You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
New Module for Azure Conditional Access Policies: Adding and Editing Policies.
ISSUE TYPE
Feature Idea
COMPONENT NAME
new azure.azcollection.azure_rm_conditional_access module
ADDITIONAL INFORMATION
DOCUMENTATION = '''
---
module:
short_description: Manage Azure AD Conditional Access Policiesdescription:
- This module allows you to manage Azure Active Directory Conditional Access Policies.
- Conditional Access policies can be used to apply access controls for cloud apps based on various conditions.author: Your Nameoptions:
display_name:
description:
- The display name of the Conditional Access Policy.required: truepolicy_id:
description:
- The policy id of the Conditional Access Policy.policy_state:
description:
- The state of the Conditional Access Policy.choices:
- enabled
- disabled
- enabledForReportingButNotEnforcedrequired: falsedefault: "enabledForReportingButNotEnforced"conditions:
description:
- The conditions under which the policy will be applied.type: dictsuboptions:
users:
description:
- Users to whom the policy will be applied.type: dictsuboptions:
include_users:
description:
- List of included users.type: listelements: strexclude_users:
description:
- List of excluded users.type: listelements: strinclude_groups:
description:
- List of included groups.type: listelements: strexclude_groups:
description:
- List of excluded groups.type: listelements: strinclude_roles:
description:
- List of included roles.type: listelements: strexclude_roles:
description:
- List of excluded roles.type: listelements: strinclude_guestorexternaluser:
description:
- List of included guests or external users.type: listelements: strexclude_guestorexternaluser:
description:
- List of excluded guests or external users.
- Choice of "internalGuest", "b2bCollaborationGuest", "b2bCollaborationMember", "b2bDirectConnectUser", "otherExternalUser", "serviceProvider"type: listelements: strapplications:
description:
- Applications to which the policy will be applied if client_app_types is cloudapps.type: dictsuboptions:
include_applications:
description:
- List of included applications.type: listelements: strexclude_applications:
description:
- List of excluded applications.type: listelements: strapplication_filter:
description:
- Filter rule for applications.type: listelements: strinclude_user_actions:
description:
- List of user actions to include.type: listelements: strinclude_authentication_context_class_references:
description:
- User actions to include. Supported values are urn:user:registersecurityinfo and urn:user:registerdevicetype: listelements: struser_risk_levels:
description:
- List of user risk levels.
- Choises are "high", "medium", "low" and "none"type: listelements: strsign_in_risk_levels:
description:
- List of risk levels for sign-in events.
- Choises are "high", "medium", "low" and "none"type: listelements: strplatforms:
description:
- Platforms to which the policy will be applied.type: dictsuboptions:
include_platforms:
description:
- List of included device platforms.
- Possible values are "android", "iOS", "windows", "windowsPhone", "macOS", "linux", "all"type: listelements: strexclude_platforms:
description:
- List of excluded device platforms.
- Possible values are "android", "iOS", "windows", "windowsPhone", "macOS", "linux", "all"type: listelements: strlocations:
description:
- Locations to which the policy will be applied.type: dictsuboptions:
include_locations:
description:
- List of included locations.
- Location IDs in scope of policy unless explicitly excluded, All, or AllTrustedtype: listelements: strexclude_locations:
description:
- List of excluded locations.
- Location IDs or AllTrusted.type: listelements: strclient_app_types:
description:
- Client application types included in the policy.
- Possible values are "all", "browser", "mobileAppsAndDesktopClients", "exchangeActiveSync", "easSupported" and "other".type: listelements: strdevice_filter:
description:
- Rule for device filter.type: listelements: strgrant_controls:
description:
- Controls specifying the access granted if the conditions are met.type: dictsuboptions:
operator:
description:
- Defines the relationship of the grant controls.
- Possible values "AND", "OR"type: strbuilt_in_controls:
description:
- List of values of built-in controls required by the policy
- Possible values "block", "mfa", "compliantDevice", "domainJoinedDevice", "approvedApplication", "compliantApplication", "passwordChange"type: listelements: strterms_of_use:
description:
- Which Terms of Use are activated.type: listelements: strauthentication_strength:
description:
- The authenticationStrength propertytype: listelements: strcustom_authentication_factors:
description:
- List of custom controls IDs required by the policytype: listelements: strsession_controls:
description:
- Controls specifying the access session.type: dictsuboptions:
standard_controls:
description:
- Standard session controls.type: listelements: strsign_in_frequency:
description:
- Signin frequency session control.type: dictsuboptions:
frequency_interval:
description:
- The possible values are "timeBased", "everyTime"type: strtype:
description:
- Possible values are "days", "hours"type: strvalue:
description:
- The number of days or hourstype: int'''EXAMPLES = '''
- name: Set new conditional access policyazure.azcollection.azure_rm_conditional_access:
display_name: "100 - <RING> - Admin protection - All apps: Require MFA For admins"policy_id: "9b895d92-2cd3-55c7-9d02-a6ac2d5ea44"policy_state: "enabled"conditions:
users:
exclude_groups: "ExclusionTempGroup, ExclusionPermGroup, EmergencyAccessAccountsGroup, SynchronizationServiceAccountsGroup"include_roles: "9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3, cf1c38e5-3621-4004-a7cb-879624dced7c"grant_controls:
operator: "OR"built_in_controls: "mfa"'''
The text was updated successfully, but these errors were encountered:
SUMMARY
New Module for Azure Conditional Access Policies: Adding and Editing Policies.
ISSUE TYPE
COMPONENT NAME
new azure.azcollection.azure_rm_conditional_access module
ADDITIONAL INFORMATION
The text was updated successfully, but these errors were encountered: