{ "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "#/components/schemas/microsoft.graph.conditionalAccessConditionSet", "title": "conditionalAccessConditionSet", "required": [ "@odata.type" ], "type": "object", "properties": { "applications": { "anyOf": [ { "$ref": "#/components/schemas/microsoft.graph.conditionalAccessApplications" }, { "type": "object", "nullable": true } ], "description": "Applications and user actions included in and excluded from the policy. Required." }, "authenticationFlows": { "anyOf": [ { "$ref": "#/components/schemas/microsoft.graph.conditionalAccessAuthenticationFlows" }, { "type": "object", "nullable": true } ], "description": "Authentication flows included in the policy scope." }, "clientApplications": { "anyOf": [ { "$ref": "#/components/schemas/microsoft.graph.conditionalAccessClientApplications" }, { "type": "object", "nullable": true } ], "description": "Client applications (service principals and workload identities) included in and excluded from the policy. Either users or clientApplications is required." }, "clientAppTypes": { "type": "array", "items": { "$ref": "#/components/schemas/microsoft.graph.conditionalAccessClientApp" }, "description": "Client application types included in the policy. The possible values are: all, browser, mobileAppsAndDesktopClients, exchangeActiveSync, easSupported, other. Required. The easUnsupported enumeration member will be deprecated in favor of exchangeActiveSync, which includes EAS supported and unsupported platforms." }, "devices": { "anyOf": [ { "$ref": "#/components/schemas/microsoft.graph.conditionalAccessDevices" }, { "type": "object", "nullable": true } ], "description": "Devices in the policy." }, "insiderRiskLevels": { "anyOf": [ { "$ref": "#/components/schemas/microsoft.graph.conditionalAccessInsiderRiskLevels" }, { "type": "object", "nullable": true } ], "description": "Insider risk levels included in the policy. The possible values are: minor, moderate, elevated, unknownFutureValue." }, "locations": { "anyOf": [ { "$ref": "#/components/schemas/microsoft.graph.conditionalAccessLocations" }, { "type": "object", "nullable": true } ], "description": "Locations included in and excluded from the policy." }, "platforms": { "anyOf": [ { "$ref": "#/components/schemas/microsoft.graph.conditionalAccessPlatforms" }, { "type": "object", "nullable": true } ], "description": "Platforms included in and excluded from the policy." }, "servicePrincipalRiskLevels": { "type": "array", "items": { "$ref": "#/components/schemas/microsoft.graph.riskLevel" }, "description": "Service principal risk levels included in the policy. The possible values are: low, medium, high, none, unknownFutureValue." }, "signInRiskLevels": { "type": "array", "items": { "$ref": "#/components/schemas/microsoft.graph.riskLevel" }, "description": "Sign-in risk levels included in the policy. The possible values are: low, medium, high, hidden, none, unknownFutureValue. Required." }, "userRiskLevels": { "type": "array", "items": { "$ref": "#/components/schemas/microsoft.graph.riskLevel" }, "description": "User risk levels included in the policy. The possible values are: low, medium, high, hidden, none, unknownFutureValue. Required." }, "users": { "anyOf": [ { "$ref": "#/components/schemas/microsoft.graph.conditionalAccessUsers" }, { "type": "object", "nullable": true } ], "description": "Users, groups, and roles included in and excluded from the policy. Either users or clientApplications is required." }, "@odata.type": { "type": "string" } } }