Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Namespace: microsoft.graph
Important
APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
Represents the result of a Conditional Access What If evaluation, which indicates the policies that would apply based on the sign-in details you provide. For more information, see the Conditional Access Policy What If tool.
Inherits from conditionalAccessPolicy.
Methods
| Method | Return type | Description |
|---|---|---|
| Evaluate | whatIfAnalysisResult collection | List the results of the What If evaluation of Conditional Access Policies targeting a sign-in attempt. |
Properties
| Property | Type | Description |
|---|---|---|
| analysisReasons | whatIfAnalysisReasons | Specifies the reasons why a policy didn't apply. analysisReasons is set to notSet when policyApplies is true and one of the following values when policyApplies is false: notEnoughInformation, invalidCondition, users, workloadIdentities, application, userActions, authenticationContext, devicePlatform, devices, clientApps, ___location, signInRisk, emptyPolicy, invalidPolicy, policyNotEnabled, userRisk, time, insiderRisk, authenticationFlow, unknownFutureValue. |
| conditions | conditionalAccessConditionSet | Specifies the rules that must be met for the policy to apply. Inherited from conditionalAccessPolicy. |
| createdDateTime | DateTimeOffset | The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Inherited from conditionalAccessPolicy. |
| description | String | Not used. Inherited from conditionalAccessPolicy. |
| displayName | String | Specifies a display name for the conditionalAccessPolicy object. Inherited from conditionalAccessPolicy. |
| grantControls | conditionalAccessGrantControls | Specifies the grant controls that must be fulfilled to pass the policy. Inherited from conditionalAccessPolicy. |
| id | String | Specifies the identifier of a conditionalAccessPolicy object. Inherited from entity. |
| modifiedDateTime | DateTimeOffset | The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Inherited from conditionalAccessPolicy. |
| policyApplies | Boolean | Specifies whether the policy applies to the sign-in properties provided in the request body. If policyApplies is true, the policy applies to the sign-in based on the sign-in properties provided. If policyApplies is false, the policy doesn't apply to the sign-in based on the sign-in properties provided and the analysisReasons property is populated to show the reason for the policy not applying. |
| sessionControls | conditionalAccessSessionControls | Specifies the session controls that are enforced after sign-in. Inherited from conditionalAccessPolicy. |
| state | conditionalAccessPolicyState | Specifies the state of the conditionalAccessPolicy object. Inherited from conditionalAccessPolicy. The possible values are: enabled, disabled, enabledForReportingButNotEnforced, unknownFutureValue. |
Relationships
None.
JSON representation
The following JSON representation shows the resource type.
{
"@odata.type": "#microsoft.graph.whatIfAnalysisResult",
"id": "String (identifier)",
"createdDateTime": "String (timestamp)",
"modifiedDateTime": "String (timestamp)",
"displayName": "String",
"description": "String",
"state": "String",
"conditions": {
"@odata.type": "microsoft.graph.conditionalAccessConditionSet"
},
"grantControls": {
"@odata.type": "microsoft.graph.conditionalAccessGrantControls"
},
"sessionControls": {
"@odata.type": "microsoft.graph.conditionalAccessSessionControls"
},
"policyApplies": "Boolean",
"analysisReasons": "String"
}