AADCrossTenantAccessPolicyConfigurationPartner¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| PartnerTenantId | Key | String | The tenant identifier for the partner Azure Active Directory (Azure AD) organization. | |
| B2BCollaborationInbound | Write | MSFT_AADCrossTenantAccessPolicyB2BSetting | Defines your partner-specific configuration for users from other organizations accessing your resources via Azure AD B2B collaboration. | |
| B2BCollaborationOutbound | Write | MSFT_AADCrossTenantAccessPolicyB2BSetting | Defines your partner-specific configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B collaboration. | |
| B2BDirectConnectInbound | Write | MSFT_AADCrossTenantAccessPolicyB2BSetting | Defines your partner-specific configuration for users from other organizations accessing your resources via Azure AD B2B direct connect. | |
| B2BDirectConnectOutbound | Write | MSFT_AADCrossTenantAccessPolicyB2BSetting | Defines your partner-specific configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B direct connect. | |
| AutomaticUserConsentSettings | Write | MSFT_AADCrossTenantAccessPolicyAutomaticUserConsentSettings | Determines the partner-specific configuration for accepting trust claims from other tenant invitations. | |
| IdentitySynchronization | Write | MSFT_AADCrossTenantIdentitySyncPolicyPartnerInbound | Defines the identity synchronization settings. | |
| InboundTrust | Write | MSFT_AADCrossTenantAccessPolicyInboundTrust | Determines the partner-specific configuration for trusting other Conditional Access claims from external Azure AD organizations. | |
| Ensure | Write | String | Specify if the policy should exist or not. | Present, Absent |
| Credential | Write | PSCredential | Credentials of the Admin | |
| ApplicationId | Write | String | Id of the Azure Active Directory application to authenticate with. | |
| TenantId | Write | String | Id of the Azure Active Directory tenant used for authentication. | |
| ApplicationSecret | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | |
| CertificateThumbprint | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | |
| ManagedIdentity | Write | Boolean | Managed ID being used for authentication. | |
| AccessTokens | Write | StringArray[] | Access token used for authentication. |
Embedded Instances¶
MSFT_AADCrossTenantAccessPolicyTarget¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| Target | Required | String | The unique identifier of the user, group, or application; one of the following keywords: AllUsers and AllApplications; or for targets that are applications, you may use reserved values. | |
| TargetType | Required | String | The type of resource that you want to target. The possible values are: user, group, application, unknownFutureValue. | user, group, application, unknownFutureValue |
MSFT_AADCrossTenantAccessPolicyTargetConfiguration¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| AccessType | Write | String | Defines whether access is allowed or blocked. The possible values are: allowed, blocked, unknownFutureValue. | allowed, blocked, unknownFutureValue |
| Targets | Write | MSFT_AADCrossTenantAccessPolicyTarget[] | Specifies whether to target users, groups, or applications with this rule. |
MSFT_AADCrossTenantAccessPolicyB2BSetting¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| Applications | Write | MSFT_AADCrossTenantAccessPolicyTargetConfiguration | The list of applications targeted with your cross-tenant access policy. | |
| UsersAndGroups | Write | MSFT_AADCrossTenantAccessPolicyTargetConfiguration | The list of users and groups targeted with your cross-tenant access policy. |
MSFT_AADCrossTenantAccessPolicyAutomaticUserConsentSettings¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| InboundAllowed | Write | Boolean | Specifies whether you want to automatically trust Inbound invitations. | |
| OutboundAllowed | Write | Boolean | Specifies whether you want to automatically trust Outbound invitations. |
MSFT_AADCrossTenantAccessPolicyInboundTrust¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| IsCompliantDeviceAccepted | Write | Boolean | Specifies whether compliant devices from external Azure AD organizations are trusted. | |
| IsHybridAzureADJoinedDeviceAccepted | Write | Boolean | Specifies whether hybrid Azure AD joined devices from external Azure AD organizations are trusted. | |
| IsMfaAccepted | Write | Boolean | Specifies whether MFA from external Azure AD organizations is trusted. |
MSFT_AADCrossTenantGroupSyncInbound¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| IsSyncAllowed | Write | Boolean | Defines whether group objects should be synchronized from the partner tenant. false stops any current group synchronization from the source tenant to the target tenant. This property has no impact on existing groups that were synchronized. |
MSFT_AADCrossTenantUserSyncInbound¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| IsSyncAllowed | Write | Boolean | Defines whether user objects should be synchronized from the partner tenant. false causes any current user synchronization from the source tenant to the target tenant to stop. This property has no impact on existing users who have already been synchronized. |
MSFT_AADCrossTenantIdentitySyncPolicyPartnerInbound¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| GroupSyncInbound | Write | MSFT_AADCrossTenantGroupSyncInbound | Defines whether groups can be synchronized from a partner tenant. Key. | |
| UserSyncInbound | Write | MSFT_AADCrossTenantUserSyncInbound | Specifies whether you want to automatically trust Outbound invitations. |
Description¶
This resource manages Azure AD Cross Tenant Access Policies Configuration Partner.
