NetworkAccess.Read.All

Allows the app to read all network access information on behalf of the signed-in user.

Merill's Note

For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the NetworkAccess.Read.All permission.

If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the Export-MsIdAppConsentGrantReport command. See How To: Run a quick OAuth app audit of your tenant

Category	Application	Delegated
Identifier	e30060de-caa5-4331-99d3-6ac6c966a9a4	2f7013e0-ab4e-447f-a5e1-5d419950692d
DisplayText	Read all network access information	Read all network access information
Description	Allows the app to read all network access information and configuration settings without a signed-in user.	Allows the app to read all network access information on behalf of the signed-in user.
AdminConsentRequired	Yes	Yes

Graph Methods

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods
	GET /networkAccess/connectivity/branches
	GET /networkAccess/connectivity/branches/{branchSiteId}
	GET /networkAccess/connectivity/branches/{branchSiteId}/connectivityConfiguration
	GET /networkAccess/connectivity/branches/{branchSiteId}/deviceLinks
	GET /networkAccess/connectivity/branches/{branchSiteId}/deviceLinks/{deviceLinkId}
	GET /networkAccess/connectivity/getWebCategoryByUrl(url='@url')?@url=url
	GET /networkAccess/connectivity/remoteNetworks/{remoteNetworkId}/deviceLinks/{deviceLinkId}
	GET /networkAccess/filteringPolicies
	GET /networkaccess/filteringPolicies/{filteringPoliciesId}/policyRules/{policyRulesId}
	GET /networkAccess/filteringProfiles
	GET /networkAccess/filteringProfiles/{filteringProfileId}
	GET /networkAccess/filteringProfiles/{filteringProfileId}/policies
	GET /networkAccess/filteringProfiles/{filteringProfileId}/policies?$filter=isof('microsoft.graph.networkaccess.tlsInspectionPolicyLink')
	GET /networkAccess/forwardingPolicies
	GET /networkAccess/forwardingPolicies/{forwardingPolicyId}
	GET /networkaccess/forwardingPolicies/{forwardingPolicyId}/policyRules/
	GET /networkaccess/forwardingPolicies/{forwardingPolicyId}/policyRules/{ruleId}
	GET /networkAccess/forwardingProfiles/
	GET /networkAccess/forwardingProfiles/{forwardingProfileId}
	GET /networkAccess/forwardingProfiles/{forwardingProfileId}/policies/{forwardingPolicyId}
	GET /networkAccess/reports/getApplicationUsageAnalytics(startDateTime={startDateTime},endDateTime={endDateTime},aggregatedBy={aggregatedBy})
	GET /networkAccess/reports/getConnectionSummaries(startDateTime='{startDateTime}',endDateTime='{endDateTime}')
	GET /networkAccess/reports/getDiscoveredApplicationSegmentReport(startDateTime={startDateTime},endDateTime={endDateTime})
	GET /networkAccess/reports/getEnterpriseApplicationReport(startDateTime={startDateTime},endDateTime={endDateTime})
	GET /networkAccess/reports/usageProfiling(startDateTime={startDateTime},endDateTime={endDateTime},aggregatedBy={aggregatedBy})
	GET /networkAccess/settings/conditionalAccess
	GET /networkAccess/settings/crossTenantAccess
	GET /networkAccess/threatIntelligencePolicies
	GET /networkAccess/threatIntelligencePolicies/{threatIntelligencePolicyId}
	GET /networkAccess/tls/externalCertificateAuthorityCertificates
	GET /networkAccess/tls/externalCertificateAuthorityCertificates/{externalCertificateAuthorityCertificateId}
	GET /networkAccess/tlsInspectionPolicies
	GET /networkAccess/tlsInspectionPolicies/{tlsInspectionPolicyId}
	GET /networkAccess/tlsInspectionPolicies/{tlsInspectionPolicyId}/policyRules
	GET /networkAccess/tlsInspectionPolicies/{tlsInspectionPolicyId}/policyRules/{tlsInspectionRuleId}
	GET /networkAccessRoot/alerts/getAlertFrequencies(startDateTime={startDateTime},endDateTime={endDateTime})
	GET /networkAccessRoot/alerts/getAlertSummaries(startDateTime={startDateTime},endDateTime={endDateTime})

