conditionalAccessRoot：evaluate

2025-05-17

命名空间：microsoft.graph

重要

Microsoft Graph /beta 版本下的 API 可能会发生更改。不支持在生产应用程序中使用这些 API。若要确定 API 是否在 v1.0 中可用，请使用版本选择器。

根据提供的登录属性评估租户中条件访问策略的适用性。

全局服务	美国政府 L4	美国政府 L5 (DOD)	由世纪互联运营的中国
✅	✅	✅	✅

权限

为此 API 选择标记为最低特权的权限。只有在应用需要它时，才使用更高的特权权限。有关委派权限和应用程序权限的详细信息，请参阅权限类型。要了解有关这些权限的详细信息，请参阅权限参考。

权限类型	最低特权权限	更高特权权限
委派（工作或学校帐户）	Policy.Read.ConditionalAccess	Policy.Read.All、Policy.ReadWrite.ConditionalAccess
委派（个人 Microsoft 帐户）	不支持。	不支持。
应用程序	Policy.Read.ConditionalAccess	Policy.Read.All、Policy.ReadWrite.ConditionalAccess

HTTP 请求

POST /identity/conditionalAccess/evaluate

请求标头

名称	说明
Authorization	持有者 {token}。必填。详细了解身份验证和授权。
Content-Type	application/json. 必需。

请求正文

在请求正文中，提供参数的 JSON 表示形式。为使评估提供最准确的结果，请尽可能多地包含有关登录的详细信息。如果租户具有具有特定条件的策略，并且请求中缺少这些条件的登录详细信息，则“What If”工具无法评估这些条件。

下表列出了调用此作时所需的参数。

参数	类型	说明
signInIdentity	signInIdentity	表示正在进行身份验证的标识。这可以是用户、外部用户或单租户服务主体。必填。
signInContext	signInContext	表示身份验证的上下文。这可能涉及访问应用程序、执行特定用户作或访问受身份验证上下文保护的数据。必填。
signInConditions	signInConditions	表示身份验证标识的登录参数。这包括位置、设备信息、风险信息等详细信息。必需。
appliedPoliciesOnly	布尔值	此属性控制是在响应中包含所有策略，还是仅包含将应用于身份验证事件的策略。可选。

响应

如果成功，此作将在 200 OK 响应正文中返回响应代码和 whatIfAnalysisResult 集合。响应指示租户中的每个策略是否会根据请求正文中提供的登录属性应用。

示例

示例 1：确定将应用于访问应用程序的用户的条件访问策略

请求

以下示例显示了一个请求。

POST https://graph.microsoft.com/beta/identity/conditionalAccess/evaluate
Content-Type: application/json

{
    "signInIdentity": {
        "@odata.type": "#microsoft.graph.userSignIn",
        "userId": "15dc174b-f34c-4588-ac45-61d6e05dce93"
    },
    "signInContext": {
        "@odata.type": "#microsoft.graph.applicationContext",
        "includeApplications": [
            "00000003-0000-0ff1-ce00-000000000000"
        ]
    },
    "signInConditions": {
        "devicePlatform": "android",
        "clientAppType": "browser",
        "signInRiskLevel": "high",
        "userRiskLevel": "high",
        "country": "US",
        "ipAddress": "40.77.182.32",
        "insiderRiskLevel": "elevated",
        "authenticationFlow": {
            "transferMethod": "deviceCodeFlow"
        },
        "deviceInfo": {
            "isCompliant": true
        }
    },
    "appliedPoliciesOnly": true
}

