JSON Template
{
  "displayName": "High-Security Access Policy",
  "state": "enabled",
  "conditions": {
    "clientAppTypes": [
      "mobileAppsAndDesktopClients",
      "browser"
    ],
    "applications": {
      "includeApplications": [
        "Office365",
        "AzureAD"
      ],
      "excludeApplications": [
        "Salesforce"
      ]
    },
    "users": {
      "includeUsers": [
        "user123",
        "user456"
      ],
      "excludeUsers": [
        "user789"
      ],
      "includeGroups": [
        "group123",
        "group456"
      ],
      "excludeGroups": [
        "group789"
      ],
      "includeRoles": [
        "admin",
        "supervisor"
      ],
      "excludeRoles": [
        "guest"
      ]
    },
    "locations": {
      "includeLocations": [
        "USA",
        "Canada"
      ],
      "excludeLocations": [
        "China"
      ]
    }
  },
  "grantControls": {
    "operator": "AND",
    "builtInControls": [
      "mfa",
      "approvedApplication"
    ],
    "customAuthenticationFactors": [
      "customFactor1",
      "customFactor2"
    ],
    "termsOfUse": [
      "term1",
      "term2"
    ]
  },
  "sessionControls": {
    "applicationEnforcedRestrictions": null,
    "persistentBrowser": null,
    "cloudAppSecurity": {
      "cloudAppSecurityType": "blockDownloads",
      "isEnabled": true
    },
    "signInFrequency": {
      "value": 24,
      "type": "hours",
      "isEnabled": true
    }
  }
}
JSON Preview
JSON Schema
Property Accepted Values
Loading schema properties...