conditionalAccessConditionSet resource type

Namespace: microsoft.graph

Represents the type of conditions that govern when the policy applies.

Properties

Property Type Description
applications conditionalAccessApplications Applications and user actions included in and excluded from the policy. Required.
clientApplications conditionalAccessClientApplications Client applications (service principals and workload identities) included in and excluded from the policy. Either users or clientApplications is required.
clientAppTypes conditionalAccessClientApp collection Client application types included in the policy. Possible values are: all, browser, mobileAppsAndDesktopClients, exchangeActiveSync, easSupported, other. Required.
devices conditionalAccessDevices Devices in the policy.
locations conditionalAccessLocations Locations included in and excluded from the policy.
platforms conditionalAccessPlatforms Platforms included in and excluded from the policy.
servicePrincipalRiskLevels riskLevel collection Service principal risk levels included in the policy. Possible values are: low, medium, high, none, unknownFutureValue.
signInRiskLevels riskLevel collection Sign-in risk levels included in the policy. Possible values are: low, medium, high, hidden, none, unknownFutureValue. Required.
userRiskLevels riskLevel collection User risk levels included in the policy. Possible values are: low, medium, high, hidden, none, unknownFutureValue. Required.
users conditionalAccessUsers Users, groups, and roles included in and excluded from the policy. Either users or clientApplications is required.

Note:

  • clientAppType modern is going to be deprecated and replaced by mobileAppsAndDesktopClients.
  • clientAppType easUnsupported is going to be deprecated in favor of exchangeActiveSync which includes EAS supported and unsupported platforms.
  • We are deprecating the deviceStates condition, and it may be removed in the future. Going forward, use devices condition.

Relationships

None.

JSON representation

The following is a JSON representation of the resource.

{
  "@odata.type": "#microsoft.graph.conditionalAccessConditionSet",
  "applications": {"@odata.type": "microsoft.graph.conditionalAccessApplications"},
  "clientApplications": {"@odata.type": "microsoft.graph.conditionalAccessClientApplications"},
  "clientAppTypes": ["String"],
  "devices": {"@odata.type": "microsoft.graph.conditionalAccessDevices"},
  "locations": {"@odata.type": "microsoft.graph.conditionalAccessLocations"},
  "platforms": {"@odata.type": "microsoft.graph.conditionalAccessPlatforms"},
  "servicePrincipalRiskLevels": ["String"],
  "signInRiskLevels": ["String"],
  "userRiskLevels": ["String"],
  "users": {"@odata.type": "microsoft.graph.conditionalAccessUsers"}
}