响应

以下示例显示了相应的响应。

注意：为了提高可读性，可能缩短了此处显示的响应对象。

HTTP/1.1 200 OK
Content-Type: application/json

{
    "@odata.context": "https://graph.microsoft.com/beta/$metadata#Collection(microsoft.graph.whatIfAnalysisResult)",
    "value": [
        {
            "id": "df9e6f15-2b60-4e78-b990-b2da33a10886",
            "templateId": null,
            "displayName": "All users except au1_Office 365_No conditions_Session control application enforced restrictions",
            "createdDateTime": "2022-04-01T18:55:43.1454565Z",
            "modifiedDateTime": "2025-03-27T21:42:26.951558Z",
            "state": "enabledForReportingButNotEnforced",
            "policyApplies": true,
            "analysisReasons": "notSet",
            "grantControls": null,
            "partialEnablementStrategy": null,
            "conditions": {
                "userRiskLevels": [],
                "signInRiskLevels": [],
                "clientAppTypes": [
                    "all"
                ],
                "servicePrincipalRiskLevels": [],
                "insiderRiskLevels": null,
                "clients": null,
                "platforms": null,
                "locations": null,
                "times": null,
                "deviceStates": null,
                "devices": null,
                "clientApplications": null,
                "authenticationFlows": null,
                "applications": {
                    "includeApplications": [
                        "Office365"
                    ],
                    "excludeApplications": [],
                    "includeUserActions": [],
                    "includeAuthenticationContextClassReferences": [],
                    "applicationFilter": null,
                    "networkAccess": null,
                    "globalSecureAccess": null
                },
                "users": {
                    "includeUsers": [
                        "All"
                    ],
                    "excludeUsers": [
                        "f7ca74b0-8562-4083-b66c-0476f942cfd0"
                    ],
                    "includeGroups": [],
                    "excludeGroups": [],
                    "includeRoles": [],
                    "excludeRoles": [],
                    "includeGuestsOrExternalUsers": null,
                    "excludeGuestsOrExternalUsers": null
                }
            },
            "sessionControls": {
                "disableResilienceDefaults": null,
                "cloudAppSecurity": null,
                "signInFrequency": null,
                "persistentBrowser": null,
                "continuousAccessEvaluation": null,
                "secureSignInSession": null,
                "networkAccessSecurity": null,
                "globalSecureAccessFilteringProfile": null,
                "applicationEnforcedRestrictions": {
                    "isEnabled": true
                }
            }
        },
        {
            "id": "37d51c45-8c60-4f82-98e0-6e1451cecf7c",
            "templateId": null,
            "displayName": "All Users except au1_All resources_user risk H_Password change",
            "createdDateTime": "2022-03-31T22:59:59.6688974Z",
            "modifiedDateTime": "2025-03-27T19:55:43.5390544Z",
            "state": "enabledForReportingButNotEnforced",
            "policyApplies": true,
            "analysisReasons": "notSet",
            "partialEnablementStrategy": null,
            "sessionControls": null,
            "conditions": {
                "userRiskLevels": [
                    "high"
                ],
                "signInRiskLevels": [],
                "clientAppTypes": [
                    "all"
                ],
                "servicePrincipalRiskLevels": [],
                "insiderRiskLevels": null,
                "clients": null,
                "platforms": null,
                "locations": null,
                "times": null,
                "deviceStates": null,
                "devices": null,
                "clientApplications": null,
                "authenticationFlows": null,
                "applications": {
                    "includeApplications": [
                        "All"
                    ],
                    "excludeApplications": [],
                    "includeUserActions": [],
                    "includeAuthenticationContextClassReferences": [],
                    "applicationFilter": null,
                    "networkAccess": null,
                    "globalSecureAccess": null
                },
                "users": {
                    "includeUsers": [
                        "All"
                    ],
                    "excludeUsers": [
                        "f7ca74b0-8562-4083-b66c-0476f942cfd0"
                    ],
                    "includeGroups": [],
                    "excludeGroups": [],
                    "includeRoles": [],
                    "excludeRoles": [],
                    "includeGuestsOrExternalUsers": null,
                    "excludeGuestsOrExternalUsers": null
                }
            },
            "grantControls": {
                "operator": "AND",
                "builtInControls": [
                    "mfa",
                    "passwordChange"
                ],
                "customAuthenticationFactors": [],
                "termsOfUse": [],
                "authenticationStrength": null
            }
        }
    ]
}

