{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "#/components/schemas/microsoft.graph.authorizationPolicy",
  "title": "microsoft.graph.authorizationPolicy",
  "allOf": [
    {
      "$ref": "#/components/schemas/microsoft.graph.policyBase"
    },
    {
      "title": "authorizationPolicy",
      "required": [
        "@odata.type"
      ],
      "type": "object",
      "properties": {
        "allowedToSignUpEmailBasedSubscriptions": {
          "type": "boolean",
          "description": "Indicates whether users can sign up for email based subscriptions."
        },
        "allowedToUseSSPR": {
          "type": "boolean",
          "description": "Indicates whether administrators of the tenant can use the Self-Service Password Reset (SSPR). For more information, see Self-service password reset for administrators."
        },
        "allowEmailVerifiedUsersToJoinOrganization": {
          "type": "boolean",
          "description": "Indicates whether a user can join the tenant by email validation."
        },
        "allowInvitesFrom": {
          "anyOf": [
            {
              "$ref": "#/components/schemas/microsoft.graph.allowInvitesFrom"
            },
            {
              "type": "object",
              "nullable": true
            }
          ],
          "description": "Indicates who can invite guests to the organization. The possible values are: none, adminsAndGuestInviters, adminsGuestInvitersAndAllMembers, everyone.  everyone is the default setting for all cloud environments except US Government. For more information, see allowInvitesFrom values."
        },
        "allowUserConsentForRiskyApps": {
          "type": "boolean",
          "description": "Indicates whether user consent for risky apps is allowed. We recommend keeping allowUserConsentForRiskyApps as false. Default value is false.",
          "nullable": true
        },
        "blockMsolPowerShell": {
          "type": "boolean",
          "description": "To disable the use of MSOL PowerShell, set this property to true. This also disables user-based access to the legacy service endpoint used by MSOL PowerShell. This doesn't affect Microsoft Entra Connect or Microsoft Graph.",
          "nullable": true
        },
        "defaultUserRolePermissions": {
          "$ref": "#/components/schemas/microsoft.graph.defaultUserRolePermissions"
        },
        "guestUserRoleId": {
          "pattern": "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$",
          "type": "string",
          "description": "Represents role templateId for the role that should be granted to guests. Currently following roles are supported:  User (a0b1b346-4d3e-4e8b-98f8-753987be4970), Guest User (10dae51f-b6af-4016-8d66-8c2a99b929b3), and Restricted Guest User (2af84b1e-32c8-42b7-82bc-daa82404023b).",
          "format": "uuid",
          "nullable": true
        },
        "@odata.type": {
          "type": "string",
          "default": "#microsoft.graph.authorizationPolicy"
        }
      }
    }
  ],
  "x-ms-discriminator-value": "#microsoft.graph.authorizationPolicy"
}