Forum Discussion
Office365 as a Conditional Policy Resource
When I create CA-Policy around Office365 as a cloud-resource, which exact resource we are protecting ?
Are we protecting MS-Graph as a resource which has APIs for various office applications like Teams, SharePoint etc.
In other words we are protecting various office356 APIs in MS-Graph
For eg., POST https://graph.microsoft.com/beta/sites/{site-id}/lists
OR
Are we protecting all direct APIs exposed by Teams, SharePoint, Exchange etc. ?
Something like for eg., POST https://microsoft.sharepoint-df.com/sites/{site-id}/lists
Thanks.
- harveer singhSteel Contributor
Hey testuser7
Sorry if i didnt get your question completely; It should be the latter, conditional access polices are targeted against the core office 365 services Teams, SPO, EXO etc. Graph API essentially is just a way to make calls to the core service just like EWS for exchange. A bit old but this post from Vasil should help clear some air : https://practical365.com/application-access-policies-in-exchange-online/
Thanks