Office365 as a Conditional Policy Resource

%3CLINGO-SUB%20id%3D%22lingo-sub-2496785%22%20slang%3D%22en-US%22%3EOffice365%20as%20a%20Conditional%20Policy%20Resource%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2496785%22%20slang%3D%22en-US%22%3E%3CP%3EWhen%20I%20create%20CA-Policy%20around%20%3CSTRONG%3EOffice365%3C%2FSTRONG%3E%20as%20a%20cloud-resource%2C%26nbsp%3B%20which%20exact%20resource%20we%20are%20protecting%20%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAre%20we%20protecting%26nbsp%3B%20%3CSTRONG%3EMS-Graph%26nbsp%3B%20as%20a%20resource%3C%2FSTRONG%3E%20which%20has%20APIs%20for%20various%26nbsp%3B%20office%20applications%20like%20Teams%2C%20SharePoint%20etc.%3C%2FP%3E%3CP%3EIn%20other%20words%20we%20are%20protecting%20various%26nbsp%3B%20office356%20APIs%20in%20MS-Graph%3C%2FP%3E%3CP%3EFor%20eg.%2C%26nbsp%3B%20POST%20%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2Fbeta%2Fsites%2F%257bsite-id%257d%2Flists%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgraph.microsoft.com%2Fbeta%2Fsites%2F%7Bsite-id%7D%2Flists%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOR%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAre%20we%20protecting%20all%20direct%20APIs%20exposed%20by%20Teams%2C%20SharePoint%2C%20Exchange%20etc.%20%3F%3C%2FP%3E%3CP%3ESomething%20like%20for%20eg.%2C%20%26nbsp%3B%26nbsp%3BPOST%20%3CA%20href%3D%22https%3A%2F%2Fmicrosoft.sharepoint-df.com%2Fsites%2F%257bsite-id%257d%2Flists%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmicrosoft.sharepoint-df.com%2Fsites%2F%7Bsite-id%7D%2Flists%3C%2FA%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2496785%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAccess%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2502425%22%20slang%3D%22en-US%22%3ERe%3A%20Office365%20as%20a%20Conditional%20Policy%20Resource%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2502425%22%20slang%3D%22en-US%22%3E%3CP%3EHey%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F682533%22%20target%3D%22_blank%22%3E%40testuser7%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESorry%20if%20i%20didnt%20get%20your%20question%20completely%3B%20It%20should%20be%20the%20latter%2C%20conditional%20access%20polices%20are%20targeted%20against%20the%20core%20office%20365%20services%20Teams%2C%20SPO%2C%20EXO%20etc.%20Graph%20API%20essentially%20is%20just%20a%20way%20to%20make%20calls%20to%20the%20core%20service%20just%20like%20EWS%20for%20exchange.%20A%20bit%20old%20but%20this%20post%20from%20Vasil%20should%20help%20clear%20some%20air%20%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fpractical365.com%2Fapplication-access-policies-in-exchange-online%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fpractical365.com%2Fapplication-access-policies-in-exchange-online%2F%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

When I create CA-Policy around Office365 as a cloud-resource,  which exact resource we are protecting ?

 

Are we protecting  MS-Graph  as a resource which has APIs for various  office applications like Teams, SharePoint etc.

In other words we are protecting various  office356 APIs in MS-Graph

For eg.,  POST https://graph.microsoft.com/beta/sites/{site-id}/lists 

 

OR

 

Are we protecting all direct APIs exposed by Teams, SharePoint, Exchange etc. ?

Something like for eg.,   POST https://microsoft.sharepoint-df.com/sites/{site-id}/lists      

 

Thanks.

1 Reply

Hey @testuser7 

 

Sorry if i didnt get your question completely; It should be the latter, conditional access polices are targeted against the core office 365 services Teams, SPO, EXO etc. Graph API essentially is just a way to make calls to the core service just like EWS for exchange. A bit old but this post from Vasil should help clear some air : https://practical365.com/application-access-policies-in-exchange-online/

 

Thanks