Update crossTenantAccessPolicyConfigurationDefault

Article
03/02/2023
4 minutes to read

Namespace: microsoft.graph

Update the default configuration of a cross-tenant access policy.

Permissions

One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permission type	Permissions (from least to most privileged)
Delegated (work or school account)	Policy.ReadWrite.CrossTenantAccess
Delegated (personal Microsoft account)	Not applicable
Application	Policy.ReadWrite.CrossTenantAccess

HTTP request

PATCH /policies/crossTenantAccessPolicy/default

Request headers

Name	Description
Authorization	Bearer {token}. Required.
Content-Type	application/json. Required.

Request body

In the request body, supply only the values for properties that should be updated. Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values.

The following table specifies the properties that can be updated.

Property	Type	Description
inboundTrust	crossTenantAccessPolicyInboundTrust	Determines the default configuration for trusting other Conditional Access claims from external Azure AD organizations.
b2bCollaborationInbound	crossTenantAccessPolicyB2BSetting	Defines your default configuration for users from other organizations accessing your resources via Azure AD B2B collaboration.
b2bCollaborationOutbound	crossTenantAccessPolicyB2BSetting	Defines your default configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B collaboration.
b2bDirectConnectInbound	crossTenantAccessPolicyB2BSetting	Defines your default configuration for users from other organizations accessing your resources via Azure AD B2B direct connect.
b2bDirectConnectOutbound	crossTenantAccessPolicyB2BSetting	Defines your default configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B direct connect.

Response

If successful, this method returns a 204 No Content response code.

Examples

Request

PATCH https://graph.microsoft.com/v1.0/policies/crossTenantAccessPolicy/default
Content-Type: application/json

{
  "b2bCollaborationOutbound":
  {
    "usersAndGroups":
    {
      "accessType": "blocked",
      "targets": [
        {
          "target": "0be493dc-cb56-4a53-936f-9cf64410b8b0",
          "targetType": "group"
        }
      ]
    },
    "applications":
    {
      "accessType": "blocked",
      "targets": [
        {
          "target": "AllApplications",
          "targetType": "application"
        }
      ]
    }
  }
}


var graphClient = new GraphServiceClient(requestAdapter);

var requestBody = new CrossTenantAccessPolicyConfigurationDefault
{
	B2bCollaborationOutbound = new CrossTenantAccessPolicyB2BSetting
	{
		UsersAndGroups = new CrossTenantAccessPolicyTargetConfiguration
		{
			AccessType = CrossTenantAccessPolicyTargetConfigurationAccessType.Blocked,
			Targets = new List<CrossTenantAccessPolicyTarget>
			{
				new CrossTenantAccessPolicyTarget
				{
					Target = "0be493dc-cb56-4a53-936f-9cf64410b8b0",
					TargetType = CrossTenantAccessPolicyTargetType.Group,
				},
			},
		},
		Applications = new CrossTenantAccessPolicyTargetConfiguration
		{
			AccessType = CrossTenantAccessPolicyTargetConfigurationAccessType.Blocked,
			Targets = new List<CrossTenantAccessPolicyTarget>
			{
				new CrossTenantAccessPolicyTarget
				{
					Target = "AllApplications",
					TargetType = CrossTenantAccessPolicyTargetType.Application,
				},
			},
		},
	},
};
var result = await graphClient.Policies.CrossTenantAccessPolicy.Default.PatchAsync(requestBody);

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.


const options = {
	authProvider,
};

const client = Client.init(options);

const crossTenantAccessPolicyConfigurationDefault = {
  b2bCollaborationOutbound: 
  {
    usersAndGroups: 
    {
      accessType: 'blocked',
      targets: [
        {
          target: '0be493dc-cb56-4a53-936f-9cf64410b8b0',
          targetType: 'group'
        }
      ]
    },
    applications: 
    {
      accessType: 'blocked',
      targets: [
        {
          target: 'AllApplications',
          targetType: 'application'
        }
      ]
    }
  }
};

await client.api('/policies/crossTenantAccessPolicy/default')
	.update(crossTenantAccessPolicyConfigurationDefault);

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.


GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();

CrossTenantAccessPolicyConfigurationDefault crossTenantAccessPolicyConfigurationDefault = new CrossTenantAccessPolicyConfigurationDefault();
CrossTenantAccessPolicyB2BSetting b2bCollaborationOutbound = new CrossTenantAccessPolicyB2BSetting();
CrossTenantAccessPolicyTargetConfiguration usersAndGroups = new CrossTenantAccessPolicyTargetConfiguration();
usersAndGroups.accessType = CrossTenantAccessPolicyTargetConfigurationAccessType.BLOCKED;
LinkedList<CrossTenantAccessPolicyTarget> targetsList = new LinkedList<CrossTenantAccessPolicyTarget>();
CrossTenantAccessPolicyTarget targets = new CrossTenantAccessPolicyTarget();
targets.target = "0be493dc-cb56-4a53-936f-9cf64410b8b0";
targets.targetType = CrossTenantAccessPolicyTargetType.GROUP;
targetsList.add(targets);
usersAndGroups.targets = targetsList;
b2bCollaborationOutbound.usersAndGroups = usersAndGroups;
CrossTenantAccessPolicyTargetConfiguration applications = new CrossTenantAccessPolicyTargetConfiguration();
applications.accessType = CrossTenantAccessPolicyTargetConfigurationAccessType.BLOCKED;
LinkedList<CrossTenantAccessPolicyTarget> targetsList1 = new LinkedList<CrossTenantAccessPolicyTarget>();
CrossTenantAccessPolicyTarget targets1 = new CrossTenantAccessPolicyTarget();
targets1.target = "AllApplications";
targets1.targetType = CrossTenantAccessPolicyTargetType.APPLICATION;
targetsList1.add(targets1);
applications.targets = targetsList1;
b2bCollaborationOutbound.applications = applications;
crossTenantAccessPolicyConfigurationDefault.b2bCollaborationOutbound = b2bCollaborationOutbound;

graphClient.policies().crossTenantAccessPolicy().default()
	.buildRequest()
	.patch(crossTenantAccessPolicyConfigurationDefault);

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.


