Policy.ReadWrite.CrossTenantAccess
Allows the app to read and write your organization's cross tenant access policies on behalf of the signed-in user.
Graph Methods
Type: A = Application Permission, D = Delegate Permission
Ver |
Type |
Method |
V1 |
A,D |
DELETE /policies/crossTenantAccessPolicy/partners/{id} |
V1 |
A,D |
DELETE /policies/crossTenantAccessPolicy/partners/{id}/identitySynchronization |
V1 |
A,D |
GET /policies/crossTenantAccessPolicy |
V1 |
A,D |
GET /policies/crossTenantAccessPolicy/default |
V1 |
A,D |
GET /policies/crossTenantAccessPolicy/partners |
V1 |
A,D |
GET /policies/crossTenantAccessPolicy/partners/{id} |
V1 |
A,D |
GET /policies/crossTenantAccessPolicy/partners/{id}/identitySynchronization |
V1 |
A,D |
PATCH /policies/crossTenantAccessPolicy |
V1 |
A,D |
PATCH /policies/crossTenantAccessPolicy/default |
V1 |
A,D |
PATCH /policies/crossTenantAccessPolicy/partners/{id} |
V1 |
A,D |
PATCH /policies/crossTenantAccessPolicy/partners/{id}/identitySynchronization |
V1 |
A,D |
POST /policies/crossTenantAccessPolicy/default/resetToSystemDefault |
V1 |
A,D |
POST /policies/crossTenantAccessPolicy/partners |
V1 |
A,D |
PUT /policies/crossTenantAccessPolicy/partners/{id}/identitySynchronization |
Delegate Permission
|
|
Id |
014b43d0-6ed4-4fc6-84dc-4b6f7bae7d85 |
Consent Type |
Admin |
Display String |
Read and write your organization's cross tenant access policies |
Description |
Allows the app to read and write your organization's cross tenant access policies on behalf of the signed-in user. |
Application Permission
|
|
Id |
338163d7-f101-4c92-94ba-ca46fe52447c |
Display String |
Read and write your organization's cross tenant access policies |
Description |
Allows the app to read and write your organization's cross tenant access policies without a signed-in user. |
Resources
Property |
Type |
Description |
displayName |
String |
The display name of the cross-tenant access policy. Inherited from policyBase. |
allowedCloudEndpoints |
String collection |
Used to specify which Microsoft clouds an organization would like to collaborate with. By default, this value is empty. Supported values for this field are: microsoftonline.com , microsoftonline.us , and partner.microsoftonline.cn . |
Property |
Type |
Description |
applications |
crossTenantAccessPolicyTargetConfiguration |
The list of applications targeted with your cross-tenant access policy. |
usersAndGroups |
crossTenantAccessPolicyTargetConfiguration |
The list of users and groups targeted with your cross-tenant access policy. |
Property |
Type |
Description |
b2bCollaborationInbound |
crossTenantAccessPolicyB2BSetting |
Defines your default configuration for users from other organizations accessing your resources via Azure AD B2B collaboration. |
b2bCollaborationOutbound |
crossTenantAccessPolicyB2BSetting |
Defines your default configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B collaboration. |
b2bDirectConnectInbound |
crossTenantAccessPolicyB2BSetting |
Defines your default configuration for users from other organizations accessing your resources via Azure AD B2B direct connect. |
b2bDirectConnectOutbound |
crossTenantAccessPolicyB2BSetting |
Defines your default configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B direct connect. |
inboundTrust |
crossTenantAccessPolicyInboundTrust |
Determines the default configuration for trusting other Conditional Access claims from external Azure AD organizations. |
isServiceDefault |
Boolean |
If true , the default configuration is set to the system default configuration. If false , the default settings have been customized. |
Property |
Type |
Description |
b2bCollaborationInbound |
crossTenantAccessPolicyB2BSetting |
Defines your partner-specific configuration for users from other organizations accessing your resources via Azure AD B2B collaboration. |
b2bCollaborationOutbound |
crossTenantAccessPolicyB2BSetting |
Defines your partner-specific configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B collaboration. |
b2bDirectConnectInbound |
crossTenantAccessPolicyB2BSetting |
Defines your partner-specific configuration for users from other organizations accessing your resources via Azure B2B direct connect. |
b2bDirectConnectOutbound |
crossTenantAccessPolicyB2BSetting |
Defines your partner-specific configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B direct connect. |
inboundTrust |
crossTenantAccessPolicyInboundTrust |
Determines the partner-specific configuration for trusting other Conditional Access claims from external Azure AD organizations. |
isServiceProvider |
Boolean |
Identifies whether the partner-specific configuration is a Cloud Service Provider for your organization. |
tenantId |
String |
The tenant identifier for the partner Azure AD organization. Read-only. Key. |
Property |
Type |
Description |
isCompliantDeviceAccepted |
Boolean |
Specifies whether compliant devices from external Azure AD organizations are trusted. |
isHybridAzureADJoinedDeviceAccepted |
Boolean |
Specifies whether hybrid Azure AD joined devices from external Azure AD organizations are trusted. |
isMfaAccepted |
Boolean |
Specifies whether MFA from external Azure AD organizations is trusted. |
Property |
Type |
Description |
displayName |
String |
Display name for the cross-tenant user synchronization policy. Use the name of the partner Azure AD tenant to easily identify the policy. Optional. |
tenantId |
String |
Tenant identifier for the partner Azure AD organization. Read-only. |
userSyncInbound |
crossTenantUserSyncInbound |
Defines whether users can be synchronized from the partner tenant. Key. |
Property |
Type |
Description |
isSyncAllowed |
Boolean |
Defines whether user objects should be synchronized from the partner tenant. If set to false , any current user synchronization from the source tenant to the target tenant will stop. There is no impact on existing users that have already been synchronized. |
Property |
Type |
Description |
inboundAllowed |
Boolean |
Defines whether external users coming inbound are allowed. |
outboundAllowed |
Boolean |
Defines whether internal users are allowed to go outbound. |