Merge pull request #125 from manicminer/feature/conditional-access-de…

…vice-conditions Conditional access device conditions
manicminer · Nov 25, 2021 · 9af7348 · 9af7348
2 parents de7ffa0 + 3dd41c0
commit 9af7348
Show file tree

Hide file tree

Showing 2 changed files with 118 additions and 17 deletions.
diff --git a/msgraph/models.go b/msgraph/models.go
@@ -525,8 +525,8 @@ type BaseNamedLocation struct {
 }
 
 type CloudAppSecurityControl struct {
-	IsEnabled            *bool   `json:"isEnabled,omitempty"`
-	CloudAppSecurityType *string `json:"cloudAppSecurityType,omitempty"`
+	IsEnabled            *bool                                                `json:"isEnabled,omitempty"`
+	CloudAppSecurityType *ConditionalAccessCloudAppSecuritySessionControlType `json:"cloudAppSecurityType,omitempty"`
 }
 
 type ConditionalAccessApplications struct {
@@ -536,20 +536,38 @@ type ConditionalAccessApplications struct {
 }
 
 type ConditionalAccessConditionSet struct {
-	Applications     *ConditionalAccessApplications `json:"applications,omitempty"`
-	Users            *ConditionalAccessUsers        `json:"users,omitempty"`
-	ClientAppTypes   *[]string                      `json:"clientAppTypes,omitempty"`
-	Locations        *ConditionalAccessLocations    `json:"locations,omitempty"`
-	Platforms        *ConditionalAccessPlatforms    `json:"platforms,omitempty"`
-	SignInRiskLevels *[]string                      `json:"signInRiskLevels,omitempty"`
-	UserRiskLevels   *[]string                      `json:"userRiskLevels,omitempty"`
+	Applications     *ConditionalAccessApplications    `json:"applications,omitempty"`
+	ClientAppTypes   *[]ConditionalAccessClientAppType `json:"clientAppTypes,omitempty"`
+	Devices          *ConditionalAccessDevices         `json:"devices,omitempty"`
+	DeviceStates     *ConditionalAccessDeviceStates    `json:"deviceStates,omitempty"`
+	Locations        *ConditionalAccessLocations       `json:"locations,omitempty"`
+	Platforms        *ConditionalAccessPlatforms       `json:"platforms,omitempty"`
+	SignInRiskLevels *[]ConditionalAccessRiskLevel     `json:"signInRiskLevels,omitempty"`
+	UserRiskLevels   *[]ConditionalAccessRiskLevel     `json:"userRiskLevels,omitempty"`
+	Users            *ConditionalAccessUsers           `json:"users,omitempty"`
+}
+
+type ConditionalAccessDevices struct {
+	IncludeDevices *[]string                `json:"includeDevices,omitempty"`
+	ExcludeDevices *[]string                `json:"excludeDevices,omitempty"`
+	DeviceFilter   *ConditionalAccessFilter `json:"deviceFilter,omitempty"`
+}
+
+type ConditionalAccessDeviceStates struct {
+	IncludeStates *ConditionalAccessDeviceStatesInclude `json:"includeStates,omitempty"`
+	ExcludeStates *ConditionalAccessDeviceStatesExclude `json:"excludeStates,omitempty"`
+}
+
+type ConditionalAccessFilter struct {
+	Mode *ConditionalAccessFilterMode `json:"mode,omitempty"`
+	Rule *string                      `json:"rule,omitempty"`
 }
 
 type ConditionalAccessGrantControls struct {
-	Operator                    *string   `json:"operator,omitempty"`
-	BuiltInControls             *[]string `json:"builtInControls,omitempty"`
-	CustomAuthenticationFactors *[]string `json:"customAuthenticationFactors,omitempty"`
-	TermsOfUse                  *[]string `json:"termsOfUse,omitempty"`
+	Operator                    *string                          `json:"operator,omitempty"`
+	BuiltInControls             *[]ConditionalAccessGrantControl `json:"builtInControls,omitempty"`
+	CustomAuthenticationFactors *[]string                        `json:"customAuthenticationFactors,omitempty"`
+	TermsOfUse                  *[]string                        `json:"termsOfUse,omitempty"`
 }
 
 type ConditionalAccessLocations struct {
@@ -558,8 +576,8 @@ type ConditionalAccessLocations struct {
 }
 
 type ConditionalAccessPlatforms struct {
-	IncludePlatforms *[]string `json:"includePlatforms,omitempty"`
-	ExcludePlatforms *[]string `json:"excludePlatforms,omitempty"`
+	IncludePlatforms *[]ConditionalAccessDevicePlatform `json:"includePlatforms,omitempty"`
+	ExcludePlatforms *[]ConditionalAccessDevicePlatform `json:"excludePlatforms,omitempty"`
 }
 
 // ConditionalAccessPolicy describes an Conditional Access Policy object.
@@ -1084,8 +1102,8 @@ type PermissionScope struct {
 }
 
 type PersistentBrowserSessionControl struct {
-	IsEnabled *bool   `json:"isEnabled,omitempty"`
-	Mode      *string `json:"mode,omitempty"`
+	IsEnabled *bool                         `json:"isEnabled,omitempty"`
+	Mode      *PersistentBrowserSessionMode `json:"mode,omitempty"`
 }
 
 type PhoneAuthenticationMethod struct {

diff --git a/msgraph/valuetypes.go b/msgraph/valuetypes.go
@@ -201,6 +201,71 @@ const (
 	CredentialUsageSummaryPeriod1  CredentialUsageSummaryPeriod = "D1"
 )
 
