NLBaselineCA

1.0.0

Baseline/CA301-ServiceAccounts-AttackSurfaceReduction-AllApps-AnyPlatform-BlockUntrustedLocations.json

                                {

    "@odata.context":  "https://graph.microsoft.com/beta/$metadata#identity/conditionalAccess/policies/$entity",

    "@odata.type":  "#microsoft.graph.conditionalAccessPolicy",

    "@odata.id":  "identity/conditionalAccess/policies(\u0027ff0b4179-d1e7-41b4-aaeb-7c8ef89048d2\u0027)",

    "@odata.editLink":  "identity/conditionalAccess/policies(\u0027ff0b4179-d1e7-41b4-aaeb-7c8ef89048d2\u0027)",

    "id":  "ff0b4179-d1e7-41b4-aaeb-7c8ef89048d2",

    "templateId":  null,

    "displayName":  "CA301-ServiceAccounts-AttackSurfaceReduction-AllApps-AnyPlatform-BlockUntrustedLocations",

    "createdDateTime@odata.type":  "#DateTimeOffset",

    "createdDateTime":  "2025-05-23T09:27:44.9957232Z",

    "modifiedDateTime@odata.type":  "#DateTimeOffset",

    "modifiedDateTime":  "2025-05-23T09:36:02.0349465Z",

    "state@odata.type":  "#microsoft.graph.conditionalAccessPolicyState",

    "state":  "enabledForReportingButNotEnforced",

    "deletedDateTime":  null,

    "partialEnablementStrategy":  null,

    "sessionControls":  null,

    "conditions":  {

                       "@odata.type":  "#microsoft.graph.conditionalAccessConditionSet",

                       "userRiskLevels@odata.type":  "#Collection(microsoft.graph.riskLevel)",

                       "userRiskLevels":  [

                                          ],

                       "signInRiskLevels@odata.type":  "#Collection(microsoft.graph.riskLevel)",

                       "signInRiskLevels":  [

                                            ],

                       "clientAppTypes@odata.type":  "#Collection(microsoft.graph.conditionalAccessClientApp)",

                       "clientAppTypes":  [

                                              "all"

                                          ],

                       "platforms":  null,

                       "times":  null,

                       "deviceStates":  null,

                       "devices":  null,

                       "clientApplications":  null,

                       "applications":  {

                                            "@odata.type":  "#microsoft.graph.conditionalAccessApplications",

                                            "includeApplications@odata.type":  "#Collection(String)",

                                            "includeApplications":  [

                                                                        "All"

                                                                    ],

                                            "excludeApplications@odata.type":  "#Collection(String)",

                                            "excludeApplications":  [

                                                                    ],

                                            "includeUserActions@odata.type":  "#Collection(String)",

                                            "includeUserActions":  [

                                                                   ],

                                            "includeAuthenticationContextClassReferences@odata.type":  "#Collection(String)",

                                            "includeAuthenticationContextClassReferences":  [

                                                                                            ],

                                            "applicationFilter":  null

                                        },

                       "users":  {

                                     "@odata.type":  "#microsoft.graph.conditionalAccessUsers",

                                     "includeUsers@odata.type":  "#Collection(String)",

                                     "includeUsers":  [

                                                      ],

                                     "excludeUsers@odata.type":  "#Collection(String)",

                                     "excludeUsers":  [

                                                      ],

                                     "includeGroups@odata.type":  "#Collection(String)",

                                     "includeGroups":  [

                                                           "77c1ed37-10d0-4ef1-93dc-198e70abb166"

                                                       ],

                                     "excludeGroups@odata.type":  "#Collection(String)",

                                     "excludeGroups":  [

                                                       ],

                                     "includeRoles@odata.type":  "#Collection(String)",

                                     "includeRoles":  [

                                                      ],

                                     "excludeRoles@odata.type":  "#Collection(String)",

                                     "excludeRoles":  [

                                                      ],

                                     "includeGuestsOrExternalUsers":  null,

                                     "excludeGuestsOrExternalUsers":  null

                                 },

                       "locations":  {

                                         "@odata.type":  "#microsoft.graph.conditionalAccessLocations",

                                         "includeLocations@odata.type":  "#Collection(String)",

                                         "includeLocations":  [

                                                                  "All"

                                                              ],

                                         "excludeLocations@odata.type":  "#Collection(String)",

                                         "excludeLocations":  [

                                                                  "0b4ea4f9-b0da-4e95-b69c-024ec5c8a8c2"

                                                              ]

                                     }

                   },

    "grantControls":  {

                          "@odata.type":  "#microsoft.graph.conditionalAccessGrantControls",

                          "operator":  "OR",

                          "builtInControls@odata.type":  "#Collection(microsoft.graph.conditionalAccessGrantControl)",

                          "builtInControls":  [

                                                  "block"

                                              ],

                          "customAuthenticationFactors@odata.type":  "#Collection(String)",

                          "customAuthenticationFactors":  [

                                                          ],

                          "termsOfUse@odata.type":  "#Collection(String)",

                          "termsOfUse":  [

                                         ],

                          "authenticationStrength@odata.context":  "https://graph.microsoft.com/beta/$metadata#identity/conditionalAccess/policies(\u0027ff0b4179-d1e7-41b4-aaeb-7c8ef89048d2\u0027)/grantControls/authenticationStrength/$entity",

                          "authenticationStrength@odata.associationLink":  "https://graph.microsoft.com/beta/identity/conditionalAccess/policies(\u0027ff0b4179-d1e7-41b4-aaeb-7c8ef89048d2\u0027)/grantControls/authenticationStrength/$ref",

                          "authenticationStrength@odata.navigationLink":  "https://graph.microsoft.com/beta/identity/conditionalAccess/policies(\u0027ff0b4179-d1e7-41b4-aaeb-7c8ef89048d2\u0027)/grantControls/authenticationStrength",

                          "authenticationStrength":  null

                      },

    "#microsoft.graph.restore":  {

                                     "title":  "microsoft.graph.restore",

                                     "target":  "https://graph.microsoft.com/beta/identity/conditionalAccess/policies(\u0027ff0b4179-d1e7-41b4-aaeb-7c8ef89048d2\u0027)/microsoft.graph.restore"

                                 }

}