@@ -1215,6 +1215,8 @@ microsoft.policies {
12151215 activityBasedTimeoutPolicies() []microsoft.policies.activityBasedTimeoutPolicy
12161216 // Tenant-wide policy that controls whether external users can leave a tenant
12171217 externalIdentitiesPolicy() microsoft.policies.externalIdentitiesPolicy
1218+ // Default configuration of cross-tenant access policy
1219+ crossTenantAccessPolicy() microsoft.policies.crossTenantAccessPolicyDefault
12181220}
12191221
12201222// Tenant-wide policy that controls whether external users can leave a tenant via self-service controls
@@ -1295,6 +1297,78 @@ private microsoft.policies.authenticationMethodConfiguration @defaults("state")
12951297 excludeTargets []dict
12961298}
12971299
1300+ // Default configuration of cross-tenant access policy
1301+ private microsoft.policies.crossTenantAccessPolicyDefault @defaults("isServiceDefault automaticUserConsentSettings inboundTrust") {
1302+ // True if the default configuration is inherited from the service default. False if the default configuration has been customized.
1303+ isServiceDefault bool
1304+ // Determines the default configuration for automatic user consent settings. Controls if users consent automatically to apps on behalf of users in other tenants.
1305+ automaticUserConsentSettings() microsoft.policies.crossTenantAccessPolicyDefault.automaticUserConsentSettings
1306+ // Defines your default configuration for users from other organizations accessing your resources via Microsoft Entra B2B collaboration.
1307+ b2bCollaborationInbound() microsoft.policies.crossTenantAccessPolicyDefault.b2bSetting
1308+ // Defines your default configuration for users in your organization going outbound to access other organizations via Microsoft Entra B2B collaboration.
1309+ b2bCollaborationOutbound() microsoft.policies.crossTenantAccessPolicyDefault.b2bSetting
1310+ // Defines your default configuration for users from other organizations accessing your resources via Azure AD B2B direct connect.
1311+ b2bDirectConnectInbound() microsoft.policies.crossTenantAccessPolicyDefault.b2bSetting
1312+ // Defines your default configuration for users in your organization going outbound to access other organizations via Azure AD B2B direct connect.
1313+ b2bDirectConnectOutbound() microsoft.policies.crossTenantAccessPolicyDefault.b2bSetting
1314+ // Specifies the default configuration for invitation redemption for external users in your organization.
1315+ invitationRedemptionIdentityProviderConfiguration() microsoft.policies.crossTenantAccessPolicyDefault.invitationRedemptionIdentityProviderConfiguration
1316+ // Defines if MFA, compliant devices, and hybrid Azure AD joined devices from external tenants are accepted.
1317+ inboundTrust() microsoft.policies.crossTenantAccessPolicyDefault.inboundTrust
1318+ // Defines the default configuration for tenant restrictions settings.
1319+ tenantRestrictions() microsoft.policies.crossTenantAccessPolicyDefault.b2bSetting
1320+ }
1321+
1322+ // Automatic user consent settings for cross-tenant access policy
1323+ private microsoft.policies.crossTenantAccessPolicyDefault.automaticUserConsentSettings @defaults("inboundAllowed outboundAllowed") {
1324+ // if automatic consent for inbound collaboration is enabled.
1325+ inboundAllowed bool
1326+ // if automatic consent for outbound collaboration is enabled.
1327+ outboundAllowed bool
1328+ }
1329+
1330+ // B2B setting for cross-tenant access policy (used for collaboration, direct connect, and tenant restrictions)
1331+ private microsoft.policies.crossTenantAccessPolicyDefault.b2bSetting @defaults("usersAndGroups applications") {
1332+ // Defines the default configuration for users and groups.
1333+ usersAndGroups() microsoft.policies.crossTenantAccessPolicyDefault.b2bSetting.targetConfig
1334+ // Defines the default configuration for applications.
1335+ applications() microsoft.policies.crossTenantAccessPolicyDefault.b2bSetting.targetConfig
1336+ }
1337+
1338+ // Users and groups configuration for B2B settings
1339+ private microsoft.policies.crossTenantAccessPolicyDefault.b2bSetting.targetConfig @defaults("accessType targets") {
1340+ // The type of access. Possible values are: blocked, allowed.
1341+ accessType string
1342+ // The targets of the policy configuration.
1343+ targets []microsoft.policies.crossTenantAccessPolicyDefault.b2bSetting.target
1344+ }
1345+
1346+ // Target for B2B setting configuration
1347+ private microsoft.policies.crossTenantAccessPolicyDefault.b2bSetting.target @defaults("target targetType") {
1348+ // The unique identifier for the target.
1349+ target string
1350+ // The type of target. Possible values are: user, application.
1351+ targetType string
1352+ }
1353+
1354+ // Inbound trust settings for cross-tenant access policy
1355+ private microsoft.policies.crossTenantAccessPolicyDefault.inboundTrust @defaults("isMfaAccepted isCompliantDeviceAccepted isHybridAzureADJoinedDeviceAccepted") {
1356+ // If true, MFA from external tenants is accepted.
1357+ isMfaAccepted bool
1358+ // If true, compliant devices from external tenants are accepted.
1359+ isCompliantDeviceAccepted bool
1360+ // If true, hybrid Azure AD joined devices from external tenants are accepted.
1361+ isHybridAzureADJoinedDeviceAccepted bool
1362+ }
1363+
1364+ // Invitation redemption identity provider configuration
1365+ private microsoft.policies.crossTenantAccessPolicyDefault.invitationRedemptionIdentityProviderConfiguration @defaults("fallbackIdentityProvider primaryIdentityProviderPrecedenceOrder") {
1366+ // Specifies an identity provider for invitations when no precedence order is provided.
1367+ fallbackIdentityProvider string
1368+ // Specifies the precedence order for identity providers.
1369+ primaryIdentityProviderPrecedenceOrder []string
1370+ }
1371+
12981372// List of Microsoft Entra role definitions with optional filters
12991373microsoft.roles {
13001374 []microsoft.rolemanagement.roledefinition
0 commit comments