Skip to content

Commit d7dbb04

Browse files
huypubhuypub
authored
Merge pull request #225043 from MicrosoftDocs/main
1/25 AM Publish
2 parents 6097f49 + ae68f1c commit d7dbb04

File tree

98 files changed

+1272
-549
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

98 files changed

+1272
-549
lines changed

articles/active-directory/cloud-infrastructure-entitlement-management/TOC.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -31,14 +31,14 @@
3131
- name: View key statistics and data about your authorization system
3232
href: ui-dashboard.md
3333
- name: View data about the activity in your authorization system
34-
href: product-dashboard.md
35-
- name: View current billable resources in your authorization system
36-
href: product-data-billable-resources.md
34+
href: product-dashboard.md
3735
- name: View information about your Authorization Systems
3836
expanded: false
3937
items:
4038
- name: View and configure settings for data collection
4139
href: product-data-sources.md
40+
- name: View current billable resources in your authorization system
41+
href: product-data-billable-resources.md
4242
- name: Manage organizational and personal information
4343
expanded: false
4444
items:

articles/active-directory/conditional-access/concept-condition-filters-for-devices.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ description: Use filter for devices in Conditional Access to enhance security po
44
ms.service: active-directory
55
ms.subservice: conditional-access
66
ms.topic: conceptual
7-
ms.date: 04/28/2022
7+
ms.date: 01/25/2023
88
ms.author: joflore
99
author: MicrosoftGuyJFlo
1010
manager: amycolannino
@@ -19,7 +19,7 @@ When creating Conditional Access policies, administrators have asked for the abi
1919

2020
## Common scenarios
2121

22-
There are multiple scenarios that organizations can now enable using filter for devices condition. Below are some core scenarios with examples of how to use this new condition.
22+
There are multiple scenarios that organizations can now enable using filter for devices condition. The following scenarios provide examples of how to use this new condition.
2323

2424
- **Restrict access to privileged resources**. For this example, lets say you want to allow access to Microsoft Azure Management from a user who is assigned a privileged role Global Admin, has satisfied multifactor authentication and accessing from a device that is [privileged or secure admin workstations](/security/compass/privileged-access-devices) and attested as compliant. For this scenario, organizations would create two Conditional Access policies:
2525
- Policy 1: All users with the directory role of Global Administrator, accessing the Microsoft Azure Management cloud app, and for Access controls, Grant access, but require multifactor authentication and require device to be marked as compliant.
@@ -89,7 +89,7 @@ Setting extension attributes is made possible through the Graph API. For more in
8989

9090
### Filter for devices Graph API
9191

92-
The filter for devices API is available in Microsoft Graph v1.0 endpoint and can be accessed using https://graph.microsoft.com/v1.0/identity/conditionalaccess/policies/. You can configure a filter for devices when creating a new Conditional Access policy or you can update an existing policy to configure the filter for devices condition. To update an existing policy, you can do a patch call on the Microsoft Graph v1.0 endpoint mentioned above by appending the policy ID of an existing policy and executing the following request body. The example here shows configuring a filter for devices condition excluding devices that aren't marked as SAW devices. The rule syntax can consist of more than one single expression. To learn more about the syntax, see [dynamic membership rules for groups in Azure Active Directory](../enterprise-users/groups-dynamic-membership.md).
92+
The filter for devices API is available in Microsoft Graph v1.0 endpoint and can be accessed using the endpoint `https://graph.microsoft.com/v1.0/identity/conditionalaccess/policies/`. You can configure a filter for devices when creating a new Conditional Access policy or you can update an existing policy to configure the filter for devices condition. To update an existing policy, you can do a patch call on the Microsoft Graph v1.0 endpoint by appending the policy ID of an existing policy and executing the following request body. The example here shows configuring a filter for devices condition excluding devices that aren't marked as SAW devices. The rule syntax can consist of more than one single expression. To learn more about the syntax, see [dynamic membership rules for groups in Azure Active Directory](../enterprise-users/groups-dynamic-membership.md).
9393

9494
```json
9595
{
@@ -136,7 +136,7 @@ The following device attributes can be used with the filter for devices conditio
136136
137137
## Policy behavior with filter for devices
138138

139-
The filter for devices condition in Conditional Access evaluates policy based on device attributes of a registered device in Azure AD and hence it's important to understand under what circumstances the policy is applied or not applied. The table below illustrates the behavior when a filter for devices condition is configured.
139+
The filter for devices condition in Conditional Access evaluates policy based on device attributes of a registered device in Azure AD and hence it's important to understand under what circumstances the policy is applied or not applied. The following table illustrates the behavior when a filter for devices condition is configured.
140140

141141
| Filter for devices condition | Device registration state | Device filter Applied
142142
| --- | --- | --- |

0 commit comments

Comments
 (0)