conditionalAccessGrantControls resource type
Namespace: microsoft.graph
Important
APIs under the /beta
version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
Represents grant controls that must be fulfilled to pass the policy.
Properties
Property | Type | Description |
---|---|---|
operator | String | Defines the relationship of the grant controls. Possible values: AND , OR . |
builtInControls | conditionalAccessGrantControl collection | List of values of built-in controls required by the policy. Possible values: block , mfa , compliantDevice , domainJoinedDevice , approvedApplication , compliantApplication , passwordChange , unknownFutureValue . |
customAuthenticationFactors | String collection | List of custom controls IDs required by the policy. To learn more about custom control, see Custom controls (preview). |
termsOfUse | String collection | List of terms of use IDs required by the policy. |
Special considerations when using passwordChange
as a control
Consider the following when you use the passwordChange
control:
passwordChange
must be accompanied bymfa
using anAND
operator. This combination ensures that the password will be updated in a secure way.passwordChange
must be used in a policy containinguserRiskLevels
. This is designed to enable scenarios where users must use a secure change password to reset their user risk.- The policy should target
all
applications, and not exclude any applications. - The policy cannot contain any other condition.
Relationships
Relationship | Type | Description |
---|---|---|
authenticationStrength | authenticationStrengthPolicy | The authentication strength required by the conditional access policy. Optional. |
JSON representation
The following JSON representation shows the resource type.
{
"builtInControls": ["String"],
"customAuthenticationFactors": ["String"],
"operator": "String",
"termsOfUse": ["String"],
"authenticationStrength": {"@odata.type": "microsoft.graph.authenticationStrengthPolicy"}
}