Permissions¶
Microsoft Graph¶
To authenticate with the Microsoft Graph API, this resource requires the following permissions:
Delegated permissions¶
- Read
-
Policy.Read.All
-
Update
- Policy.ReadWrite.CrossTenantAccess
Application permissions¶
- Read
-
Policy.Read.All
-
Update
- Policy.ReadWrite.CrossTenantAccess
Examples¶
Example 1¶
This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.
Configuration Example
{
param(
[Parameter()]
[System.String]
$ApplicationId,
[Parameter()]
[System.String]
$TenantId,
[Parameter()]
[System.String]
$CertificateThumbprint
)
Import-DscResource -ModuleName Microsoft365DSC
Node localhost
{
AADCrossTenantAccessPolicyConfigurationPartner "AADCrossTenantAccessPolicyConfigurationPartner"
{
PartnerTenantId = "e7a80bcf-696e-40ca-8775-a7f85fbb3ebc"; # O365DSC.onmicrosoft.com
AutomaticUserConsentSettings = MSFT_AADCrossTenantAccessPolicyAutomaticUserConsentSettings {
InboundAllowed = $True
OutboundAllowed = $True
};
B2BCollaborationOutbound = MSFT_AADCrossTenantAccessPolicyB2BSetting {
Applications = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{
AccessType = 'allowed'
Targets = @(
MSFT_AADCrossTenantAccessPolicyTarget{
Target = 'AllApplications'
TargetType = 'application'
}
)
}
UsersAndGroups = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{
AccessType = 'allowed'
Targets = @(
MSFT_AADCrossTenantAccessPolicyTarget{
Target = '68bafe64-f86b-4c4e-b33b-9d3eaa11544b' # Office 365
TargetType = 'user'
}
)
}
};
ApplicationId = $ApplicationId
TenantId = $TenantId
CertificateThumbprint = $CertificateThumbprint
Ensure = "Present";
}
}
}
Example 2¶
This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.
Configuration Example
{
param(
[Parameter()]
[System.String]
$ApplicationId,
[Parameter()]
[System.String]
$TenantId,
[Parameter()]
[System.String]
$CertificateThumbprint
)
Import-DscResource -ModuleName Microsoft365DSC
Node localhost
{
AADCrossTenantAccessPolicyConfigurationPartner "AADCrossTenantAccessPolicyConfigurationPartner"
{
PartnerTenantId = "e7a80bcf-696e-40ca-8775-a7f85fbb3ebc"; # O365DSC.onmicrosoft.com
AutomaticUserConsentSettings = MSFT_AADCrossTenantAccessPolicyAutomaticUserConsentSettings {
InboundAllowed = $False # Updated Property
OutboundAllowed = $True
};
B2BCollaborationOutbound = MSFT_AADCrossTenantAccessPolicyB2BSetting {
Applications = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{
AccessType = 'allowed'
Targets = @(
MSFT_AADCrossTenantAccessPolicyTarget{
Target = 'AllApplications'
TargetType = 'application'
}
)
}
UsersAndGroups = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{
AccessType = 'allowed'
Targets = @(
MSFT_AADCrossTenantAccessPolicyTarget{
Target = '68bafe64-f86b-4c4e-b33b-9d3eaa11544b' # Office 365
TargetType = 'user'
}
)
}
};
ApplicationId = $ApplicationId
TenantId = $TenantId
CertificateThumbprint = $CertificateThumbprint
Ensure = "Present";
}
}
}
Example 3¶
This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.
Configuration Example
{
param(
[Parameter()]
[System.String]
$ApplicationId,
[Parameter()]
[System.String]
$TenantId,
[Parameter()]
[System.String]
$CertificateThumbprint
)
Import-DscResource -ModuleName Microsoft365DSC
Node localhost
{
AADCrossTenantAccessPolicyConfigurationPartner "AADCrossTenantAccessPolicyConfigurationPartner"
{
ApplicationId = $ApplicationId
TenantId = $TenantId
CertificateThumbprint = $CertificateThumbprint
Ensure = "Absent";
PartnerTenantId = "12345-12345-12345-12345-12345";
}
}
}