→ Command supports delegated access (access on behalf of a user)
→ Command supports app-only access (access without a user)

	Commands
	Get-MgBetaNetworkAccessConnectivityBranch
	Get-MgBetaNetworkAccessConnectivityBranchConnectivityConfiguration
	Get-MgBetaNetworkAccessConnectivityBranchDeviceLink
	Get-MgBetaNetworkAccessConnectivityRemoteNetworkDeviceLink
	Get-MgBetaNetworkAccessFilteringPolicy
	Get-MgBetaNetworkAccessFilteringPolicyRule
	Get-MgBetaNetworkAccessFilteringProfile
	Get-MgBetaNetworkAccessFilteringProfilePolicy
	Get-MgBetaNetworkAccessForwardingPolicy
	Get-MgBetaNetworkAccessForwardingPolicyRule
	Get-MgBetaNetworkAccessForwardingProfile
	Get-MgBetaNetworkAccessForwardingProfilePolicy
	Get-MgBetaNetworkAccessReportConnectionSummary
	Get-MgBetaNetworkAccessReportDiscoveredApplicationSegmentReport
	Get-MgBetaNetworkAccessSettingConditionalAccess
	Get-MgBetaNetworkAccessSettingCrossTenantAccess
	Get-MgBetaNetworkAccessThreatIntelligencePolicy
	Get-MgBetaNetworkAccessTlExternalCertificateAuthorityCertificate
	Get-MgBetaNetworkAccessTlInspectionPolicy
	Get-MgBetaNetworkAccessTlInspectionPolicyRule
	Invoke-MgBetaUsageNetworkAccessReportProfiling

Resources

Granting this permission allows the calling application to access (and/or update) the following information in your tenant.

Graph reference: networkaccess-alert

Property	Type	Description
actions	microsoft.graph.networkaccess.alertAction collection	List of possible action items to take based on the alert (if applicable).
alertType	microsoft.graph.networkaccess.alertType	The type of the alert out of a closed list. Required. The possible values are: `unhealthyRemoteNetworks`, `unhealthyConnectors`, `deviceTokenInconsistency`, `crossTenantAnomaly`, `suspiciousProcess`, `threatIntelligenceTransactions`, `unknownFutureValue`, `webContentBlocked`, `malware`, `patientZero`, `dlp`, `fallback`. Use the `Prefer: include-unknown-enum-members` request header to get the following values from this evolvable enum: `webContentBlocked` , `malware` , `patientZero` , `dlp` , `fallback`.
categories	microsoft.graph.networkaccess.intentCategory collection	Categories associated with the alert.
componentName	String	Component name related to the alert.
creationDateTime	DateTimeOffset	The time the alert was created in the system. Required.
description	String	Text description explaining the alert.
detectionTechnology	String	Alert detection technology.
displayName	String	The display name of the alert. Required.
extendedProperties	microsoft.graph.networkaccess.extendedProperties	Extended properties for the alert.
firstActivityDateTime	DateTimeOffset	The time of the first activity related to the alert.
id	String	Generated identifier for the alert. Required. Inherits from entity
isPreview	Boolean	Indicates if the alert is a preview.
lastActivityDateTime	DateTimeOffset	The time of the last activity related to the alert.
productName	String	The name of the product that raised the alert.
relatedResources	microsoft.graph.networkaccess.relatedResource collection	List of related resources to the alert (if applicable).
severity	microsoft.graph.networkaccess.alertSeverity	The severity of the alert as it is reported by the provider. Required. The possible values are: `informational`, `low`, `medium`, `high`, `unknownFutureValue`.
subTechniques	String collection	Sub-techniques associated with the alert.
techniques	String collection	Techniques associated with the alert.
vendorName	String	The name of the vendor that raised the alert.

Graph reference: alertFrequencyPoint

Property	Type	Description
highSeverityCount	Int64	Total number of high alert severity. Required.
informationalSeverityCount	Int64	Total number of informational alert severity. Required.
lowSeverityCount	Int64	Total number of low alert severity. Required.
mediumSeverityCount	Int64	Total number of medium alert severity. Required.
timeStampDateTime	DateTimeOffset	The time bucket for counting the alert severities. Required.