示例 2：确定将应用于访问受身份验证上下文保护的敏感文件的用户的条件访问策略

请求

以下示例显示了一个请求。

POST https://graph.microsoft.com/beta/identity/conditionalAccess/evaluate
Content-Type: application/json

{
    "signInIdentity": {
        "@odata.type": "#microsoft.graph.userSignIn",
        "userId": "15dc174b-f34c-4588-ac45-61d6e05dce93"
    },
    "signInContext": {
        "@odata.type": "#microsoft.graph.authContext",
        "authenticationContextValue": "c37"
    },
    "signInConditions": {
        "devicePlatform": "windows",
        "clientAppType": "mobileAppsAndDesktopClients",
        "signInRiskLevel": "medium",
        "userRiskLevel": "none",
        "country": "US",
        "ipAddress": "40.77.182.32",
        "insiderRiskLevel": "moderate",
        "authenticationFlow": {
            "transferMethod": "authenticationTransfer"
        },
        "deviceInfo": {
            "profileType": "Standard"
        }
    },
    "appliedPoliciesOnly": true
}

响应

以下示例显示了相应的响应。

注意：为了提高可读性，可能缩短了此处显示的响应对象。

HTTP/1.1 200 OK
Content-Type: application/json


{
    "@odata.context": "https://graph.microsoft.com/beta/$metadata#Collection(microsoft.graph.whatIfAnalysisResult)",
    "value": [
        {
            "id": "e897c693-c0e6-4386-abc3-f46dee5940fb",
            "templateId": null,
            "displayName": "All users_auth context_No conditions_Auth strength MFA",
            "createdDateTime": "2023-07-10T17:27:37.9735926Z",
            "modifiedDateTime": "2025-03-27T20:03:41.92628Z",
            "state": "enabledForReportingButNotEnforced",
            "policyApplies": true,
            "analysisReasons": "notSet",
            "partialEnablementStrategy": null,
            "sessionControls": null,
            "conditions": {
                "userRiskLevels": [],
                "signInRiskLevels": [],
                "clientAppTypes": [
                    "all"
                ],
                "servicePrincipalRiskLevels": [],
                "insiderRiskLevels": null,
                "clients": null,
                "platforms": null,
                "locations": null,
                "times": null,
                "deviceStates": null,
                "devices": null,
                "clientApplications": null,
                "authenticationFlows": null,
                "applications": {
                    "includeApplications": [],
                    "excludeApplications": [],
                    "includeUserActions": [],
                    "includeAuthenticationContextClassReferences": [
                        "c1",
                        "c37"
                    ],
                    "applicationFilter": null,
                    "networkAccess": null,
                    "globalSecureAccess": null
                },
                "users": {
                    "includeUsers": [
                        "All"
                    ],
                    "excludeUsers": [],
                    "includeGroups": [],
                    "excludeGroups": [],
                    "includeRoles": [],
                    "excludeRoles": [],
                    "includeGuestsOrExternalUsers": null,
                    "excludeGuestsOrExternalUsers": null
                }
            },
            "grantControls": {
                "operator": "OR",
                "builtInControls": [],
                "customAuthenticationFactors": [],
                "termsOfUse": [],
                "authenticationStrength": {
                    "id": "00000000-0000-0000-0000-000000000002",
                    "createdDateTime": "2021-12-01T08:00:00Z",
                    "modifiedDateTime": "2021-12-01T08:00:00Z",
                    "displayName": "Multifactor authentication",
                    "description": "Combinations of methods that satisfy strong authentication, such as a password + SMS",
                    "policyType": "builtIn",
                    "requirementsSatisfied": "mfa",
                    "allowedCombinations": [
                        "windowsHelloForBusiness",
                        "fido2",
                        "x509CertificateMultiFactor",
                        "deviceBasedPush",
                        "temporaryAccessPassOneTime",
                        "temporaryAccessPassMultiUse",
                        "password,microsoftAuthenticatorPush",
                        "password,softwareOath",
                        "password,hardwareOath",
                        "password,x509CertificateSingleFactor",
                        "password,x509CertificateMultiFactor",
                        "password,sms",
                        "password,voice",
                        "federatedMultiFactor",
                        "microsoftAuthenticatorPush,federatedSingleFactor",
                        "softwareOath,federatedSingleFactor",
                        "hardwareOath,federatedSingleFactor",
                        "sms,federatedSingleFactor",
                        "voice,federatedSingleFactor"
                    ],
                    "combinationConfigurations": []
                }
            }
        }
    ]
}

