Skip to content

Commit b51dead

Browse files
PRMerger7PRMerger7
authored
Merge pull request #179011 from MicrosoftGuyJFlo/GitHubIssue83354
[Azure AD] Conditional Access - GitHub Issue 83354
2 parents 953e69d + ffc3918 commit b51dead

File tree

1 file changed

+6
-2
lines changed

1 file changed

+6
-2
lines changed

articles/active-directory/conditional-access/concept-condition-filters-for-devices.md

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ description: Use filter for devices in Conditional Access to enhance security po
44
ms.service: active-directory
55
ms.subservice: conditional-access
66
ms.topic: conceptual
7-
ms.date: 10/26/2021
7+
ms.date: 11/08/2021
88

99
ms.author: joflore
1010
author: MicrosoftGuyJFlo
@@ -19,7 +19,6 @@ When creating Conditional Access policies, administrators have asked for the abi
1919

2020
:::image type="content" source="media/concept-condition-filters-for-devices/create-filter-for-devices-condition.png" alt-text="Creating a filter for device in Conditional Access policy conditions":::
2121

22-
2322
## Common scenarios
2423

2524
There are multiple scenarios that organizations can now enable using filter for devices condition. Below are some core scenarios with examples of how to use this new condition.
@@ -84,6 +83,10 @@ Policy 2: All users with the directory role of Global administrator, accessing t
8483
1. Confirm your settings and set **Enable policy** to **On**.
8584
1. Select **Create** to create to enable your policy.
8685

86+
### Setting attribute values
87+
88+
Setting extension attributes is made possible through the Graph API. For more information about setting device attributes, see the article [Update device](/graph/api/device-update?view=graph-rest-1.0&tabs=http#example-2--write-extensionattributes-on-a-device).
89+
8790
### Filter for devices Graph API
8891

8992
The filter for devices API is available in Microsoft Graph v1.0 endpoint and can be accessed using https://graph.microsoft.com/v1.0/identity/conditionalaccess/policies/. You can configure a filter for devices when creating a new Conditional Access policy or you can update an existing policy to configure the filter for devices condition. To update an existing policy, you can do a patch call on the Microsoft Graph v1.0 endpoint mentioned above by appending the policy ID of an existing policy and executing the following request body. The example here shows configuring a filter for devices condition excluding device that are not marked as SAW devices. The rule syntax can consist of more than one single expression. To learn more about the syntax, see [dynamic membership rules for groups in Azure Active Directory](../enterprise-users/groups-dynamic-membership.md).
@@ -139,6 +142,7 @@ The filter for devices condition in Conditional Access evaluates policy based on
139142

140143
## Next steps
141144

145+
- [Update device Graph API](/graph/api/device-update?view=graph-rest-1.0&tabs=http)
142146
- [Conditional Access: Conditions](concept-conditional-access-conditions.md)
143147
- [Common Conditional Access policies](concept-conditional-access-policy-common.md)
144148
- [Securing devices as part of the privileged access story](/security/compass/privileged-access-devices)

0 commit comments

Comments
 (0)