Graph reference: alertSummary

Property	Type	Description
alertType	microsoft.graph.networkaccess.alertType	The type of the alerts. Required. The possible values are: `unhealthyRemoteNetworks`, `unhealthyConnectors`, `deviceTokenInconsistency`, `crossTenantAnomaly`, `suspiciousProcess`, `threatIntelligenceTransactions`, `unknownFutureValue`, `webContentBlocked`, `malware`, `patientZero`, `dlp`, `fallback`. Use the `Prefer: include-unknown-enum-members` request header to get the following values from this evolvable enum: `webContentBlocked` , `malware` , `patientZero` , `dlp` , `fallback`.
count	Int64	Total number of alerts with this specific severity and type. Required.
severity	microsoft.graph.networkaccess.alertSeverity	The severity of the alerts. Required. The possible values are: `informational`, `low`, `medium`, `high`, `unknownFutureValue`.

Graph reference: applicationAnalyticsUsagePoint

Property	Type	Description
cloudAppsCount	Int64	The count attributed to cloud applications for the specified aggregation type.
enterpriseAppsCount	Int64	The count attributed to enterprise applications for the specified aggregation type.
timeStampDateTime	DateTimeOffset	The date for which the aggregated data point represents.
totalCount	Int64	The total count for the specified aggregation type (users, devices, or transactions).

Graph reference: networkaccess-branchconnectivityconfiguration

Property	Type	Description
branchId	String	Unique identifier or a specific reference assigned to a branchSite. Key.
branchName	String	Display name assigned to a branchSite.
links	microsoft.graph.networkaccess.connectivityConfigurationLink collection	List of connectivity configurations for deviceLink objects.

Graph reference: networkaccess-branchsite

Property	Type	Description
bandwidthCapacity	Int64	Determines the maximum allowed Mbps (megabits per second) bandwidth from a branch site. The possible values are:`250`,`500`,`750`,`1000`.
connectivityState	microsoft.graph.networkaccess.connectivityState	Determines the branch site status. The possible values are: `pending`, `connected`, `inactive`, `error`.
id	String	Identifier for the branch. Inherited from microsoft.graph.entity.
lastModifiedDateTime	DateTimeOffset	last modified time.
name	String	Name.
region	microsoft.graph.networkaccess.region	Specify the region closest to your remote network. The possible value are: `eastUS`, `eastUS2`, `westUS`, `westUS2`, `westUS3`, `centralUS`, `northCentralUS`, `southCentralUS`, `northEurope`, `westEurope`, `franceCentral`, `germanyWestCentral`, `switzerlandNorth`, `ukSouth`, `canadaEast`, `canadaCentral`, `southAfricaWest`, `southAfricaNorth`, `uaeNorth`, `australiaEast`, `westCentralUS`, `centralIndia`, `southEastAsia`, `swedenCentral`, `southIndia`, `australiaSouthEast`, `koreaCentral`, `koreaSouth`, `polandCentral`, `brazilSouth`, `japanEast`, `japanWest`, `koreaSouth`, `italyNorth`, `franceSouth`, `israelCentral`, `unknownFutureValue`.
version	String	The branch version.
country (deprecated)	String	The branch site is created in the specified country. **D

Graph reference: conditionalAccessSettings

Property	Type	Description
id	String	Identifier. Inherited from microsoft.graph.entity.
signalingStatus	microsoft.graph.networkaccess.status	When SignalingStatus is enabled, the Conditional Access policy includes zero trust network access information. The possible values are: `enabled`, `disabled`.

Graph reference: connectionSummary

Property	Type	Description
totalCount	Int32	Total number of connections for the specified traffic type.
trafficType	microsoft.graph.networkaccess.trafficType	The type of network traffic these connections represent. The possible values are: `internet`, `private`, `microsoft365`, `all`, `unknownFutureValue`.

Graph reference: crossTenantAccessSettings

Property	Type	Description
id	String	Identifier. Inherited from microsoft.graph.entity.
networkPacketTaggingStatus	microsoft.graph.networkaccess.status	Determines if a header with the user tenant ID is inserted into the network traffic. .The possible values are: `enabled`, `disabled`.

