naftiko: 1.0.0-alpha2 info: label: Microsoft Graph Policies — identity.conditionalAccessRoot description: 'Microsoft Graph Policies — identity.conditionalAccessRoot. 20 operations. Lead operation: Microsoft Graph Get policies from identity. Self-contained Naftiko capability covering one Microsoft Graph business surface.' tags: - Microsoft Graph - identity.conditionalAccessRoot created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: MICROSOFT_GRAPH_API_KEY: MICROSOFT_GRAPH_API_KEY capability: consumes: - type: http namespace: policies-identity-conditionalaccessroot baseUri: '' description: Microsoft Graph Policies — identity.conditionalAccessRoot business capability. Self-contained, no shared references. resources: - name: identity-conditionalAccess-authenticationStrength-policies path: /identity/conditionalAccess/authenticationStrength/policies operations: - name: identityconditionalaccessauthenticationstrengthlistpolicies method: GET description: Microsoft Graph Get policies from identity outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: $orderby in: query type: array description: Order items by property values - name: $select in: query type: array description: Select properties to be returned - name: $expand in: query type: array description: Expand related entities - name: identityconditionalaccessauthenticationstrengthcreatepolicies method: POST description: Microsoft Graph Create new navigation property to policies for identity outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: identity-conditionalAccess-authenticationStrength-policies-$count path: /identity/conditionalAccess/authenticationStrength/policies/$count operations: - name: identityconditionalaccessauthenticationstrengthpoliciesgetcount8166 method: GET description: Microsoft Graph Get the number of the resource outputRawFormat: json outputParameters: - name: result type: object value: $. - name: identity-conditionalAccess-authenticationStrength-policies-authenticationStrengt path: /identity/conditionalAccess/authenticationStrength/policies/{authenticationStrengthPolicy-id} operations: - name: identityconditionalaccessauthenticationstrengthgetpolicies method: GET description: Microsoft Graph Get policies from identity outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: $select in: query type: array description: Select properties to be returned - name: $expand in: query type: array description: Expand related entities - name: identityconditionalaccessauthenticationstrengthupdatepolicies method: PATCH description: Microsoft Graph Update the navigation property policies in identity outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: identityconditionalaccessauthenticationstrengthdeletepolicies method: DELETE description: Microsoft Graph Delete navigation property policies for identity outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: If-Match in: header type: string description: ETag - name: identity-conditionalAccess-authenticationStrength-policies-authenticationStrengt path: /identity/conditionalAccess/authenticationStrength/policies/{authenticationStrengthPolicy-id}/combinationConfigurations operations: - name: identityconditionalaccessauthenticationstrengthpolicieslistcombinationconfigurations method: GET description: Microsoft Graph List combinationConfigurations outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: $orderby in: query type: array description: Order items by property values - name: $select in: query type: array description: Select properties to be returned - name: $expand in: query type: array description: Expand related entities - name: identityconditionalaccessauthenticationstrengthpoliciescreatecombinationconfigurations method: POST description: Microsoft Graph Create authenticationCombinationConfiguration outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: identity-conditionalAccess-authenticationStrength-policies-authenticationStrengt path: /identity/conditionalAccess/authenticationStrength/policies/{authenticationStrengthPolicy-id}/combinationConfigurations/$count operations: - name: identityconditionalaccessauthenticationstrengthpoliciescombinationconfigurationsgetcount64b7 method: GET description: Microsoft Graph Get the number of the resource outputRawFormat: json outputParameters: - name: result type: object value: $. - name: identity-conditionalAccess-authenticationStrength-policies-authenticationStrengt path: /identity/conditionalAccess/authenticationStrength/policies/{authenticationStrengthPolicy-id}/combinationConfigurations/{authenticationCombinationConfiguration-id} operations: - name: identityconditionalaccessauthenticationstrengthpoliciesgetcombinationconfigurations method: GET description: Microsoft Graph Get authenticationCombinationConfiguration outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: $select in: query type: array description: Select properties to be returned - name: $expand in: query type: array description: Expand related entities - name: identityconditionalaccessauthenticationstrengthpoliciesupdatecombinationconfigurations method: PATCH description: Microsoft Graph Update authenticationCombinationConfiguration outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: identityconditionalaccessauthenticationstrengthpoliciesdeletecombinationconfigurations method: DELETE description: Microsoft Graph Delete authenticationCombinationConfiguration outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: If-Match in: header type: string description: ETag - name: identity-conditionalAccess-authenticationStrength-policies-authenticationStrengt path: /identity/conditionalAccess/authenticationStrength/policies/{authenticationStrengthPolicy-id}/updateAllowedCombinations operations: - name: identityconditionalaccessauthenticationstrengthpoliciesauthenticationstrengthpolicyupdateallowedcombinations method: POST description: Microsoft Graph Invoke action updateAllowedCombinations outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: identity-conditionalAccess-authenticationStrength-policies-authenticationStrengt path: /identity/conditionalAccess/authenticationStrength/policies/{authenticationStrengthPolicy-id}/usage() operations: - name: identityconditionalaccessauthenticationstrengthpoliciesauthenticationstrengthpolicyusage method: GET description: Microsoft Graph Invoke function usage outputRawFormat: json outputParameters: - name: result type: object value: $. - name: identity-conditionalAccess-policies path: /identity/conditionalAccess/policies operations: - name: identityconditionalaccesslistpolicies method: GET description: Microsoft Graph List policies outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: $orderby in: query type: array description: Order items by property values - name: $select in: query type: array description: Select properties to be returned - name: $expand in: query type: array description: Expand related entities - name: identityconditionalaccesscreatepolicies method: POST description: Microsoft Graph Create conditionalAccessPolicy outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: identity-conditionalAccess-policies-$count path: /identity/conditionalAccess/policies/$count operations: - name: identityconditionalaccesspoliciesgetcount608a method: GET description: Microsoft Graph Get the number of the resource outputRawFormat: json outputParameters: - name: result type: object value: $. - name: identity-conditionalAccess-policies-conditionalAccessPolicy-id path: /identity/conditionalAccess/policies/{conditionalAccessPolicy-id} operations: - name: identityconditionalaccessgetpolicies method: GET description: Microsoft Graph Get conditionalAccessPolicy outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: $select in: query type: array description: Select properties to be returned - name: $expand in: query type: array description: Expand related entities - name: identityconditionalaccessupdatepolicies method: PATCH description: Microsoft Graph Update conditionalaccesspolicy outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: identityconditionalaccessdeletepolicies method: DELETE description: Microsoft Graph Delete conditionalAccessPolicy outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: If-Match in: header type: string description: ETag exposes: - type: rest namespace: policies-identity-conditionalaccessroot-rest port: 8080 description: REST adapter for Microsoft Graph Policies — identity.conditionalAccessRoot. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/identity/conditionalaccess/authenticationstrength/policies name: identity-conditionalaccess-authenticationstrength-policies description: REST surface for identity-conditionalAccess-authenticationStrength-policies. operations: - method: GET name: identityconditionalaccessauthenticationstrengthlistpolicies description: Microsoft Graph Get policies from identity call: policies-identity-conditionalaccessroot.identityconditionalaccessauthenticationstrengthlistpolicies with: $orderby: rest.$orderby $select: rest.$select $expand: rest.$expand outputParameters: - type: object mapping: $. - method: POST name: identityconditionalaccessauthenticationstrengthcreatepolicies description: Microsoft Graph Create new navigation property to policies for identity call: policies-identity-conditionalaccessroot.identityconditionalaccessauthenticationstrengthcreatepolicies with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/identity/conditionalaccess/authenticationstrength/policies/count name: identity-conditionalaccess-authenticationstrength-policies-count description: REST surface for identity-conditionalAccess-authenticationStrength-policies-$count. operations: - method: GET name: identityconditionalaccessauthenticationstrengthpoliciesgetcount8166 description: Microsoft Graph Get the number of the resource call: policies-identity-conditionalaccessroot.identityconditionalaccessauthenticationstrengthpoliciesgetcount8166 outputParameters: - type: object mapping: $. - path: /v1/identity/conditionalaccess/authenticationstrength/policies/{authenticationstrengthpolicy-id} name: identity-conditionalaccess-authenticationstrength-policies-authenticationstrengt description: REST surface for identity-conditionalAccess-authenticationStrength-policies-authenticationStrengt. operations: - method: GET name: identityconditionalaccessauthenticationstrengthgetpolicies description: Microsoft Graph Get policies from identity call: policies-identity-conditionalaccessroot.identityconditionalaccessauthenticationstrengthgetpolicies with: $select: rest.