| languages | page_type | description | products | ||||
|---|---|---|---|---|---|---|---|
|
sample |
Use Conditional Access Graph APIs to manage policies like code. Automate approvals to promote policies from preproduction environments, backup and restore, monitor change, and plan ahead for emergencies. |
|
Many organizations have expressed their need to manage as much of their environments like code as possible. Using Microsoft Graph you can treat Conditional Access policies like any other piece of code in your environment.
Microsoft Graph provides a unified programmability model that organizations can use to interact with data in Microsoft 365, Windows 10, and Enterprise Mobility + Security. For more information about Microsoft Graph, see the article, Overview of Microsoft Graph.
The following examples are provided as is with no support. You can use these examples as a basis for tooling in your organization.
Many of the following examples use tools like Managed Identities, Logic Apps, OneDrive, Teams, and Azure Key Vault.
For many administrators, PowerShell is already an understood scripting tool. The following example shows how to use the Azure AD PowerShell module to manage Conditional Access policies.
This example shows the basic Create, Read, Update, and Delete (CRUD) options available in the Conditional Access Graph APIs. The example also includes some JSON templates you can use to create some sample policies.
Use Conditional Access APIs to deploy Conditional Access policies in your pre-production environment using a template.
This example models safer deployment practices with approval workflows that can copy Conditional Access policies from one environment, like pre-production, to another, like your production environment.
This example provides a mechanism to perform a staged deployment Conditional Access policies gradually to your user population, allowing you to manage support impact and spot issues early.
This example provides a mechanism to monitor Conditional Access policy changes over time and can trigger alerts when key policies are changed.
Automate the backup and restoration of Conditional Access policies with approvals in Teams using this example.
- Manage the backup and restore process of Conditional Access policies using Microsoft Graph API calls
Multiple administrators may create Conditional Access policies and may forget to add your emergency access accounts as an exclusion to those policies. This example ensures that all policies are updated to include your designated emergency access accounts.
Things don't always work the way you want, when that happens you need a way to get back to a state where work can continue. The following example provides you a way to revert your policies to a known good contingency plan and disable other Conditional Access policies.
We are happy to support community contributions thorough GitHub Issues and Pull Requests in this GitHub repository.