Graph reference: deviceLink

Property	Type	Description
bgpConfiguration	microsoft.graph.networkaccess.bgpConfiguration	The border gateway protocol specifies the Border Gateway Protocol (BGP) IP address and ASN for directing traffic from a link to the edge.
bandwidthCapacityInMbps	Int64	Determines the maximum allowed Mbps (megabits per second) bandwidth from a device link. The possible values are:`250`,`500`,`750`,`1000`.
deviceVendor	microsoft.graph.networkaccess.deviceVendor	Specifies the manufacturer of the deviceLink. The possible values are: `barracudaNetworks`, `checkPoint`, `ciscoMeraki`, `citrix`, `fortinet`, `hpeAruba`, `netFoundry`, `nuage`, `openSystems`, `paloAltoNetworks`, `riverbedTechnology`, `silverPeak`, `vmWareSdWan`, `versa`, `other`.
id	String	Identifier. Inherited from microsoft.graph.entity.
ipAddress	String	The public IP address of your CPE (customer premise equipment) device.
lastModifiedDateTime	DateTimeOffset	last modified time.
name	String	Name.
tunnelConfiguration	microsoft.graph.networkaccess.tunnelConfiguration	The connectivity settings, including the protocol, IPSec policy, and preshared key, are specified for establishing connectivity.
version	String	Version.

Graph reference: discoveredApplicationSegmentReport

Property	Type	Description
accessType	microsoft.graph.networkaccess.accessType	The type of access used to connect to this application segment. The possible values are: `quickAccess`, `privateAccess`, `unknownFutureValue`, `appAccess`. Use the `Prefer: include-unknown-enum-members` request header to get the following values from this evolvable enum: `appAccess`.
deviceCount	Int32	The number of unique devices that have accessed this application segment.
discoveredApplicationSegmentId	String	The unique identifier for this discovered application segment.
firstAccessDateTime	DateTimeOffset	The date and time when this application segment was first accessed.
fqdn	String	The fully qualified domain name associated with this application segment.
ip	String	The IP address associated with this application segment.
lastAccessDateTime	DateTimeOffset	The date and time when this application segment was last accessed.
port	Int32	The port number used to access this application segment.
totalBytesReceived	Int64	The total number of bytes received from this application segment.
totalBytesSent	Int64	The total number of bytes sent to this application segment.
transactionCount	Int32	The number of transactions recorded for this application segment.
transportProtocol	microsoft.graph.networkaccess.networkingProtocol	The transport protocol used to access this application segment. The possible values are: `ip`, `icmp`, `igmp`, `ggp`, `ipv4`, `tcp`, `pup`, `udp`, `idp`, `ipv6`, `ipv6RoutingHeader`, `ipv6FragmentHeader`, `ipSecEncapsulatingSecurityPayload`, `ipSecAuthenticationHeader`, `icmpV6`, `ipv6NoNextHeader`, `ipv6DestinationOptions`, `nd`, `raw`, `ipx`, `spx`, `spxII`, `unknownFutureValue`.
userCount	Int32	The number of unique users who have accessed this application segment.

Graph reference: enterpriseApplicationReport

Property	Type	Description
accessType	microsoft.graph.networkaccess.accessType	The type of accessed application. The possible values are: `quickAccess`, `privateAccess`, `unknownFutureValue`, `appAccess`. Use the `Prefer: include-unknown-enum-members` request header to get the following values from this evolvable enum: `appAccess`.
applicationId	String	The unique identifier for the enterprise application (`appId`) in Microsoft Entra ID.
deviceCount	Int32	Number of devices that accessed this application.
firstAccessDateTime	DateTimeOffset	Timestamp of the first access to the application.
lastAccessDateTime	DateTimeOffset	Timestamp of the last access to the application.
totalBytesReceived	Int64	Total bytes received from the application.
totalBytesSent	Int64	Total bytes sent to the application.
trafficType	microsoft.graph.networkaccess.trafficType	The type of traffic. The possible values are: `internet`, `private`, `microsoft365`, `all`, `unknownFutureValue`.
transactionCount	Int32	Number of transactions to this application.
userCount	Int32	Number of users that accessed this application.

Graph reference: externalCertificateAuthorityCertificate

Property	Type	Description
certificate	String	The signed X.509 certificate in PEM format.
certificateSigningRequest	String	The Certificate Signing Request (CSR) generated when creating the CA. This CSR should be signed using the customer's PKI infrastructure. Read-only.
chain	String	The certificate chain in PEM format, containing all intermediate certificates up to the root CA.
commonName	String	The common name (CN) field of the certificate. Supports `$filter` (`eq`, `ne`, `startsWith`)
id	String	The unique identifier for the CA. Inherits from entity. Read-only.
name	String	The display name of the CA. Supports `$filter` (`eq`, `ne`, `startsWith`)
organizationName	String	The organization name (OU) field of the certificate. Supports `$filter` (`eq`, `ne`, `startsWith`)
status	microsoft.graph.networkaccess.tlsCertificateStatus	The current status of the certificate. The possible values are: `csrGenerated`, `enrolling`, `active`, `unknownFutureValue`, `expiring`, `expired`, `enabled`, `disabled`. Use the `Prefer: include-unknown-enum-members` request header to get the following values from this {evolvable enum}(/graph/best-practices-concept#handling-future-members-in-evolvable-enumerations): `expiring`, `expired`, `enabled`, `disabled`. Read-only. Supports `$filter` (`eq`, `ne`).
validity	microsoft.graph.networkaccess.validityDate	The validity period of the certificate, including start and end dates.

Graph reference: filteringPolicy

Property	Type	Description
createdDateTime	DateTimeOffset	The date and time when the filtering Policy was originally created.
description	String	A description of the filtering policy. Inherited from microsoft.graph.networkaccess.policy.
id	String	The identifier for the filtering policy. Inherited from microsoft.graph.entity.
lastModifiedDateTime	DateTimeOffset	The date and time when a particular profile was last modified or updated.
name	String	The display name for the filtering policy. Inherited from microsoft.graph.networkaccess.policy.

Graph reference: filteringProfile

Property	Type	Description
createdDateTime	DateTimeOffset	The date and time when the filteringProfile was created.
description	String	A description of the filtering profile. Inherited from microsoft.graph.networkaccess.profile.
id	String	The distinct identifier that is assigned to a specific profile. Inherited from microsoft.graph.entity.
lastModifiedDateTime	DateTimeOffset	The date and time when a particular profile was last modified or updated. Inherited from microsoft.graph.networkaccess.profile.
name	String	The name of the profile. Inherited from microsoft.graph.networkaccess.profile.
priority	Int64	The priority used to order the profile for processing within a list.
state	microsoft.graph.networkaccess.status	The profile state. Inherited from microsoft.graph.networkaccess.profile. The possible values are: `enabled`, `disabled`.

Graph reference: filteringRule

Property	Type	Description
destinations	microsoft.graph.networkaccess.ruleDestination collection	Possible destinations and types of destinations accessed by the user in accordance with the network filtering policy, such as IP addresses and FQDNs/URLs.
id	String	A unique ID for the rule. Inherited from microsoft.graph.networkaccess.policyRule.
name	String	The display name of the rule. Inherited from microsoft.graph.networkaccess.policyRule.
ruleType	microsoft.graph.networkaccess.networkDestinationType	The rule types that specify the basis for filtering. The possible values are: `url`, `fqdn`, `ipAddress`, `ipRange`, `ipSubnet`, and `webCategory`.

Graph reference: forwardingPolicy

Property	Type	Description
description	String	Forwarding policy description. Inherited from microsoft.graph.networkaccess.policy.
id	String	Identifier for the forwarding policy. Inherited from microsoft.graph.entity.
name	String	Forwarding policy name. Inherited from microsoft.graph.networkaccess.policy.
trafficForwardingType	microsoft.graph.networkaccess.trafficForwardingType	Traffic type for forwarding policy. The possible values are: `m365`, `internet`, `private`.
version	String	Forwarding policy version. Inherited from microsoft.graph.networkaccess.policy.

Graph reference: forwardingPolicyLink

Property	Type	Description
id	String	Unique identifier. Inherited from microsoft.graph.entity.
state	microsoft.graph.networkaccess.status	Link Status. Inherited from microsoft.graph.networkaccess.policyLink. The possible values are: `enabled`, `disabled`.
version	String	Version number. Inherited from microsoft.graph.networkaccess.policyLink.

Graph reference: forwardingProfile

Property	Type	Description
associations	microsoft.graph.networkaccess.association collection	Specifies the users, groups, devices, and remote networks whose traffic is associated with the given traffic forwarding profile.
description	String	Profile description. Inherited from microsoft.graph.networkaccess.profile.
id	String	Identifier for the profile. Inherited from microsoft.graph.entity.
lastModifiedDateTime	DateTimeOffset	Profile last modified time. Inherited from microsoft.graph.networkaccess.profile.
name	String	Profile name. Inherited from microsoft.graph.networkaccess.profile.
priority	Int32	Profile priority.
state	microsoft.graph.networkaccess.status	Determines whether the profile is active or inactive. Inherited from microsoft.graph.networkaccess.profile. The possible values are: `enabled`, `disabled`.
trafficForwardingType	microsoft.graph.networkaccess.trafficForwardingType	Profile traffic type. The possible values are: `m365`, `internet`, `private`.
version	String	Version.

Graph reference: forwardingRule

Property	Type	Description
action	microsoft.graph.networkaccess.forwardingRuleAction	The action to apply to traffic. The possible values are: `bypass`, `forward`, `unknownFutureValue`.
destinations	microsoft.graph.networkaccess.ruleDestination collection	Destinations maintain a list of potential destinations and destination types that the user may access within the context of a network filtering policy. This includes IP addresses and fully qualified domain names (FQDNs)/URLs.
id	String	Identifier. Inherited from microsoft.graph.entity.
name	String	Name. Inherited from microsoft.graph.networkaccess.policyRule.
ruleType	microsoft.graph.networkaccess.networkDestinationType	The network destination type used by a URL filtering policy is defined, which can include types such as IP (Internet Protocol) or FQDN (Fully Qualified Domain Name). The possible values are: `url`, `fqdn`, `ipAddress`, `ipRange`, `ipSubnet`.

Graph reference: fqdnFilteringRule

Property	Type	Description
destinations	microsoft.graph.networkaccess.ruleDestination collection	The list of potential destinations and destination types that the user may access, including FQDNs and web categories, within the context of a network filtering policy. Inherited from microsoft.graph.networkaccess.filteringRule.
id	String	The unique identifier for the fqdnFilteringRule. Inherited from microsoft.graph.networkaccess.filteringRule.
name	String	Display name. Inherited from microsoft.graph.networkaccess.filteringRule.
ruleType	microsoft.graph.networkaccess.networkDestinationType	The network destination type used by a filtering rule. Supports a subset of the values for **n

Graph reference: m365ForwardingRule

Property	Type	Description
action	microsoft.graph.networkaccess.forwardingRuleAction	The action applies to traffic. The possible values are: `bypass`, `forward`.
category	microsoft.graph.networkaccess.forwardingCategory	Defines the category of Office 365 traffic used by a forwarding rule for Microsoft 365 traffic (for example, optimized traffic). The possible values are: `default`, `optimized`, `allow`.
destinations	microsoft.graph.networkaccess.ruleDestination collection	destinations à Maintains the list of potential destinations and destination types that the user could be accessing in the context of a forwarding policy, including IPs and FQDNs/URLs Inherited from microsoft.graph.networkaccess.forwardingRule.
ID	String	Identifier. Inherited from microsoft.graph.entity.
name	String	Name. Inherited from microsoft.graph.networkaccess.policyRule.
ports	String collection	The port(s) used by a forwarding rule for Microsoft 365 traffic are specified to determine the specific network port(s) through which the Microsoft 365 traffic is directed and forwarded.
protocol	microsoft.graph.networkaccess.networkingProtocol	Defines the networking protocol type used by a forwarding rule for Microsoft 365 traffic. The possible values are: `ip`, `icmp`, `igmp`, `ggp`, `ipv4`, `tcp`, `pup`, `udp`, `idp`, `ipv6`, `ipv6RoutingHeader`, `ipv6FragmentHeader`, `ipSecEncapsulatingSecurityPayload`, `ipSecAuthenticationHeader`, `icmpV6`, `ipv6NoNextHeader`, `ipv6DestinationOptions`, `nd`, `raw`, `ipx`, `spx`, `spxII`
ruleType	microsoft.graph.networkaccess.networkDestinationType	Destination Type. Inherited from microsoft.graph.networkaccess.forwardingRule. The possible values are: `url`, `fqdn`, `ipAddress`, `ipRange`, `ipSubnet`, `webCategory`.

Property	Type	Description
id	String	The unique identifier for the rule. Inherited from microsoft.graph.entity.
name	String	Name.

Graph reference: privateAccessForwardingRule

Property	Type	Description
action	microsoft.graph.networkaccess.forwardingRuleAction	The action applies to traffic. The possible values are: `bypass`, `forward`.
destinations	microsoft.graph.networkaccess.ruleDestination collection	maintains the list of potential destinations and destination types that the user could be accessing in the context of a forwarding policy, including IPs and FQDNs/URLs Inherited from microsoft.graph.networkaccess.forwardingRule.
id	String	Identifier. Inherited from microsoft.graph.entity.
name	String	Name. Inherited from microsoft.graph.networkaccess.policyRule.
ruleType	microsoft.graph.networkaccess.networkDestinationType	Destination Type. Inherited from microsoft.graph.networkaccess.forwardingRule. The possible values are: `url`, `fqdn`, `ipAddress`, `ipRange`, `ipSubnet`

Graph reference: remoteNetwork

Property	Type	Description
id	String	Identifier for the remote network. Inherited from microsoft.graph.entity.
lastModifiedDateTime	DateTimeOffset	last modified time.
name	String	Name.
region	microsoft.graph.networkaccess.region	Specify the region closest to your remote network. The possible value are: `eastUS`, `eastUS2`, `westUS`, `westUS2`, `westUS3`, `centralUS`, `northCentralUS`, `southCentralUS`, `northEurope`, `westEurope`, `franceCentral`, `germanyWestCentral`, `switzerlandNorth`, `ukSouth`, `canadaEast`, `canadaCentral`, `southAfricaWest`, `southAfricaNorth`, `uaeNorth`, `australiaEast`, `westCentralUS`, `centralIndia`, `southEastAsia`, `swedenCentral`, `southIndia`, `australiaSouthEast`, `koreaCentral`, `koreaSouth`, `polandCentral`, `brazilSouth`, `japanEast`, `japanWest`, `koreaSouth`, `italyNorth`, `franceSouth`, `israelCentral`, `unknownFutureValue`.
version	String	Remote network version.

Graph reference: remoteNetworkConnectivityConfiguration

Property	Type	Description
remoteNetworkId	String	Unique identifier or a specific reference assigned to a branchSite. Key.
remoteNetworkName	String	Display name assigned to a branchSite.

Graph reference: threatIntelligencePolicy

Property	Type	Description
description	String	A description of the threat intelligence policy. Inherited from microsoft.graph.networkaccess.policy. Supports `$filter` (`eq`).
id	String	The unique identifier for the threat intelligence policy. Inherited from microsoft.graph.networkaccess.policy. Inherits from entity. Supports `$filter` (`eq`).
lastModifiedDateTime	DateTimeOffset	The date and time when the policy was last modified.
name	String	The display name of the threat intelligence policy. Inherited from microsoft.graph.networkaccess.policy. Supports `$filter` (`eq`).
settings	microsoft.graph.networkaccess.threatIntelligencePolicySettings	Settings that define how the threat intelligence policy operates and evaluates threats.
version	String	The version of the policy, used for tracking changes. Inherited from microsoft.graph.networkaccess.policy.

Graph reference: threatIntelligencePolicyLink

Property	Type	Description
id	String	The unique identifier for the threat intelligence policy link. Inherited from microsoft.graph.networkaccess.policyLink. Inherits from entity
state	microsoft.graph.networkaccess.status	The operational state of the policy link that determines if the threat intelligence policy is actively applied to network traffic. Inherited from microsoft.graph.networkaccess.policyLink.The possible values are: `enabled`, `disabled`, `unknownFutureValue`. Supports `$filter` (`eq`).
version	String	The version of the policy link, used for tracking changes. Inherited from microsoft.graph.networkaccess.policyLink.

Graph reference: tlsInspectionPolicy

Property	Type	Description
description	String	Optional description of the policy. Inherited from microsoft.graph.networkaccess.policy. Supports `$filter` (`eq`, `ne`, `startsWith`)
id	String	The unique identifier for the policy. Read-only. Inherited from microsoft.graph.networkaccess.policy.
lastModifiedDateTime	DateTimeOffset	The timestamp of when the policy was last modified. Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`) and `$orderby`. Read-only.
name	String	The display name of the policy. Inherited from microsoft.graph.networkaccess.policy.
settings	microsoft.graph.networkaccess.tlsInspectionPolicySettings	Settings that configure the default behavior of the policy.
version	String	Version number of the policy. Supports `$filter` (`eq`, `ne`, `startsWith`). Read-only. Inherited from microsoft.graph.networkaccess.policy.

Graph reference: tlsInspectionPolicyLink

Property	Type	Description
id	String	The unique identifier for the policy link. Inherited from microsoft.graph.networkaccess.policyLink. Inherits from entity.
state	microsoft.graph.networkaccess.status	The state of the policy link. Inherited from microsoft.graph.networkaccess.policyLink. The possible values are: `enabled`, `disabled`, `unknownFutureValue`. Supports `$filter` (`eq`, `ne`).
version	String	Version number of the policy link. Inherited from microsoft.graph.networkaccess.policyLink.

Graph reference: tlsInspectionRule

Property	Type	Description
action	microsoft.graph.networkaccess.tlsInspectionAction	The action to take when traffic matches this rule. The possible values are: `bypass`, `inspect`, `unknownFutureAction`.
description	String	Optional description explaining the purpose of the rule.
id	String	The unique identifier for the rule. Inherited from microsoft.graph.networkaccess.policyRule. Inherits from entity.
matchingConditions	microsoft.graph.networkaccess.tlsInspectionMatchingConditions	The conditions that determine when this rule should be applied to traffic.
name	String	The display name of the rule. Inherited from microsoft.graph.networkaccess.policyRule. Supports `$filter` (`eq`, `ne`, `startsWith`).
priority	Int64	The priority of the rule. Rules are evaluated in ascending order of priority. Lower numbers indicate higher priority. Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`) and `$orderby`.
settings	microsoft.graph.networkaccess.tlsInspectionRuleSettings	Additional settings that configure the rule's behavior.

Graph reference: usageProfilingPoint

Property	Type	Description
internetAccessTrafficCount	Int64	The count of traffic requests directed to general internet destinations.
microsoft365AccessTrafficCount	Int64	The count of traffic requests directed to Microsoft 365 services.
microsoftAccessTrafficCount	Int64	The count of traffic requests directed to Microsoft services excluding Microsoft 365.
privateAccessTrafficCount	Int64	The count of traffic requests directed to internal private network destinations.
timeStampDateTime	DateTimeOffset	The date and time of this data point.
totalTrafficCount	Int64	The total count of all traffic requests across all access types.

Graph reference: webCategory

Property	Type	Description
displayName	String	The display name for the web category.
group	String	The group or category to which the web category belongs.
name	String	The unique name that is associated with the web category.

Graph reference: webCategoryFilteringRule

Property	Type	Description
destinations	microsoft.graph.networkaccess.ruleDestination collection	The list of potential destinations and destination types that the user may access, including fully qualified domain names (FQDNs) and web categories, within the context of a network filtering policy. Inherited from microsoft.graph.networkaccess.filteringRule.
id	String	The unique identifier for the webCategoryFilteringRule. Inherited from microsoft.graph.networkaccess.filteringRule.
name	String	Display name. Inherited from microsoft.graph.networkaccess.filteringRule.
ruleType	microsoft.graph.networkaccess.networkDestinationType	The network destination type used by a filtering rule. Supports a subset of the values for **n

Table of Contents

NetworkAccess.Read.All

Graph Methods

Resources