示例 3：确定将应用于执行用户作的用户的条件访问策略

请求

以下示例显示了一个请求。

POST https://graph.microsoft.com/beta/identity/conditionalAccess/evaluate
Content-Type: application/json

{
    "signInIdentity": {
        "@odata.type": "#microsoft.graph.userSignIn",
        "userId": "15dc174b-f34c-4588-ac45-61d6e05dce93"
    },
    "signInContext": {
        "@odata.type": "#microsoft.graph.userActionContext",
        "userAction": "registerSecurityInformation"
    },
    "signInConditions": {
        "devicePlatform": "macOS",
        "clientAppType": "browser",
        "signInRiskLevel": "low",
        "userRiskLevel": "high",
        "servicePrincipalRiskLevel": "none",
        "country": "CA",
        "ipAddress": "40.77.182.32",
        "insiderRiskLevel": "minor",
        "authenticationFlow": {
            "transferMethod": "deviceCodeFlow"
        },
        "deviceInfo": {
            "trustType": "EntraID"
        }
    },
    "appliedPoliciesOnly": true
}

响应

以下示例显示了相应的响应。

HTTP/1.1 200 OK
Content-Type: application/json

{
    "@odata.context": "https://graph.microsoft.com/beta/$metadata#Collection(microsoft.graph.whatIfAnalysisResult)",
    "value": [
        {
            "id": "37d51c45-8c60-4f82-98e0-6e1451cecf7c",
            "templateId": null,
            "displayName": "All Users except au1_All resources_user risk H_Password change",
            "createdDateTime": "2022-03-31T22:59:59.6688974Z",
            "modifiedDateTime": "2025-03-27T19:55:43.5390544Z",
            "state": "enabledForReportingButNotEnforced",
            "policyApplies": true,
            "analysisReasons": "notSet",
            "partialEnablementStrategy": null,
            "sessionControls": null,
            "conditions": {
                "userRiskLevels": [
                    "high"
                ],
                "signInRiskLevels": [],
                "clientAppTypes": [
                    "all"
                ],
                "servicePrincipalRiskLevels": [],
                "insiderRiskLevels": null,
                "clients": null,
                "platforms": null,
                "locations": null,
                "times": null,
                "deviceStates": null,
                "devices": null,
                "clientApplications": null,
                "authenticationFlows": null,
                "applications": {
                    "includeApplications": [
                        "All"
                    ],
                    "excludeApplications": [],
                    "includeUserActions": [],
                    "includeAuthenticationContextClassReferences": [],
                    "applicationFilter": null,
                    "networkAccess": null,
                    "globalSecureAccess": null
                },
                "users": {
                    "includeUsers": [
                        "All"
                    ],
                    "excludeUsers": [
                        "f7ca74b0-8562-4083-b66c-0476f942cfd0"
                    ],
                    "includeGroups": [],
                    "excludeGroups": [],
                    "includeRoles": [],
                    "excludeRoles": [],
                    "includeGuestsOrExternalUsers": null,
                    "excludeGuestsOrExternalUsers": null
                }
            },
            "grantControls": {
                "operator": "AND",
                "builtInControls": [
                    "mfa",
                    "passwordChange"
                ],
                "customAuthenticationFactors": [],
                "termsOfUse": [],
                "authenticationStrength": null
            }
        },
        {
            "id": "4aa7d105-d92b-4c07-9834-0e810ddb89ac",
            "templateId": null,
            "displayName": "All admin roles except au1_All resources_No conditions_MFA",
            "createdDateTime": "2022-03-29T20:39:24.3899939Z",
            "modifiedDateTime": "2025-03-27T21:40:19.6686701Z",
            "state": "enabledForReportingButNotEnforced",
            "policyApplies": true,
            "analysisReasons": "notSet",
            "partialEnablementStrategy": null,
            "sessionControls": null,
            "conditions": {
                "userRiskLevels": [],
                "signInRiskLevels": [],
                "clientAppTypes": [
                    "all"
                ],
                "servicePrincipalRiskLevels": [],
                "insiderRiskLevels": null,
                "clients": null,
                "platforms": null,
                "locations": null,
                "times": null,
                "deviceStates": null,
                "devices": null,
                "clientApplications": null,
                "authenticationFlows": null,
                "applications": {
                    "includeApplications": [
                        "All"
                    ],
                    "excludeApplications": [],
                    "includeUserActions": [],
                    "includeAuthenticationContextClassReferences": [],
                    "applicationFilter": null,
                    "networkAccess": null,
                    "globalSecureAccess": null
                },
                "users": {
                    "includeUsers": [],
                    "excludeUsers": [
                        "f7ca74b0-8562-4083-b66c-0476f942cfd0"
                    ],
                    "includeGroups": [],
                    "excludeGroups": [],
