationInbound": null,
"b2bCollaborationOutbound": null,
"b2bDirectConnectOutbound":
{
"usersAndGroups":
{
"accessType": "blocked",
"targets": [
{
"target": "6f546279-4da5-4b53-a095-09ea0cef9971",
"targetType": "group"
}
]
}
},
"b2bDirectConnectInbound":
{
"applications":
{
"accessType": "allowed",
"targets": [
{
"target": "Office365",
"targetType": "application"
}
]
}
}
}