$select $expand: rest.$expand outputParameters: - type: object mapping: $. - method: PATCH name: identityconditionalaccessauthenticationstrengthupdatepolicies description: Microsoft Graph Update the navigation property policies in identity call: policies-identity-conditionalaccessroot.identityconditionalaccessauthenticationstrengthupdatepolicies with: body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: identityconditionalaccessauthenticationstrengthdeletepolicies description: Microsoft Graph Delete navigation property policies for identity call: policies-identity-conditionalaccessroot.identityconditionalaccessauthenticationstrengthdeletepolicies with: If-Match: rest.If-Match outputParameters: - type: object mapping: $. - path: /v1/identity/conditionalaccess/authenticationstrength/policies/{authenticationstrengthpolicy-id}/combinationconfigurations name: identity-conditionalaccess-authenticationstrength-policies-authenticationstrengt description: REST surface for identity-conditionalAccess-authenticationStrength-policies-authenticationStrengt. operations: - method: GET name: identityconditionalaccessauthenticationstrengthpolicieslistcombinationconfigurations description: Microsoft Graph List combinationConfigurations call: policies-identity-conditionalaccessroot.identityconditionalaccessauthenticationstrengthpolicieslistcombinationconfigurations with: $orderby: rest.$orderby $select: rest.$select $expand: rest.$expand outputParameters: - type: object mapping: $. - method: POST name: identityconditionalaccessauthenticationstrengthpoliciescreatecombinationconfigurations description: Microsoft Graph Create authenticationCombinationConfiguration call: policies-identity-conditionalaccessroot.identityconditionalaccessauthenticationstrengthpoliciescreatecombinationconfigurations with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/identity/conditionalaccess/authenticationstrength/policies/{authenticationstrengthpolicy-id}/combinationconfigurations/count name: identity-conditionalaccess-authenticationstrength-policies-authenticationstrengt description: REST surface for identity-conditionalAccess-authenticationStrength-policies-authenticationStrengt. operations: - method: GET name: identityconditionalaccessauthenticationstrengthpoliciescombinationconfigurationsgetcount64b7 description: Microsoft Graph Get the number of the resource call: policies-identity-conditionalaccessroot.identityconditionalaccessauthenticationstrengthpoliciescombinationconfigurationsgetcount64b7 outputParameters: - type: object mapping: $. - path: /v1/identity/conditionalaccess/authenticationstrength/policies/{authenticationstrengthpolicy-id}/combinationconfigurations/{authenticationcombinationconfiguration-id} name: identity-conditionalaccess-authenticationstrength-policies-authenticationstrengt description: REST surface for identity-conditionalAccess-authenticationStrength-policies-authenticationStrengt. operations: - method: GET name: identityconditionalaccessauthenticationstrengthpoliciesgetcombinationconfigurations description: Microsoft Graph Get authenticationCombinationConfiguration call: policies-identity-conditionalaccessroot.identityconditionalaccessauthenticationstrengthpoliciesgetcombinationconfigurations with: $select: rest.$select $expand: rest.$expand outputParameters: - type: object mapping: $. - method: PATCH name: identityconditionalaccessauthenticationstrengthpoliciesupdatecombinationconfigurations description: Microsoft Graph Update authenticationCombinationConfiguration call: policies-identity-conditionalaccessroot.identityconditionalaccessauthenticationstrengthpoliciesupdatecombinationconfigurations with: body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: identityconditionalaccessauthenticationstrengthpoliciesdeletecombinationconfigurations description: Microsoft Graph Delete authenticationCombinationConfiguration call: policies-identity-conditionalaccessroot.identityconditionalaccessauthenticationstrengthpoliciesdeletecombinationconfigurations with: If-Match: rest.If-Match outputParameters: - type: object mapping: $. - path: /v1/identity/conditionalaccess/authenticationstrength/policies/{authenticationstrengthpolicy-id}/updateallowedcombinations name: identity-conditionalaccess-authenticationstrength-policies-authenticationstrengt description: REST surface for identity-conditionalAccess-authenticationStrength-policies-authenticationStrengt. operations: - method: POST name: identityconditionalaccessauthenticationstrengthpoliciesauthenticationstrengthpolicyupdateallowedcombinations description: Microsoft Graph Invoke action updateAllowedCombinations call: policies-identity-conditionalaccessroot.identityconditionalaccessauthenticationstrengthpoliciesauthenticationstrengthpolicyupdateallowedcombinations with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/identity/conditionalaccess/authenticationstrength/policies/{authenticationstrengthpolicy-id}/usage name: