onPremisesConditionalAccessSettings resource type

Important: APIs under the /beta version in Microsoft Graph are in preview and are subject to change. Use of these APIs in production applications is not supported.

Note: Using the Microsoft Graph APIs to configure Intune controls and policies still requires that the Intune service is correctly licensed by the customer.

Singleton entity which represents the Exchange OnPremises Conditional Access Settings for a tenant.


Method Return Type Description
Get onPremisesConditionalAccessSettings onPremisesConditionalAccessSettings Read properties and relationships of the onPremisesConditionalAccessSettings object.
Update onPremisesConditionalAccessSettings onPremisesConditionalAccessSettings Update the properties of a onPremisesConditionalAccessSettings object.


Property Type Description
id String Not yet documented
enabled Boolean Indicates if on premises conditional access is enabled for this organization
includedGroups Guid collection User groups that will be targeted by on premises conditional access. All users in these groups will be required to have mobile device managed and compliant for mail access.
excludedGroups Guid collection User groups that will be exempt by on premises conditional access. All users in these groups will be exempt from the conditional access policy.
overrideDefaultRule Boolean Override the default access rule when allowing a device to ensure access is granted.



JSON Representation

Here is a JSON representation of the resource.

  "@odata.type": "#microsoft.graph.onPremisesConditionalAccessSettings",
  "id": "String (identifier)",
  "enabled": true,
  "includedGroups": [
    "<Unknown Primitive Type Edm.Guid>"
  "excludedGroups": [
    "<Unknown Primitive Type Edm.Guid>"
  "overrideDefaultRule": true