Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Office365 as a Conditional Policy Resource

Brass Contributor

When I create CA-Policy around Office365 as a cloud-resource,  which exact resource we are protecting ?


Are we protecting  MS-Graph  as a resource which has APIs for various  office applications like Teams, SharePoint etc.

In other words we are protecting various  office356 APIs in MS-Graph

For eg.,  POST{site-id}/lists 




Are we protecting all direct APIs exposed by Teams, SharePoint, Exchange etc. ?

Something like for eg.,   POST{site-id}/lists      



1 Reply

Hey @testuser7 


Sorry if i didnt get your question completely; It should be the latter, conditional access polices are targeted against the core office 365 services Teams, SPO, EXO etc. Graph API essentially is just a way to make calls to the core service just like EWS for exchange. A bit old but this post from Vasil should help clear some air :