| title | conditionalAccessClientApplications resource type |
|---|---|
| description | Represents client applications (service principals and workload identities) included in and excluded from the policy scope. |
| author | lisaychuang |
| ms.reviewer | conditionalaccesspm |
| ms.localizationpriority | medium |
| ms.subservice | entra-sign-in |
| doc_type | resourcePageType |
| ms.date | 07/22/2024 |
Namespace: microsoft.graph
[!INCLUDE beta-disclaimer]
Represents client applications (service principals and workload identities) included in and excluded from the policy scope.
| Property | Type | Description |
|---|---|---|
| agentIdServicePrincipalFilter | conditionalAccessFilter | Filter that defines rules based on custom security attribute tags to include/exclude agent identities in the policy. |
| excludeAgentIdServicePrincipals | String collection | Agent identity object IDs excluded from the policy. |
| excludeServicePrincipals | String collection | Service principal IDs excluded from the policy scope. |
| includeAgentIdServicePrincipals | String collection | Agent identity object IDs included in the policy. |
| includeServicePrincipals | String collection | Service principal IDs included in the policy scope or ServicePrincipalsInMyTenant. |
| servicePrincipalFilter | conditionalAccessFilter | Filter that defines the dynamic-servicePrincipal-syntax rule to include/exclude service principals. A filter can use custom security attributes to include/exclude service principals. |
None.
The following JSON representation shows the resource type.
{
"@odata.type": "#microsoft.graph.conditionalAccessClientApplications",
"includeServicePrincipals": [
"String"
],
"excludeServicePrincipals": [
"String"
],
"servicePrincipalFilter": {
"@odata.type": "microsoft.graph.conditionalAccessFilter"
},
"includeAgentIdServicePrincipals": [
"String"
],
"excludeAgentIdServicePrincipals": [
"String"
],
"agentIdServicePrincipalFilter": {
"@odata.type": "microsoft.graph.conditionalAccessFilter"
}
}