{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "#/components/schemas/microsoft.graph.onPremisesConditionalAccessSettings",
  "title": "microsoft.graph.onPremisesConditionalAccessSettings",
  "allOf": [
    {
      "$ref": "#/components/schemas/microsoft.graph.entity"
    },
    {
      "title": "onPremisesConditionalAccessSettings",
      "required": [
        "@odata.type"
      ],
      "type": "object",
      "properties": {
        "enabled": {
          "type": "boolean",
          "description": "Indicates if on premises conditional access is enabled for this organization"
        },
        "excludedGroups": {
          "type": "array",
          "items": {
            "pattern": "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$",
            "type": "string",
            "format": "uuid"
          },
          "description": "User groups that will be exempt by on premises conditional access. All users in these groups will be exempt from the conditional access policy."
        },
        "includedGroups": {
          "type": "array",
          "items": {
            "pattern": "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$",
            "type": "string",
            "format": "uuid"
          },
          "description": "User groups that will be targeted by on premises conditional access. All users in these groups will be required to have mobile device managed and compliant for mail access."
        },
        "overrideDefaultRule": {
          "type": "boolean",
          "description": "Override the default access rule when allowing a device to ensure access is granted."
        },
        "@odata.type": {
          "type": "string"
        }
      },
      "description": "Singleton entity which represents the Exchange OnPremises Conditional Access Settings for a tenant."
    }
  ],
  "x-ms-discriminator-value": "#microsoft.graph.onPremisesConditionalAccessSettings"
}