+type ConditionalAccessClientAppType = string
+
+const (
+	ConditionalAccessClientAppTypeAll                         ConditionalAccessClientAppType = "all"
+	ConditionalAccessClientAppTypeBrowser                     ConditionalAccessClientAppType = "browser"
+	ConditionalAccessClientAppTypeEasSupported                ConditionalAccessClientAppType = "easSupported"
+	ConditionalAccessClientAppTypeExchangeActiveSync          ConditionalAccessClientAppType = "exchangeActiveSync"
+	ConditionalAccessClientAppTypeMobileAppsAndDesktopClients ConditionalAccessClientAppType = "mobileAppsAndDesktopClients"
+	ConditionalAccessClientAppTypeOther                       ConditionalAccessClientAppType = "other"
+)
+
+type ConditionalAccessCloudAppSecuritySessionControlType = string
+
+const (
+	ConditionalAccessCloudAppSecuritySessionControlTypeBlockDownloads     ConditionalAccessCloudAppSecuritySessionControlType = "blockDownloads"
+	ConditionalAccessCloudAppSecuritySessionControlTypeMcasConfigured     ConditionalAccessCloudAppSecuritySessionControlType = "mcasConfigured"
+	ConditionalAccessCloudAppSecuritySessionControlTypeMonitorOnly        ConditionalAccessCloudAppSecuritySessionControlType = "monitorOnly"
+	ConditionalAccessCloudAppSecuritySessionControlTypeUnknownFutureValue ConditionalAccessCloudAppSecuritySessionControlType = "unknownFutureValue"
+)
+
+type ConditionalAccessDevicePlatform = string
+
+const (
+	ConditionalAccessDevicePlatformAll                ConditionalAccessDevicePlatform = "All"
+	ConditionalAccessDevicePlatformAndroid            ConditionalAccessDevicePlatform = "android"
+	ConditionalAccessDevicePlatformIos                ConditionalAccessDevicePlatform = "iOS"
+	ConditionalAccessDevicePlatformMacOs              ConditionalAccessDevicePlatform = "macOS"
+	ConditionalAccessDevicePlatformUnknownFutureValue ConditionalAccessDevicePlatform = "unknownFutureValue"
+	ConditionalAccessDevicePlatformWindows            ConditionalAccessDevicePlatform = "windows"
+	ConditionalAccessDevicePlatformWindowsPhone       ConditionalAccessDevicePlatform = "windowsPhone"
+)
+
+type ConditionalAccessDeviceStatesInclude = string
+
+const (
+	ConditionalAccessDeviceStatesIncludeAll ConditionalAccessDeviceStatesInclude = "All"
+)
+
+type ConditionalAccessDeviceStatesExclude = string
+
+const (
+	ConditionalAccessDeviceStatesExcludeCompliant    ConditionalAccessDeviceStatesExclude = "Compliant"
+	ConditionalAccessDeviceStatesExcludeDomainJoined ConditionalAccessDeviceStatesExclude = "DomainJoined"
+)
+
+type ConditionalAccessFilterMode = string
+
+const (
+	ConditionalAccessFilterModeExclude ConditionalAccessFilterMode = "exclude"
+	ConditionalAccessFilterModeInclude ConditionalAccessFilterMode = "include"
+)
+
+type ConditionalAccessGrantControl = string
+
+const (
+	ConditionalAccessGrantControlApprovedApplication  ConditionalAccessGrantControl = "approvedApplication"
+	ConditionalAccessGrantControlBlock                ConditionalAccessGrantControl = "block"
+	ConditionalAccessGrantControlCompliantApplication ConditionalAccessGrantControl = "compliantApplication"
+	ConditionalAccessGrantControlCompliantDevice      ConditionalAccessGrantControl = "compliantDevice"
+	ConditionalAccessGrantControlDomainJoinedDevice   ConditionalAccessGrantControl = "domainJoinedDevice"
+	ConditionalAccessGrantControlMfa                  ConditionalAccessGrantControl = "mfa"
+	ConditionalAccessGrantControlPasswordChange       ConditionalAccessGrantControl = "passwordChange"
+	ConditionalAccessGrantControlUnknownFutureValue   ConditionalAccessGrantControl = "unknownFutureValue"
+)
+
 type ConditionalAccessPolicyState = string
 
 const (
@@ -209,6 +274,17 @@ const (
 	ConditionalAccessPolicyStateEnabledForReportingButNotEnforced ConditionalAccessPolicyState = "enabledForReportingButNotEnforced"
 )
 
+type ConditionalAccessRiskLevel = string
+
+const (
+	ConditionalAccessRiskLevelHidden             ConditionalAccessRiskLevel = "hidden"
+	ConditionalAccessRiskLevelHigh               ConditionalAccessRiskLevel = "high"
+	ConditionalAccessRiskLevelLow                ConditionalAccessRiskLevel = "low"
+	ConditionalAccessRiskLevelMedium             ConditionalAccessRiskLevel = "medium"
+	ConditionalAccessRiskLevelNone               ConditionalAccessRiskLevel = "none"
+	ConditionalAccessRiskLevelUnknownFutureValue ConditionalAccessRiskLevel = "unknownFutureValue"
+)
+
 type ExtensionSchemaTargetType = string
 
 const (
@@ -379,6 +455,13 @@ const (
 	PermissionScopeTypeUser  PermissionScopeType = "User"
 )
 
+type PersistentBrowserSessionMode = string
+
+const (
+	PersistentBrowserSessionModeAlways PersistentBrowserSessionMode = "always"
+	PersistentBrowserSessionModeNever  PersistentBrowserSessionMode = "never"
+)
+
 type PreferredSingleSignOnMode = StringNullWhenEmpty
 
 const (