NLBaselineCA

1.0.0

Baseline/CA005-Global-DataProtection-Office365-AnyPlatform-Unmanaged-AppEnforcedRestrictions-BlockDownload.json

                                {

  "state": "enabled",

  "state@odata.type": "#microsoft.graph.conditionalAccessPolicyState",

  "grantControls": {

    "@odata.type": "#microsoft.graph.conditionalAccessGrantControls",

    "operator": "OR",

    "builtInControls": [

      "block"

    ]

  },

  "sessionControls": {

    "@odata.type": "#microsoft.graph.conditionalAccessSessionControls",

    "applicationEnforcedRestrictions": {

      "isEnabled": true,

      "@odata.type": "#microsoft.graph.applicationEnforcedRestrictionsSessionControl"

    }

  },

  "conditions": {

    "users": {

      "excludeRoles@odata.type": "#Collection(String)",

      "includeUsers": [

        "All"

      ],

      "excludeUsers@odata.type": "#Collection(String)",

      "includeUsers@odata.type": "#Collection(String)",

      "includeGroups@odata.type": "#Collection(String)",

      "excludeGroups@odata.type": "#Collection(String)",

      "includeRoles@odata.type": "#Collection(String)",

      "@odata.type": "#microsoft.graph.conditionalAccessUsers"

    },

    "userRiskLevels@odata.type": "#Collection(microsoft.graph.riskLevel)",

    "signInRiskLevels@odata.type": "#Collection(microsoft.graph.riskLevel)",

    "devices": {

      "@odata.type": "#microsoft.graph.conditionalAccessDevices",

      "includeDevices@odata.type": "#Collection(String)",

      "deviceFilter": {

        "rule": "device.isCompliant -eq True -and device.deviceOwnership -eq \"Company\"",

        "mode": "exclude"

      },

      "excludeDevices@odata.type": "#Collection(String)",

      "excludeDeviceStates@odata.type": "#Collection(String)",

      "includeDeviceStates@odata.type": "#Collection(String)"

    },

    "applications": {

      "includeAuthenticationContextClassReferences@odata.type": "#Collection(String)",

      "@odata.type": "#microsoft.graph.conditionalAccessApplications",

      "excludeApplications@odata.type": "#Collection(String)",

      "includeApplications": [

        "Office365"

      ],

      "includeUserActions@odata.type": "#Collection(String)",

      "includeApplications@odata.type": "#Collection(String)"

    },

    "@odata.type": "#microsoft.graph.conditionalAccessConditionSet",

    "clientAppTypes": [

      "browser"

    ],

    "clientAppTypes@odata.type": "#Collection(microsoft.graph.conditionalAccessClientApp)"

  },

  "displayName": "CA005-Global-DataProtection-Office365-AnyPlatform-Unmanaged-AppEnforcedRestrictions-BlockDownload",

  "modifiedDateTime@odata.type": "#DateTimeOffset",

  "createdDateTime@odata.type": "#DateTimeOffset",

  "@odata.type": "#microsoft.graph.conditionalAccessPolicy"

}