Azure Active Directory
This article lists the currently supported Azure Active Directory reports with all of the properties that Syskit Point loads.
Reports
Applications
| Name | Description |
|---|---|
Name | Name of the app. |
Available To Other Tenants | Indicates whether this application is available in other tenants. |
Group Membership Claims | A bitmask that configures the groups claim issued in a user or OAuth 2.0 access token that the application expects. The bitmask values are: 0: None, 1: Security groups and Azure AD roles, 2: Reserved, and 4: Reserved. Setting the bitmask to 7 will get all of the security groups, distribution groups, and Azure AD directory roles that the signed-in user is a member of. |
Homepage | The URL to the application's homepage. |
Identifier Uris | User-defined URI(s) that uniquely identify a Web application within its Azure AD tenant, or within a verified custom domain. |
Known Client Applications | Client applications that are tied to this resource application. |
Logout URL | The logout url for this application. |
Oauth 2 Allow Implicit Flow | Specifies whether this web application can request OAuth2.0 implicit flow tokens. The default is false. |
Oauth 2 Allow Url Path Matching | Specifies whether, as part of OAuth 2.0 token requests, Azure AD will allow path matching of the redirect URI against the application's replyUrls. The default is false. |
Oauth 2 Require Post Response | Set this to true if an Oauth2 post response is required. |
Public Client | Specifies whether this application is a public client (such as an installed application running on a mobile device). Default is false. |
Reply URLs | Specifies the URLs that user tokens are sent to for sign in, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to. |
Saml Metadata Url | The URL to the SAML metadata for the application. |
Group Lifecycle Policy
| Name | Description |
|---|---|
Group Lifetime In Days | The number of days a group can exist before it needs to be renewed. |
Managed Group Types | This property allows the admin to select which office 365 groups the policy will apply to. 'None' will create the policy in a disabled state. 'All' will apply the policy to every Office 365 group in the tenant. 'Selected' will allow the admin to choose specific Office 365 groups that the policy will apply to. |
Alternate Notification Emails | Notification emails for groups that have no owners will be sent to these email addresses. |
Group Naming Policy
| Name | Description |
|---|---|
Prefix Suffix Naming Requirement | Prefixes and suffixes to add to the group name. |
Custom Blocked Words List | Comma delimited list of words that should be blocked from being included in groups' names. |
Group Settings
| Name | Description |
|---|---|
Enable Group Creation | The flag indicating whether Office 365 group creation is allowed in the directory by non-admin users. This setting does not require an Azure Active Directory Premium P1 license. |
Allow Guests To Be Group Owner | Boolean indicating whether or not a guest user can be an owner of groups. |
Allow Guests To Access Groups | Boolean indicating whether or not a guest user can have access to Office 365 groups content. This setting does not require an Azure Active Directory Premium P1 license. |
Guest Usage Guidelines Url | The url of a link to the guest usage guidelines. |
Group Creation Allowed Group Name | Name of the security group for which the members are allowed to create Office 365 groups even when 'Enable Group Creation' == false. |
Allow To Add Guests | A boolean indicating whether or not is allowed to add guests to this directory. |
Usage Guidelines Url | A link to the Group Usage Guidelines. |
Policies
| Name | Description |
|---|---|
Name | DisplayName of the Policy. |
Alternative Identifier | AlternativeIdentifier Policy. |
Definition | Definition of the Policy. |
Is Organization Default | IsOrganizationDefault of the Policy. |
Type | Type of the Policy. |
Role Definitions
| Name | Description |
|---|---|
Name | Specifies a display name for the role definition. |
Description | Specifies a description for the role definition. |
Resource Scopes | Specifies the resource scopes for the role definition. |
Is Enabled | Specifies whether the role definition is enabled. |
Role Permissions | Specifies permissions for the role definition. |
Template Id | Specifies template id for the role definition. |
Version | Specifies version for the role definition. |
Service Principals
| Name | Description |
|---|---|
Name | Displayname of the aad service principal. |
Application ID | The unique identifier for the associated application. |
Object ID | The 'Object ID' of the aad service principal. |
Alternative Names | The atlernative names for this service principal. |