                    "includeRoles": [
                        "62e90394-69f5-4237-9190-012177145e10",
                        "194ae4cb-b126-40b2-bd5b-6091b380977d",
                        "f28a1f50-f6e7-4571-818b-6a12f2af6b6c",
                        "29232cdf-9323-42fd-ade2-1d097af3e4de",
                        "b1be1c3e-b65d-4f19-8427-f6fa0d97feb9",
                        "729827e3-9c14-49f7-bb1b-9608f156bbb8",
                        "b0f54661-2d74-4c50-afa3-1ec803f12efe",
                        "fe930be7-5e62-47db-91af-98c3a49a38b1",
                        "c4e39bd9-1100-46d3-8c65-fb160da0071f",
                        "9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3",
                        "158c047a-c907-4556-b7ef-446551a6b5f7",
                        "966707d0-3269-4727-9be2-8c3a10f19b9d",
                        "7be44c8a-adaf-4e2a-84d6-ab2649e08a13",
                        "e8611ab8-c189-46e8-94e1-60213ab1f814"
                    ],
                    "excludeRoles": [],
                    "includeGuestsOrExternalUsers": null,
                    "excludeGuestsOrExternalUsers": null
                }
            },
            "grantControls": {
                "operator": "OR",
                "builtInControls": [
                    "mfa"
                ],
                "customAuthenticationFactors": [],
                "termsOfUse": [],
                "authenticationStrength": null
            }
        },
        {
            "id": "11083471-5a50-43ad-90c0-23f1af0869e1",
            "templateId": null,
            "displayName": "All users except au1_User action RS info_No conditions_Auth strenfth MFA",
            "createdDateTime": "2024-10-16T15:06:45.0788027Z",
            "modifiedDateTime": "2025-03-27T20:08:22.6064571Z",
            "state": "enabledForReportingButNotEnforced",
            "policyApplies": true,
            "analysisReasons": "notSet",
            "partialEnablementStrategy": null,
            "sessionControls": null,
            "conditions": {
                "userRiskLevels": [],
                "signInRiskLevels": [],
                "clientAppTypes": [
                    "all"
                ],
                "servicePrincipalRiskLevels": [],
                "insiderRiskLevels": null,
                "clients": null,
                "platforms": null,
                "locations": null,
                "times": null,
                "deviceStates": null,
                "devices": null,
                "clientApplications": null,
                "authenticationFlows": null,
                "applications": {
                    "includeApplications": [],
                    "excludeApplications": [],
                    "includeUserActions": [
                        "urn:user:registersecurityinfo"
                    ],
                    "includeAuthenticationContextClassReferences": [],
                    "applicationFilter": null,
                    "networkAccess": null,
                    "globalSecureAccess": null
                },
                "users": {
                    "includeUsers": [
                        "All"
                    ],
                    "excludeUsers": [
                        "f7ca74b0-8562-4083-b66c-0476f942cfd0"
                    ],
                    "includeGroups": [],
                    "excludeGroups": [],
                    "includeRoles": [],
                    "excludeRoles": [],
                    "includeGuestsOrExternalUsers": null,
                    "excludeGuestsOrExternalUsers": null
                }
            },
            "grantControls": {
                "operator": "OR",
                "builtInControls": [],
                "customAuthenticationFactors": [],
                "termsOfUse": [],
                "authenticationStrength": {
                    "id": "00000000-0000-0000-0000-000000000002",
                    "createdDateTime": "2021-12-01T08:00:00Z",
                    "modifiedDateTime": "2021-12-01T08:00:00Z",
                    "displayName": "Multifactor authentication",
                    "description": "Combinations of methods that satisfy strong authentication, such as a password + SMS",
                    "policyType": "builtIn",
                    "requirementsSatisfied": "mfa",
                    "allowedCombinations": [
                        "windowsHelloForBusiness",
                        "fido2",
                        "x509CertificateMultiFactor",
                        "deviceBasedPush",
                        "temporaryAccessPassOneTime",
                        "temporaryAccessPassMultiUse",
                        "password,microsoftAuthenticatorPush",
                        "password,softwareOath",
                        "password,hardwareOath",
                        "password,x509CertificateSingleFactor",
                        "password,x509CertificateMultiFactor",
                        "password,sms",
                        "password,voice",
                        "federatedMultiFactor",
                        "microsoftAuthenticatorPush,federatedSingleFactor",
                        "softwareOath,federatedSingleFactor",
                        "hardwareOath,federatedSingleFactor",
                        "sms,federatedSingleFactor",
                        "voice,federatedSingleFactor"
                    ],
                    "combinationConfigurations": []
                }
            }
        }
    ]
}