identity-conditionalaccess-authenticationstrength-policies-authenticationstrengt description: REST surface for identity-conditionalAccess-authenticationStrength-policies-authenticationStrengt. operations: - method: GET name: identityconditionalaccessauthenticationstrengthpoliciesauthenticationstrengthpolicyusage description: Microsoft Graph Invoke function usage call: policies-identity-conditionalaccessroot.identityconditionalaccessauthenticationstrengthpoliciesauthenticationstrengthpolicyusage outputParameters: - type: object mapping: $. - path: /v1/identity/conditionalaccess/policies name: identity-conditionalaccess-policies description: REST surface for identity-conditionalAccess-policies. operations: - method: GET name: identityconditionalaccesslistpolicies description: Microsoft Graph List policies call: policies-identity-conditionalaccessroot.identityconditionalaccesslistpolicies with: $orderby: rest.$orderby $select: rest.$select $expand: rest.$expand outputParameters: - type: object mapping: $. - method: POST name: identityconditionalaccesscreatepolicies description: Microsoft Graph Create conditionalAccessPolicy call: policies-identity-conditionalaccessroot.identityconditionalaccesscreatepolicies with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/identity/conditionalaccess/policies/count name: identity-conditionalaccess-policies-count description: REST surface for identity-conditionalAccess-policies-$count. operations: - method: GET name: identityconditionalaccesspoliciesgetcount608a description: Microsoft Graph Get the number of the resource call: policies-identity-conditionalaccessroot.identityconditionalaccesspoliciesgetcount608a outputParameters: - type: object mapping: $. - path: /v1/identity/conditionalaccess/policies/{conditionalaccesspolicy-id} name: identity-conditionalaccess-policies-conditionalaccesspolicy-id description: REST surface for identity-conditionalAccess-policies-conditionalAccessPolicy-id. operations: - method: GET name: identityconditionalaccessgetpolicies description: Microsoft Graph Get conditionalAccessPolicy call: policies-identity-conditionalaccessroot.identityconditionalaccessgetpolicies with: $select: rest.$select $expand: rest.$expand outputParameters: - type: object mapping: $. - method: PATCH name: identityconditionalaccessupdatepolicies description: Microsoft Graph Update conditionalaccesspolicy call: policies-identity-conditionalaccessroot.identityconditionalaccessupdatepolicies with: body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: identityconditionalaccessdeletepolicies description: Microsoft Graph Delete conditionalAccessPolicy call: policies-identity-conditionalaccessroot.identityconditionalaccessdeletepolicies with: If-Match: rest.If-Match outputParameters: - type: object mapping: $. - type: mcp namespace: policies-identity-conditionalaccessroot-mcp port: 9090 transport: http description: MCP adapter for Microsoft Graph Policies — identity.conditionalAccessRoot. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: microsoft-graph-get-policies-identity description: Microsoft Graph Get policies from identity hints: readOnly: true destructive: false idempotent: true call: policies-identity-conditionalaccessroot.identityconditionalaccessauthenticationstrengthlistpolicies with: $orderby: tools.$orderby $select: tools.$select $expand: tools.$expand outputParameters: - type: object mapping: $. - name: microsoft-graph-create-new-navigation description: Microsoft Graph Create new navigation property to policies for identity hints: readOnly: false destructive: false idempotent: false call: policies-identity-conditionalaccessroot.identityconditionalaccessauthenticationstrengthcreatepolicies with: body: tools.body outputParameters: - type: object mapping: $. - name: microsoft-graph-get-number-resource description: Microsoft Graph Get the number of the resource hints: readOnly: true destructive: false idempotent: true call: policies-identity-conditionalaccessroot.identityconditionalaccessauthenticationstrengthpoliciesgetcount8166 outputParameters: - type: object mapping: $. - name: microsoft-graph-get-policies-identity-2 description: Microsoft Graph Get policies from identity hints: readOnly: true destructive: false idempotent: true call: policies-identity-conditionalaccessroot.identityconditionalaccessauthenticationstrengthgetpolicies with: $select: tools.$select $expand: tools.$expand outputParameters: - type: object mapping: $. - name: microsoft-graph-update-navigation-property description: Microsoft Graph Update the navigation property policies in identity hints: readOnly: false destructive: false idempotent: true call: policies-identity-conditionalaccessroot.identityconditionalaccessauthenticationstrengthupdatepolicies with: body: tools.body outputParameters: - type: object mapping: $. - name: microsoft-graph-delete-navigation-property description: Microsoft Graph Delete navigation property policies for identity hints: readOnly: false destructive: true idempotent: true call: policies-identity-conditionalaccessroot.identityconditionalaccessauthenticationstrengthdeletepolicies with: If-Match: tools.If-Match outputParameters: - type: object mapping: $. - name: microsoft-graph-list-combinationconfigurations description: Microsoft Graph List combinationConfigurations hints: readOnly: true destructive: false idempotent: true call: policies-identity-conditionalaccessroot.identityconditionalaccessauthenticationstrengthpolicieslistcombinationconfigurations with: $orderby: tools.