Account Enabled | True if the service principal account is enabled; otherwise, false. |
App Role Assignment Required | Indicates whether an application role assignment is required. |
Error Url | Specifies the error URL of the aad service principal. |
Homepage | Specifies the homepage of the aad service principal. |
Logout Url | Specifies the 'Logout Url' of the aad service principal. |
Publisher Name | Specifies the 'Publisher Name' of the aad service principal. |
Reply Urls | The URLs that user tokens are sent to for sign in with the associated application, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to for the associated application. |
Saml Metadata Url | The URL for the SAML metadata of the aad service principal. |
Service Principal Names | Specifies an array of service principal names. Based on the identifierURIs collection, plus the application's appId property, these URIs are used to reference an application's service principal. |
Service Principal Type | The type of the service principal. |
Tags | Tags linked to this service principal.Note that if you intend for this service principal to show up in the All Applications list in the admin portal, you need to set this value to {WindowsAzureActiveDirectoryIntegratedApp}. |
Tenant Details
| Name | Description |
|---|---|
Marketing Notification Emails | Email-addresses from the people who should receive Marketing Notifications. |
Security Compliance Notification Mails | Email-addresses from the people who should receive Security Compliance Notifications. |
Security Compliance Notification Phones | Phone Numbers from the people who should receive Security Notifications. |
Technical Notification Mails | Email-addresses from the people who should receive Technical Notifications. |
Conditional Access ⯈ Conditional Access Policies
| Name | Description |
|---|---|
Name | DisplayName of the AAD CA Policy. |
State | Specifies the 'State' of the Policy. |
Included Users | Users in scope of the Policy. |
Excluded Users | Users out of scope of the Policy. |
Included Groups | Groups in scope of the Policy. |
Excluded Groups | Groups out of scope of the Policy. |
Included Applications | Cloud Apps in scope of the Policy. |
Excluded Applications | Cloud Apps out of scope of the Policy. |
Included User Actions | User Actions in scope of the Policy. |
Included Roles | AAD Admin Roles in scope of the Policy. |
Excluded Roles | AAD Admin Roles out of scope of the Policy. |
Included Platforms | Client Device Platforms in scope of the Policy. |
Excluded Platforms | Client Device Platforms out of scope of the Policy. |
Included Locations | AAD Named Locations in scope of the Policy. |
Excluded Locations | AAD Named Locations out of scope of the Policy. |
Included Device States | Client Device Compliance states in scope of the Policy. |
Excluded Device States | Client Device Compliance states out of scope of the Policy. |
User Risk Levels | AAD Identity Protection User Risk Levels in scope of the Policy. |
Sign In Risk Levels | AAD Identity Protection Sign-in Risk Levels in scope of the Policy. |
Client App Types | Client App types in scope of the Policy. |
Grant Control Operator | Operator to be used for Grant Controls. |
Built In Controls | List of built-in Grant Controls to be applied by the Policy. |
Application Enforced Restrictions Is Enabled | Specifies, whether Application Enforced Restrictions are enabled in the Policy. |
Cloud App Security Is Enabled | Specifies, whether Cloud App Security is enforced by the Policy. |
Cloud App Security Type | Specifies, what Cloud App Security control is enforced by the Policy. |
Sign In Frequency Value | Sign in frequency time in the given unit to be enforced by the policy. |
Sign In Frequency Type | Sign in frequency unit (days/hours) to be interpreted by the policy. |
Sign In Frequency Is Enabled | Specifies, whether sign-in frequency is enforced by the Policy. |
Persistent Browser Is Enabled | Specifies, whether Browser Persistence is controlled by the Policy. |
Persistent Browser Mode | Specifies, what Browser Persistence control is enforced by the Policy. |
Conditional Access ⯈ Named Locations
| Name | Description |
|---|---|
Name | Specifies the Display Name of a Named Location policy in Azure Active Directory. |
Ip Ranges | Specifies the IP ranges of the Named Location policy in Azure Active Directory. |
Is Trusted | Specifies the isTrusted value for the Named Location policy in Azure Active Directory. |
Countries And Regions | Specifies the countries and regions for the Named Location policy in Azure Active Directory. |
Include Unknown Countries And Regions | Specifies the includeUnknownCountriesAndRegions value for the Named Location policy in Azure Active Directory. |
Odata Type | Specifies the Odata Type of a Named Location policy object in Azure Active Directory. |
Last updated