示例 4：确定应用于服务主体的条件访问策略

请求

以下示例显示了一个请求。

POST https://graph.microsoft.com/beta/identity/conditionalAccess/evaluate
Content-Type: application/json

{
    "signInIdentity": {
        "@odata.type": "#microsoft.graph.servicePrincipalSignIn",
        "servicePrincipalId": "c65b94a5-0049-439a-a6fd-bce307077730"
    },
    "signInContext": {
        "@odata.type": "#microsoft.graph.applicationContext",
        "includeApplications": [
            "00000003-0000-0ff1-ce00-000000000000"
        ]
    },
    "signInConditions": {
        "servicePrincipalRiskLevel": "high",
        "country": "CA",
        "ipAddress": "40.77.182.32"
    },
    "appliedPoliciesOnly": true
}

响应

以下示例显示了相应的响应。

HTTP/1.1 200 OK
Content-Type: application/json

{
    "@odata.context": "https://graph.microsoft.com/beta/$metadata#Collection(microsoft.graph.whatIfAnalysisResult)",
    "value": [
        {
            "id": "461478d2-5896-4761-84ba-4d241c396a29",
            "templateId": null,
            "displayName": "All ST SPs_All resources_Any location_Block",
            "createdDateTime": "2022-04-08T19:31:15.6087842Z",
            "modifiedDateTime": "2025-03-27T20:08:54.0912734Z",
            "state": "enabledForReportingButNotEnforced",
            "policyApplies": true,
            "analysisReasons": "notSet",
            "partialEnablementStrategy": null,
            "sessionControls": null,
            "conditions": {
                "userRiskLevels": [],
                "signInRiskLevels": [],
                "clientAppTypes": [
                    "all"
                ],
                "servicePrincipalRiskLevels": [],
                "insiderRiskLevels": null,
                "clients": null,
                "platforms": null,
                "times": null,
                "deviceStates": null,
                "devices": null,
                "authenticationFlows": null,
                "applications": {
                    "includeApplications": [
                        "All"
                    ],
                    "excludeApplications": [],
                    "includeUserActions": [],
                    "includeAuthenticationContextClassReferences": [],
                    "applicationFilter": null,
                    "networkAccess": null,
                    "globalSecureAccess": null
                },
                "users": {
                    "includeUsers": [
                        "None"
                    ],
                    "excludeUsers": [],
                    "includeGroups": [],
                    "excludeGroups": [],
                    "includeRoles": [],
                    "excludeRoles": [],
                    "includeGuestsOrExternalUsers": null,
                    "excludeGuestsOrExternalUsers": null
                },
                "locations": {
                    "includeLocations": [
                        "All"
                    ],
                    "excludeLocations": []
                },
                "clientApplications": {
                    "includeServicePrincipals": [
                        "ServicePrincipalsInMyTenant"
                    ],
                    "excludeServicePrincipals": [],
