NLBaselineCA

1.0.0

Baseline/CA501-Agents-AttackSurfaceReduction-SelectedApps-AnyPlatform-BLOCK-UntrustedNetwork.json

                                {

    "@odata.type": "#microsoft.graph.conditionalAccessPolicy",

    "displayName": "CA501-Agents-AttackSurfaceReduction-SelectedApps-AnyPlatform-BLOCK-UntrustedNetwork",

    "state": "enabledForReportingButNotEnforced",

    "conditions": {

        "@odata.type": "#microsoft.graph.conditionalAccessConditionSet",

        "userRiskLevels@odata.type": "#Collection(microsoft.graph.riskLevel)",

        "userRiskLevels": [],

        "signInRiskLevels@odata.type": "#Collection(microsoft.graph.riskLevel)",

        "signInRiskLevels": [],

        "clientAppTypes@odata.type": "#Collection(microsoft.graph.conditionalAccessClientApp)",

        "clientAppTypes": [

            "all"

        ],

        "platforms": null,

        "locations": {

            "@odata.type": "#microsoft.graph.conditionalAccessLocations",

            "includeLocations@odata.type": "#Collection(String)",

            "includeLocations": [],

            "excludeLocations@odata.type": "#Collection(String)",

            "excludeLocations": [

                "AllTrustedLocations"

            ]

        },

        "times": null,

        "deviceStates": null,

        "devices": null,

        "clientApplications": {

            "@odata.type": "#microsoft.graph.conditionalAccessClientApplications",

            "servicePrincipalFilter": {

                "@odata.type": "#microsoft.graph.conditionalAccessFilter",

                "mode": "include",

                "rule": "servicePrincipal.customSecurityAttributes/AgentType -eq \"AI-Agent\""

            },

            "includeServicePrincipals": [],

            "excludeServicePrincipals": []

        },

        "applications": {

            "@odata.type": "#microsoft.graph.conditionalAccessApplications",

            "includeApplications@odata.type": "#Collection(String)",

            "includeApplications": [

                "00000003-0000-0000-c000-000000000000"

            ],

            "excludeApplications@odata.type": "#Collection(String)",

            "excludeApplications": [],

            "includeUserActions@odata.type": "#Collection(String)",

            "includeUserActions": [],

            "includeAuthenticationContextClassReferences@odata.type": "#Collection(String)",

            "includeAuthenticationContextClassReferences": [],

            "applicationFilter": null

        },

        "users": {

            "@odata.type": "#microsoft.graph.conditionalAccessUsers",

            "includeUsers@odata.type": "#Collection(String)",

            "includeUsers": [],

            "excludeUsers@odata.type": "#Collection(String)",

            "excludeUsers": [],

            "includeGroups@odata.type": "#Collection(String)",

            "includeGroups": [],

            "excludeGroups@odata.type": "#Collection(String)",

            "excludeGroups": [],

            "includeRoles@odata.type": "#Collection(String)",

            "includeRoles": [],

            "excludeRoles@odata.type": "#Collection(String)",

            "excludeRoles": [],

            "includeGuestsOrExternalUsers": null,

            "excludeGuestsOrExternalUsers": null

        }

    },

    "grantControls": {

        "@odata.type": "#microsoft.graph.conditionalAccessGrantControls",

        "operator": "OR",

        "builtInControls@odata.type": "#Collection(microsoft.graph.conditionalAccessGrantControl)",

        "builtInControls": [

            "block"

        ],

        "customAuthenticationFactors": [],

        "termsOfUse": [],

        "authenticationStrength": null

    },

    "sessionControls": null,

    "templateId": null

}