//THE GO SDK IS IN PREVIEW. NON-PRODUCTION USE ONLY
graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)

requestBody := graphmodels.NewCrossTenantAccessPolicyConfigurationDefault()
b2bCollaborationOutbound := graphmodels.NewCrossTenantAccessPolicyB2BSetting()
usersAndGroups := graphmodels.NewCrossTenantAccessPolicyTargetConfiguration()
accessType := graphmodels.BLOCKED_CROSSTENANTACCESSPOLICYTARGETCONFIGURATIONACCESSTYPE 
usersAndGroups.SetAccessType(&accessType) 


crossTenantAccessPolicyTarget := graphmodels.NewCrossTenantAccessPolicyTarget()
target := "0be493dc-cb56-4a53-936f-9cf64410b8b0"
crossTenantAccessPolicyTarget.SetTarget(&target) 
targetType := graphmodels.GROUP_CROSSTENANTACCESSPOLICYTARGETTYPE 
crossTenantAccessPolicyTarget.SetTargetType(&targetType) 

targets := []graphmodels.CrossTenantAccessPolicyTargetable {
	crossTenantAccessPolicyTarget,

}
usersAndGroups.SetTargets(targets)
b2bCollaborationOutbound.SetUsersAndGroups(usersAndGroups)
applications := graphmodels.NewCrossTenantAccessPolicyTargetConfiguration()
accessType := graphmodels.BLOCKED_CROSSTENANTACCESSPOLICYTARGETCONFIGURATIONACCESSTYPE 
applications.SetAccessType(&accessType) 


crossTenantAccessPolicyTarget := graphmodels.NewCrossTenantAccessPolicyTarget()
target := "AllApplications"
crossTenantAccessPolicyTarget.SetTarget(&target) 
targetType := graphmodels.APPLICATION_CROSSTENANTACCESSPOLICYTARGETTYPE 
crossTenantAccessPolicyTarget.SetTargetType(&targetType) 

targets := []graphmodels.CrossTenantAccessPolicyTargetable {
	crossTenantAccessPolicyTarget,

}
applications.SetTargets(targets)
b2bCollaborationOutbound.SetApplications(applications)
requestBody.SetB2bCollaborationOutbound(b2bCollaborationOutbound)

result, err := graphClient.Policies().CrossTenantAccessPolicy().Default().Patch(context.Background(), requestBody, nil)

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.


Import-Module Microsoft.Graph.Identity.SignIns

$params = @{
	B2bCollaborationOutbound = @{
		UsersAndGroups = @{
			AccessType = "blocked"
			Targets = @(
				@{
					Target = "0be493dc-cb56-4a53-936f-9cf64410b8b0"
					TargetType = "group"
				}
			)
		}
		Applications = @{
			AccessType = "blocked"
			Targets = @(
				@{
					Target = "AllApplications"
					TargetType = "application"
				}
			)
		}
	}
}

Update-MgPolicyCrossTenantAccessPolicyDefault -BodyParameter $params

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.


<?php

// THIS SNIPPET IS A PREVIEW FOR THE KIOTA BASED SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($requestAdapter);

$requestBody = new CrossTenantAccessPolicyConfigurationDefault();
$b2bCollaborationOutbound = new CrossTenantAccessPolicyB2BSetting();
$b2bCollaborationOutboundUsersAndGroups = new CrossTenantAccessPolicyTargetConfiguration();
$b2bCollaborationOutboundUsersAndGroups->setAccessType(new CrossTenantAccessPolicyTargetConfigurationAccessType('blocked'));

$targetsCrossTenantAccessPolicyTarget1 = new CrossTenantAccessPolicyTarget();
$targetsCrossTenantAccessPolicyTarget1->setTarget('0be493dc-cb56-4a53-936f-9cf64410b8b0');

$targetsCrossTenantAccessPolicyTarget1->setTargetType(new CrossTenantAccessPolicyTargetType('group'));


$targetsArray []= $targetsCrossTenantAccessPolicyTarget1;
$b2bCollaborationOutboundUsersAndGroups->setTargets($targetsArray);



$b2bCollaborationOutbound->setUsersAndGroups($b2bCollaborationOutboundUsersAndGroups);
$b2bCollaborationOutboundApplications = new CrossTenantAccessPolicyTargetConfiguration();
$b2bCollaborationOutboundApplications->setAccessType(new CrossTenantAccessPolicyTargetConfigurationAccessType('blocked'));

$targetsCrossTenantAccessPolicyTarget1 = new CrossTenantAccessPolicyTarget();
$targetsCrossTenantAccessPolicyTarget1->setTarget('AllApplications');

$targetsCrossTenantAccessPolicyTarget1->setTargetType(new CrossTenantAccessPolicyTargetType('application'));


$targetsArray []= $targetsCrossTenantAccessPolicyTarget1;
$b2bCollaborationOutboundApplications->setTargets($targetsArray);



$b2bCollaborationOutbound->setApplications($b2bCollaborationOutboundApplications);

$requestBody->setB2bCollaborationOutbound($b2bCollaborationOutbound);


$requestResult = $graphServiceClient->policies()->crossTenantAccessPolicy()->default()->patch($requestBody);

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

Response

HTTP/1.1 204 No Content

Update crossTenantAccessPolicyConfigurationDefault

Permissions

HTTP request

Request headers

Request body

Response

Examples

Request

Response

Feedback

Additional resources

Additional resources