{ "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "#/components/schemas/microsoft.graph.policyRoot", "title": "microsoft.graph.policyRoot", "allOf": [ { "$ref": "#/components/schemas/microsoft.graph.entity" }, { "title": "policyRoot", "required": [ "@odata.type" ], "type": "object", "properties": { "activityBasedTimeoutPolicies": { "type": "array", "items": { "$ref": "#/components/schemas/microsoft.graph.activityBasedTimeoutPolicy" }, "description": "The policy that controls the idle time out for web sessions for applications.", "x-ms-navigationProperty": true }, "adminConsentRequestPolicy": { "anyOf": [ { "$ref": "#/components/schemas/microsoft.graph.adminConsentRequestPolicy" }, { "type": "object", "nullable": true } ], "description": "The policy by which consent requests are created and managed for the entire tenant.", "x-ms-navigationProperty": true }, "appManagementPolicies": { "type": "array", "items": { "$ref": "#/components/schemas/microsoft.graph.appManagementPolicy" }, "description": "The policies that enforce app management restrictions for specific applications and service principals, overriding the defaultAppManagementPolicy.", "x-ms-navigationProperty": true }, "authenticationFlowsPolicy": { "anyOf": [ { "$ref": "#/components/schemas/microsoft.graph.authenticationFlowsPolicy" }, { "type": "object", "nullable": true } ], "description": "The policy configuration of the self-service sign-up experience of external users.", "x-ms-navigationProperty": true }, "authenticationMethodsPolicy": { "anyOf": [ { "$ref": "#/components/schemas/microsoft.graph.authenticationMethodsPolicy" }, { "type": "object", "nullable": true } ], "description": "The authentication methods and the users that are allowed to use them to sign in and perform multifactor authentication (MFA) in Microsoft Entra ID.", "x-ms-navigationProperty": true }, "authenticationStrengthPolicies": { "type": "array", "items": { "$ref": "#/components/schemas/microsoft.graph.authenticationStrengthPolicy" }, "description": "The authentication method combinations that are to be used in scenarios defined by Microsoft Entra Conditional Access.", "x-ms-navigationProperty": true }, "authorizationPolicy": { "anyOf": [ { "$ref": "#/components/schemas/microsoft.graph.authorizationPolicy" }, { "type": "object", "nullable": true } ], "description": "The policy that controls Microsoft Entra authorization settings.", "x-ms-navigationProperty": true }, "claimsMappingPolicies": { "type": "array", "items": { "$ref": "#/components/schemas/microsoft.graph.claimsMappingPolicy" }, "description": "The claim-mapping policies for WS-Fed, SAML, OAuth 2.0, and OpenID Connect protocols, for tokens issued to a specific application.", "x-ms-navigationProperty": true }, "conditionalAccessPolicies": { "type": "array", "items": { "$ref": "#/components/schemas/microsoft.graph.conditionalAccessPolicy" }, "description": "The custom rules that define an access scenario.", "x-ms-navigationProperty": true }, "crossTenantAccessPolicy": { "anyOf": [ { "$ref": "#/components/schemas/microsoft.graph.crossTenantAccessPolicy" }, { "type": "object", "nullable": true } ], "description": "The custom rules that define an access scenario when interacting with external Microsoft Entra tenants.", "x-ms-navigationProperty": true }, "defaultAppManagementPolicy": { "anyOf": [ { "$ref": "#/components/schemas/microsoft.graph.tenantAppManagementPolicy" }, { "type": "object", "nullable": true } ], "description": "The tenant-wide policy that enforces app management restrictions for all applications and service principals.", "x-ms-navigationProperty": true }, "deviceRegistrationPolicy": { "anyOf": [ { "$ref": "#/components/schemas/microsoft.graph.deviceRegistrationPolicy" }, { "type": "object", "nullable": true } ], "x-ms-navigationProperty": true }, "featureRolloutPolicies": { "type": "array", "items": { "$ref": "#/components/schemas/microsoft.graph.featureRolloutPolicy" }, "description": "The feature rollout policy associated with a directory object.", "x-ms-navigationProperty": true }, "homeRealmDiscoveryPolicies": { "type": "array", "items": { "$ref": "#/components/schemas/microsoft.graph.homeRealmDiscoveryPolicy" }, "description": "The policy to control Microsoft Entra authentication behavior for federated users.", "x-ms-navigationProperty": true }, "identitySecurityDefaultsEnforcementPolicy": { "anyOf": [ { "$ref": "#/components/schemas/microsoft.graph.identitySecurityDefaultsEnforcementPolicy" }, { "type": "object", "nullable": true } ], "description": "The policy that represents the security defaults that protect against common attacks.", "x-ms-navigationProperty": true }, "permissionGrantPolicies": { "type": "array", "items": { "$ref": "#/components/schemas/microsoft.graph.permissionGrantPolicy" }, "description": "The policy that specifies the conditions under which consent can be granted.", "x-ms-navigationProperty": true }, "roleManagementPolicies": { "type": "array", "items": { "$ref": "#/components/schemas/microsoft.graph.unifiedRoleManagementPolicy" }, "description": "Specifies the various policies associated with scopes and roles.", "x-ms-navigationProperty": true }, "roleManagementPolicyAssignments": { "type": "array", "items": { "$ref": "#/components/schemas/microsoft.graph.unifiedRoleManagementPolicyAssignment" }, "description": "The assignment of a role management policy to a role definition object.", "x-ms-navigationProperty": true }, "tokenIssuancePolicies": { "type": "array", "items": { "$ref": "#/components/schemas/microsoft.graph.tokenIssuancePolicy" }, "description": "The policy that specifies the characteristics of SAML tokens issued by Microsoft Entra ID.", "x-ms-navigationProperty": true }, "tokenLifetimePolicies": { "type": "array", "items": { "$ref": "#/components/schemas/microsoft.graph.tokenLifetimePolicy" }, "description": "The policy that controls the lifetime of a JWT access token, an ID token, or a SAML 1.1/2.0 token issued by Microsoft Entra ID.", "x-ms-navigationProperty": true }, "@odata.type": { "type": "string" } } } ], "x-ms-discriminator-value": "#microsoft.graph.policyRoot" }