Last active
December 28, 2023 04:55
-
-
Save craftyshaun/55cf1459d708365b541a12d7243b6fc4 to your computer and use it in GitHub Desktop.
Policy 6a Rule
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resource "azuread_conditional_access_policy" "ca-policy-06a" { | |
| display_name = "06a High risk service Session Timeouts [TF]" | |
| state = "enabled" | |
| conditions { | |
| client_app_types = [ | |
| "all", | |
| ] | |
| sign_in_risk_levels = [] | |
| user_risk_levels = [] | |
| applications { | |
| excluded_applications = [] | |
| included_applications = [ | |
| var.app_aws_sso_xxxx, | |
| var.app_aws_sso_xxxx, | |
| var.app_aws_sso_xxxx, | |
| var.app_microsoft_aazure_management, | |
| var.app_azure_ad_identity_governance | |
| ] | |
| } | |
| users { | |
| excluded_groups = [ | |
| # This differes from 6 (above) as the only exclusions to this | |
| # policy are the two admins and changes MUST be managed by TF | |
| ], | |
| excluded_roles = [] | |
| excluded_users = [ | |
| "GuestsOrExternalUsers", | |
| var.user_bob_adm, | |
| var.user_sam_adm, | |
| ] | |
| included_groups = [] | |
| included_roles = [] | |
| included_users = [ | |
| "All", | |
| ] | |
| } | |
| } | |
| grant_controls { | |
| built_in_controls = [ | |
| "mfa", | |
| ] | |
| custom_authentication_factors = [] | |
| operator = "AND" | |
| terms_of_use = [] | |
| } | |
| session_controls { | |
| application_enforced_restrictions_enabled = false | |
| sign_in_frequency = 1 | |
| sign_in_frequency_period = "days" | |
| } | |
| timeouts {} | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment