Show / Hide Table of Contents

Policy.ReadWrite.CrossTenantAccess

Allows the app to read and write your organization's cross tenant access policies on behalf of the signed-in user.

Graph Methods

Type: A = Application Permission, D = Delegate Permission

Ver Type Method
V1 A,D DELETE /policies/crossTenantAccessPolicy/partners/{id}
V1 A,D DELETE /policies/crossTenantAccessPolicy/partners/{id}/identitySynchronization
V1 A,D GET /policies/crossTenantAccessPolicy
V1 A,D GET /policies/crossTenantAccessPolicy/default
V1 A,D GET /policies/crossTenantAccessPolicy/partners
V1 A,D GET /policies/crossTenantAccessPolicy/partners/{id}
V1 A,D GET /policies/crossTenantAccessPolicy/partners/{id}/identitySynchronization
V1 A,D PATCH /policies/crossTenantAccessPolicy
V1 A,D PATCH /policies/crossTenantAccessPolicy/default
V1 A,D PATCH /policies/crossTenantAccessPolicy/partners/{id}
V1 A,D PATCH /policies/crossTenantAccessPolicy/partners/{id}/identitySynchronization
V1 A,D POST /policies/crossTenantAccessPolicy/default/resetToSystemDefault
V1 A,D POST /policies/crossTenantAccessPolicy/partners
V1 A,D PUT /policies/crossTenantAccessPolicy/partners/{id}/identitySynchronization

Delegate Permission

Id 014b43d0-6ed4-4fc6-84dc-4b6f7bae7d85
Consent Type Admin
Display String Read and write your organization's cross tenant access policies
Description Allows the app to read and write your organization's cross tenant access policies on behalf of the signed-in user.

Application Permission

Id 338163d7-f101-4c92-94ba-ca46fe52447c
Display String Read and write your organization's cross tenant access policies
Description Allows the app to read and write your organization's cross tenant access policies without a signed-in user.

Resources

crossTenantAccessPolicy

Property Type Description
displayName String The display name of the cross-tenant access policy. Inherited from policyBase.
allowedCloudEndpoints String collection Used to specify which Microsoft clouds an organization would like to collaborate with. By default, this value is empty. Supported values for this field are: microsoftonline.com, microsoftonline.us, and partner.microsoftonline.cn.

crossTenantAccessPolicyB2BSetting

Property Type Description
applications crossTenantAccessPolicyTargetConfiguration The list of applications targeted with your cross-tenant access policy.
usersAndGroups crossTenantAccessPolicyTargetConfiguration The list of users and groups targeted with your cross-tenant access policy.

crossTenantAccessPolicyConfigurationDefault

Property Type Description
b2bCollaborationInbound crossTenantAccessPolicyB2BSetting Defines your default configuration for users from other organizations accessing your resources via Azure AD B2B collaboration.
b2bCollaborationOutbound crossTenantAccessPolicyB2BSetting Defines your default configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B collaboration.
b2bDirectConnectInbound crossTenantAccessPolicyB2BSetting Defines your default configuration for users from other organizations accessing your resources via Azure AD B2B direct connect.
b2bDirectConnectOutbound crossTenantAccessPolicyB2BSetting Defines your default configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B direct connect.
inboundTrust crossTenantAccessPolicyInboundTrust Determines the default configuration for trusting other Conditional Access claims from external Azure AD organizations.
isServiceDefault Boolean If true, the default configuration is set to the system default configuration. If false, the default settings have been customized.

crossTenantAccessPolicyConfigurationPartner

Property Type Description
b2bCollaborationInbound crossTenantAccessPolicyB2BSetting Defines your partner-specific configuration for users from other organizations accessing your resources via Azure AD B2B collaboration.
b2bCollaborationOutbound crossTenantAccessPolicyB2BSetting Defines your partner-specific configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B collaboration.
b2bDirectConnectInbound crossTenantAccessPolicyB2BSetting Defines your partner-specific configuration for users from other organizations accessing your resources via Azure B2B direct connect.
b2bDirectConnectOutbound crossTenantAccessPolicyB2BSetting Defines your partner-specific configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B direct connect.
inboundTrust crossTenantAccessPolicyInboundTrust Determines the partner-specific configuration for trusting other Conditional Access claims from external Azure AD organizations.
isServiceProvider Boolean Identifies whether the partner-specific configuration is a Cloud Service Provider for your organization.
tenantId String The tenant identifier for the partner Azure AD organization. Read-only. Key.

crossTenantAccessPolicyInboundTrust

Property Type Description
isCompliantDeviceAccepted Boolean Specifies whether compliant devices from external Azure AD organizations are trusted.
isHybridAzureADJoinedDeviceAccepted Boolean Specifies whether hybrid Azure AD joined devices from external Azure AD organizations are trusted.
isMfaAccepted Boolean Specifies whether MFA from external Azure AD organizations is trusted.

crossTenantIdentitySyncPolicyPartner

Property Type Description
displayName String Display name for the cross-tenant user synchronization policy. Use the name of the partner Azure AD tenant to easily identify the policy. Optional.
tenantId String Tenant identifier for the partner Azure AD organization. Read-only.
userSyncInbound crossTenantUserSyncInbound Defines whether users can be synchronized from the partner tenant. Key.

crossTenantUserSyncInbound

Property Type Description
isSyncAllowed Boolean Defines whether user objects should be synchronized from the partner tenant. If set to false, any current user synchronization from the source tenant to the target tenant will stop. There is no impact on existing users that have already been synchronized.

inboundOutboundPolicyConfiguration

Property Type Description
inboundAllowed Boolean Defines whether external users coming inbound are allowed.
outboundAllowed Boolean Defines whether internal users are allowed to go outbound.
In This Article
Back to top Created by merill | Submit feedback