Policy.ReadWrite.CrossTenantAccess
Allows the app to read and write your organization's cross tenant access policies on behalf of the signed-in user.
Graph Methods
Type: A = Application Permission, D = Delegate Permission
| Ver |
Type |
Method |
| V1 |
A,D |
DELETE /policies/crossTenantAccessPolicy/partners/{id} |
| V1 |
A,D |
DELETE /policies/crossTenantAccessPolicy/partners/{id}/identitySynchronization |
| V1 |
A,D |
GET /policies/crossTenantAccessPolicy |
| V1 |
A,D |
GET /policies/crossTenantAccessPolicy/default |
| V1 |
A,D |
GET /policies/crossTenantAccessPolicy/partners |
| V1 |
A,D |
GET /policies/crossTenantAccessPolicy/partners/{id} |
| V1 |
A,D |
GET /policies/crossTenantAccessPolicy/partners/{id}/identitySynchronization |
| V1 |
A,D |
PATCH /policies/crossTenantAccessPolicy |
| V1 |
A,D |
PATCH /policies/crossTenantAccessPolicy/default |
| V1 |
A,D |
PATCH /policies/crossTenantAccessPolicy/partners/{id} |
| V1 |
A,D |
PATCH /policies/crossTenantAccessPolicy/partners/{id}/identitySynchronization |
| V1 |
A,D |
POST /policies/crossTenantAccessPolicy/default/resetToSystemDefault |
| V1 |
A,D |
POST /policies/crossTenantAccessPolicy/partners |
| V1 |
A,D |
PUT /policies/crossTenantAccessPolicy/partners/{id}/identitySynchronization |
Delegate Permission
|
|
| Id |
014b43d0-6ed4-4fc6-84dc-4b6f7bae7d85 |
| Consent Type |
Admin |
| Display String |
Read and write your organization's cross tenant access policies |
| Description |
Allows the app to read and write your organization's cross tenant access policies on behalf of the signed-in user. |
Application Permission
|
|
| Id |
338163d7-f101-4c92-94ba-ca46fe52447c |
| Display String |
Read and write your organization's cross tenant access policies |
| Description |
Allows the app to read and write your organization's cross tenant access policies without a signed-in user. |
Resources
| Property |
Type |
Description |
| displayName |
String |
The display name of the cross-tenant access policy. Inherited from policyBase. |
| allowedCloudEndpoints |
String collection |
Used to specify which Microsoft clouds an organization would like to collaborate with. By default, this value is empty. Supported values for this field are: microsoftonline.com, microsoftonline.us, and partner.microsoftonline.cn. |
| Property |
Type |
Description |
| applications |
crossTenantAccessPolicyTargetConfiguration |
The list of applications targeted with your cross-tenant access policy. |
| usersAndGroups |
crossTenantAccessPolicyTargetConfiguration |
The list of users and groups targeted with your cross-tenant access policy. |
| Property |
Type |
Description |
| b2bCollaborationInbound |
crossTenantAccessPolicyB2BSetting |
Defines your default configuration for users from other organizations accessing your resources via Azure AD B2B collaboration. |
| b2bCollaborationOutbound |
crossTenantAccessPolicyB2BSetting |
Defines your default configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B collaboration. |
| b2bDirectConnectInbound |
crossTenantAccessPolicyB2BSetting |
Defines your default configuration for users from other organizations accessing your resources via Azure AD B2B direct connect. |
| b2bDirectConnectOutbound |
crossTenantAccessPolicyB2BSetting |
Defines your default configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B direct connect. |
| inboundTrust |
crossTenantAccessPolicyInboundTrust |
Determines the default configuration for trusting other Conditional Access claims from external Azure AD organizations. |
| isServiceDefault |
Boolean |
If true, the default configuration is set to the system default configuration. If false, the default settings have been customized. |
| Property |
Type |
Description |
| b2bCollaborationInbound |
crossTenantAccessPolicyB2BSetting |
Defines your partner-specific configuration for users from other organizations accessing your resources via Azure AD B2B collaboration. |
| b2bCollaborationOutbound |
crossTenantAccessPolicyB2BSetting |
Defines your partner-specific configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B collaboration. |
| b2bDirectConnectInbound |
crossTenantAccessPolicyB2BSetting |
Defines your partner-specific configuration for users from other organizations accessing your resources via Azure B2B direct connect. |
| b2bDirectConnectOutbound |
crossTenantAccessPolicyB2BSetting |
Defines your partner-specific configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B direct connect. |
| inboundTrust |
crossTenantAccessPolicyInboundTrust |
Determines the partner-specific configuration for trusting other Conditional Access claims from external Azure AD organizations. |
| isServiceProvider |
Boolean |
Identifies whether the partner-specific configuration is a Cloud Service Provider for your organization. |
| tenantId |
String |
The tenant identifier for the partner Azure AD organization. Read-only. Key. |
| Property |
Type |
Description |
| isCompliantDeviceAccepted |
Boolean |
Specifies whether compliant devices from external Azure AD organizations are trusted. |
| isHybridAzureADJoinedDeviceAccepted |
Boolean |
Specifies whether hybrid Azure AD joined devices from external Azure AD organizations are trusted. |
| isMfaAccepted |
Boolean |
Specifies whether MFA from external Azure AD organizations is trusted. |
| Property |
Type |
Description |
| displayName |
String |
Display name for the cross-tenant user synchronization policy. Use the name of the partner Azure AD tenant to easily identify the policy. Optional. |
| tenantId |
String |
Tenant identifier for the partner Azure AD organization. Read-only. |
| userSyncInbound |
crossTenantUserSyncInbound |
Defines whether users can be synchronized from the partner tenant. Key. |
| Property |
Type |
Description |
| isSyncAllowed |
Boolean |
Defines whether user objects should be synchronized from the partner tenant. If set to false, any current user synchronization from the source tenant to the target tenant will stop. There is no impact on existing users that have already been synchronized. |
| Property |
Type |
Description |
| inboundAllowed |
Boolean |
Defines whether external users coming inbound are allowed. |
| outboundAllowed |
Boolean |
Defines whether internal users are allowed to go outbound. |