Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Namespace: microsoft.graph
Important
APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
Represents client applications (service principals and workload identities) included in and excluded from the policy scope.
Properties
| Property | Type | Description |
|---|---|---|
| agentIdServicePrincipalFilter | conditionalAccessFilter | Filter that defines rules based on custom security attribute tags to include/exclude agent identities in the policy. |
| excludeAgentIdServicePrincipals | String collection | Agent identity object IDs excluded from the policy. |
| excludeServicePrincipals | String collection | Service principal IDs excluded from the policy scope. |
| includeAgentIdServicePrincipals | String collection | Agent identity object IDs included in the policy. |
| includeServicePrincipals | String collection | Service principal IDs included in the policy scope or ServicePrincipalsInMyTenant. |
| servicePrincipalFilter | conditionalAccessFilter | Filter that defines the dynamic-servicePrincipal-syntax rule to include/exclude service principals. A filter can use custom security attributes to include/exclude service principals. |
Relationships
None.
JSON representation
The following JSON representation shows the resource type.
{
"@odata.type": "#microsoft.graph.conditionalAccessClientApplications",
"includeServicePrincipals": [
"String"
],
"excludeServicePrincipals": [
"String"
],
"servicePrincipalFilter": {
"@odata.type": "microsoft.graph.conditionalAccessFilter"
},
"includeAgentIdServicePrincipals": [
"String"
],
"excludeAgentIdServicePrincipals": [
"String"
],
"agentIdServicePrincipalFilter": {
"@odata.type": "microsoft.graph.conditionalAccessFilter"
}
}