$orderby $select: tools.$select $expand: tools.$expand outputParameters: - type: object mapping: $. - name: microsoft-graph-create-authenticationcombinationconfiguration description: Microsoft Graph Create authenticationCombinationConfiguration hints: readOnly: false destructive: false idempotent: false call: policies-identity-conditionalaccessroot.identityconditionalaccessauthenticationstrengthpoliciescreatecombinationconfigurations with: body: tools.body outputParameters: - type: object mapping: $. - name: microsoft-graph-get-number-resource-2 description: Microsoft Graph Get the number of the resource hints: readOnly: true destructive: false idempotent: true call: policies-identity-conditionalaccessroot.identityconditionalaccessauthenticationstrengthpoliciescombinationconfigurationsgetcount64b7 outputParameters: - type: object mapping: $. - name: microsoft-graph-get-authenticationcombinationconfiguration description: Microsoft Graph Get authenticationCombinationConfiguration hints: readOnly: true destructive: false idempotent: true call: policies-identity-conditionalaccessroot.identityconditionalaccessauthenticationstrengthpoliciesgetcombinationconfigurations with: $select: tools.$select $expand: tools.$expand outputParameters: - type: object mapping: $. - name: microsoft-graph-update-authenticationcombinationconfiguration description: Microsoft Graph Update authenticationCombinationConfiguration hints: readOnly: false destructive: false idempotent: true call: policies-identity-conditionalaccessroot.identityconditionalaccessauthenticationstrengthpoliciesupdatecombinationconfigurations with: body: tools.body outputParameters: - type: object mapping: $. - name: microsoft-graph-delete-authenticationcombinationconfiguration description: Microsoft Graph Delete authenticationCombinationConfiguration hints: readOnly: false destructive: true idempotent: true call: policies-identity-conditionalaccessroot.identityconditionalaccessauthenticationstrengthpoliciesdeletecombinationconfigurations with: If-Match: tools.If-Match outputParameters: - type: object mapping: $. - name: microsoft-graph-invoke-action-updateallowedcombinations description: Microsoft Graph Invoke action updateAllowedCombinations hints: readOnly: false destructive: false idempotent: false call: policies-identity-conditionalaccessroot.identityconditionalaccessauthenticationstrengthpoliciesauthenticationstrengthpolicyupdateallowedcombinations with: body: tools.body outputParameters: - type: object mapping: $. - name: microsoft-graph-invoke-function-usage description: Microsoft Graph Invoke function usage hints: readOnly: true destructive: false idempotent: true call: policies-identity-conditionalaccessroot.identityconditionalaccessauthenticationstrengthpoliciesauthenticationstrengthpolicyusage outputParameters: - type: object mapping: $. - name: microsoft-graph-list-policies description: Microsoft Graph List policies hints: readOnly: true destructive: false idempotent: true call: policies-identity-conditionalaccessroot.identityconditionalaccesslistpolicies with: $orderby: tools.$orderby $select: tools.$select $expand: tools.$expand outputParameters: - type: object mapping: $. - name: microsoft-graph-create-conditionalaccesspolicy description: Microsoft Graph Create conditionalAccessPolicy hints: readOnly: false destructive: false idempotent: false call: policies-identity-conditionalaccessroot.identityconditionalaccesscreatepolicies with: body: tools.body outputParameters: - type: object mapping: $. - name: microsoft-graph-get-number-resource-3 description: Microsoft Graph Get the number of the resource hints: readOnly: true destructive: false idempotent: true call: policies-identity-conditionalaccessroot.identityconditionalaccesspoliciesgetcount608a outputParameters: - type: object mapping: $. - name: microsoft-graph-get-conditionalaccesspolicy description: Microsoft Graph Get conditionalAccessPolicy hints: readOnly: true destructive: false idempotent: true call: policies-identity-conditionalaccessroot.identityconditionalaccessgetpolicies with: $select: tools.$select $expand: tools.$expand outputParameters: - type: object mapping: $. - name: microsoft-graph-update-conditionalaccesspolicy description: Microsoft Graph Update conditionalaccesspolicy hints: readOnly: false destructive: false idempotent: true call: policies-identity-conditionalaccessroot.identityconditionalaccessupdatepolicies with: body: tools.body outputParameters: - type: object mapping: $. - name: microsoft-graph-delete-conditionalaccesspolicy description: Microsoft Graph Delete conditionalAccessPolicy hints: readOnly: false destructive: true idempotent: true call: policies-identity-conditionalaccessroot.identityconditionalaccessdeletepolicies with: If-Match: tools.If-Match outputParameters: - type: object mapping: $.