Create permissionGrantConditionSet in excludes collection of permissionGrantPolicy
Article
2 minutes to read
Namespace: microsoft.graph
Add conditions under which a permission grant event is excluded in a permission grant policy. You do this by adding a permissionGrantConditionSet to the excludes collection of a permissionGrantPolicy.
Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.
Permission type
Permissions (from least to most privileged)
Delegated (work or school account)
Policy.ReadWrite.PermissionGrant
Delegated (personal Microsoft account)
Not supported.
Application
Policy.ReadWrite.PermissionGrant
HTTP request
POST /policies/permissionGrantPolicies/{id}/excludes
If successful, this method returns a 201 Created response code and an permissionGrantConditionSet object in the response body.
Examples
Request
In this example, all delegated permissions for Microsoft Graph (appId 00000003-0000-0000-c000-000000000000) are excluded from the permission grant policy.
<?php
// THIS SNIPPET IS A PREVIEW FOR THE KIOTA BASED SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($requestAdapter);
$requestBody = new PermissionGrantConditionSet();
$requestBody->setPermissionType(new PermissionType('delegated'));
$requestBody->setResourceApplication('00000003-0000-0000-c000-000000000000');
$requestResult = $graphServiceClient->policies()->permissionGrantPoliciesById('permissionGrantPolicy-id')->excludes()->post($requestBody);