AADCrossTenantAccessPolicyConfigurationDefault

Parameters

Parameter Attribute DataType Description Allowed Values
IsSingleInstance Key String Only valid value is 'Yes'. Yes
B2BCollaborationInbound Write MSFT_AADCrossTenantAccessPolicyB2BSetting Defines your partner-specific configuration for users from other organizations accessing your resources via Azure AD B2B collaboration.
B2BCollaborationOutbound Write MSFT_AADCrossTenantAccessPolicyB2BSetting Defines your partner-specific configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B collaboration.
B2BDirectConnectInbound Write MSFT_AADCrossTenantAccessPolicyB2BSetting Defines your partner-specific configuration for users from other organizations accessing your resources via Azure AD B2B direct connect.
B2BDirectConnectOutbound Write MSFT_AADCrossTenantAccessPolicyB2BSetting Defines your partner-specific configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B direct connect.
InboundTrust Write MSFT_AADCrossTenantAccessPolicyInboundTrust Determines the partner-specific configuration for trusting other Conditional Access claims from external Azure AD organizations.
Ensure Write String Specify if the instance should exist or not. Present
Credential Write PSCredential Credentials of the Admin
ApplicationId Write String Id of the Azure Active Directory application to authenticate with.
TenantId Write String Id of the Azure Active Directory tenant used for authentication.
ApplicationSecret Write PSCredential Secret of the Azure Active Directory tenant used for authentication.
CertificateThumbprint Write String Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.
ManagedIdentity Write Boolean Managed ID being used for authentication.
AccessTokens Write StringArray[] Access token used for authentication.

MSFT_AADCrossTenantAccessPolicyTarget

Parameters

Parameter Attribute DataType Description Allowed Values
Target Write String The unique identifier of the user, group, or application; one of the following keywords: AllUsers and AllApplications; or for targets that are applications, you may use reserved values.
TargetType Write String The type of resource that you want to target. The possible values are: user, group, application, unknownFutureValue. user, group, application, unknownFutureValue

MSFT_AADCrossTenantAccessPolicyTargetConfiguration

Parameters

Parameter Attribute DataType Description Allowed Values
AccessType Write String Defines whether access is allowed or blocked. The possible values are: allowed, blocked, unknownFutureValue. allowed, blocked, unknownFutureValue
Targets Write MSFT_AADCrossTenantAccessPolicyTarget[] Specifies whether to target users, groups, or applications with this rule.

MSFT_AADCrossTenantAccessPolicyB2BSetting

Parameters

Parameter Attribute DataType Description Allowed Values
Applications Write MSFT_AADCrossTenantAccessPolicyTargetConfiguration The list of applications targeted with your cross-tenant access policy.
UsersAndGroups Write MSFT_AADCrossTenantAccessPolicyTargetConfiguration The list of users and groups targeted with your cross-tenant access policy.

MSFT_AADCrossTenantAccessPolicyInboundTrust

Parameters

Parameter Attribute DataType Description Allowed Values
IsCompliantDeviceAccepted Write Boolean Specifies whether compliant devices from external Azure AD organizations are trusted.
IsHybridAzureADJoinedDeviceAccepted Write Boolean Specifies whether hybrid Azure AD joined devices from external Azure AD organizations are trusted.
IsMfaAccepted Write Boolean Specifies whether MFA from external Azure AD organizations is trusted.

Description

This resource manages Azure AD Cross Tenant Access Policies Configuration Default.

Permissions

Microsoft Graph

To authenticate with the Microsoft Graph API, this resource required the following permissions:

Delegated permissions

  • Read

    • Policy.Read.All
  • Update

    • Policy.ReadWrite.CrossTenantAccess

Application permissions

  • Read

    • Policy.Read.All
  • Update

    • Policy.ReadWrite.CrossTenantAccess

Examples

Example 1

This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.

Configuration Example
{
    param(
        [Parameter()]
        [System.String]
        $ApplicationId,

        [Parameter()]
        [System.String]
        $TenantId,

        [Parameter()]
        [System.String]
        $CertificateThumbprint
    )
    Import-DscResource -ModuleName Microsoft365DSC

    Node localhost
    {
        AADCrossTenantAccessPolicyConfigurationDefault "AADCrossTenantAccessPolicyConfigurationDefault"
        {
            B2BCollaborationInbound  = MSFT_AADCrossTenantAccessPolicyB2BSetting {
                Applications = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{
                    AccessType = 'allowed'
                    Targets    = @(
                        MSFT_AADCrossTenantAccessPolicyTarget{
                            Target     = 'AllApplications'
                            TargetType = 'application'
                        }
                    )
                }
                UsersAndGroups = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{
                    AccessType = 'allowed'
                    Targets    = @(
                        MSFT_AADCrossTenantAccessPolicyTarget{
                            Target     = 'AllUsers'
                            TargetType = 'user'
                        }
                    )
                }
            }
            B2BCollaborationOutbound = MSFT_AADCrossTenantAccessPolicyB2BSetting {
                Applications = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{
                    AccessType = 'allowed'
                    Targets    = @(
                        MSFT_AADCrossTenantAccessPolicyTarget{
                            Target     = 'AllApplications'
                            TargetType = 'application'
                        }
                    )
                }
                UsersAndGroups = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{
                    AccessType = 'allowed'
                    Targets    = @(
                        MSFT_AADCrossTenantAccessPolicyTarget{
                            Target     = 'AllUsers'
                            TargetType = 'user'
                        }
                    )
                }
            }
            B2BDirectConnectInbound  = MSFT_AADCrossTenantAccessPolicyB2BSetting {
                Applications = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{
                    AccessType = 'blocked'
                    Targets    = @(
                        MSFT_AADCrossTenantAccessPolicyTarget{
                            Target     = 'AllApplications'
                            TargetType = 'application'
                        }
                    )
                }
                UsersAndGroups = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{
                    AccessType = 'blocked'
                    Targets    = @(
                        MSFT_AADCrossTenantAccessPolicyTarget{
                            Target     = 'AllUsers'
                            TargetType = 'user'
                        }
                    )
                }
            }
            B2BDirectConnectOutbound = MSFT_AADCrossTenantAccessPolicyB2BSetting {
                Applications = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{
                    AccessType = 'blocked'
                    Targets    = @(
                        MSFT_AADCrossTenantAccessPolicyTarget{
                            Target     = 'AllApplications'
                            TargetType = 'application'
                        }
                    )
                }
                UsersAndGroups = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{
                    AccessType = 'blocked'
                    Targets    = @(
                        MSFT_AADCrossTenantAccessPolicyTarget{
                            Target     = 'AllUsers'
                            TargetType = 'user'
                        }
                    )
                }
            }
            ApplicationId         = $ApplicationId
            TenantId              = $TenantId
            CertificateThumbprint = $CertificateThumbprint
            Ensure                   = "Present";
            InboundTrust             = MSFT_AADCrossTenantAccessPolicyInboundTrust {
                IsCompliantDeviceAccepted           = $False
                IsHybridAzureADJoinedDeviceAccepted = $False
                IsMfaAccepted                       = $False
            }
            IsSingleInstance                        = "Yes";
        }
    }
}