                    "servicePrincipalFilter": null
                }
            },
            "grantControls": {
                "operator": "OR",
                "builtInControls": [
                    "block"
                ],
                "customAuthenticationFactors": [],
                "termsOfUse": [],
                "authenticationStrength": null
            }
        },
        {
            "id": "4f1d2ff3-50db-4299-bbdd-0a114c98e97e",
            "templateId": null,
            "displayName": "All ST SPs_All resources_No conditions_Block",
            "createdDateTime": "2025-02-21T07:04:44.777856Z",
            "modifiedDateTime": "2025-03-28T06:15:41.2376665Z",
            "state": "enabledForReportingButNotEnforced",
            "policyApplies": true,
            "analysisReasons": "notSet",
            "partialEnablementStrategy": null,
            "sessionControls": null,
            "conditions": {
                "userRiskLevels": [],
                "signInRiskLevels": [],
                "clientAppTypes": [
                    "all"
                ],
                "servicePrincipalRiskLevels": [],
                "insiderRiskLevels": null,
                "clients": null,
                "platforms": null,
                "locations": null,
                "times": null,
                "deviceStates": null,
                "devices": null,
                "authenticationFlows": null,
                "applications": {
                    "includeApplications": [
                        "All"
                    ],
                    "excludeApplications": [],
                    "includeUserActions": [],
                    "includeAuthenticationContextClassReferences": [],
                    "applicationFilter": null,
                    "networkAccess": null,
                    "globalSecureAccess": null
                },
                "users": {
                    "includeUsers": [
                        "None"
                    ],
                    "excludeUsers": [],
                    "includeGroups": [],
                    "excludeGroups": [],
                    "includeRoles": [],
                    "excludeRoles": [],
                    "includeGuestsOrExternalUsers": null,
                    "excludeGuestsOrExternalUsers": null
                },
                "clientApplications": {
                    "includeServicePrincipals": [
                        "ServicePrincipalsInMyTenant"
                    ],
                    "excludeServicePrincipals": [],
                    "servicePrincipalFilter": null
                }
            },
            "grantControls": {
                "operator": "OR",
                "builtInControls": [
                    "block"
                ],
                "customAuthenticationFactors": [],
                "termsOfUse": [],
                "authenticationStrength": null
            }
        }
    ]
}

通过

conditionalAccessRoot：evaluate

权限

HTTP 请求

请求标头

请求正文

响应

示例

示例 1：确定将应用于访问应用程序的用户的条件访问策略

请求

响应

示例 2：确定将应用于访问受身份验证上下文保护的敏感文件的用户的条件访问策略

请求

响应

示例 3：确定将应用于执行用户作的用户的条件访问策略

请求

响应

示例 4：确定应用于服务主体的条件访问策略

请求

响应

反馈

其他资源