Merge branch 'main' into owinfreyATL-EntitlementManagementExamplev1.0

FaithOmbongi · web-flow · commit 07b68f2c593e · 2024-11-26T12:23:08.000+03:00
diff --git a/api-reference/beta/api/accesspackageassignmentresourcerole-get.md b/api-reference/beta/api/accesspackageassignmentresourcerole-get.md
@@ -5,6 +5,7 @@ ms.localizationpriority: medium
 author: "markwahl-msft"
 ms.subservice: "entra-id-governance"
 doc_type: "apiPageType"
+ms.date: 04/05/2024
 ---
 
 # Get accessPackageAssignmentResourceRole
@@ -24,6 +25,8 @@ Choose the permission or permissions marked as least privileged for this API. Us
 <!-- { "blockType": "permissions", "name": "accesspackageassignmentresourcerole_get" } -->
 [!INCLUDE [permissions-table](../includes/permissions/accesspackageassignmentresourcerole-get-permissions.md)]
 
+[!INCLUDE [rbac-entitlement-catalog-reader](../includes/rbac-for-apis/rbac-entitlement-management-catalog-reader-apis-read.md)]
+
 ## HTTP request
 
 <!-- { "blockType": "ignored" } -->
diff --git a/api-reference/beta/api/entitlementmanagement-list-accesspackageassignmentresourceroles.md b/api-reference/beta/api/entitlementmanagement-list-accesspackageassignmentresourceroles.md
@@ -25,6 +25,8 @@ Choose the permission or permissions marked as least privileged for this API. Us
 <!-- { "blockType": "permissions", "name": "entitlementmanagement_list_accesspackageassignmentresourceroles" } -->
 [!INCLUDE [permissions-table](../includes/permissions/entitlementmanagement-list-accesspackageassignmentresourceroles-permissions.md)]
 
+[!INCLUDE [rbac-entitlement-catalog-reader](../includes/rbac-for-apis/rbac-entitlement-management-catalog-reader-apis-read.md)]
+
 ## HTTP request
 
 <!-- { "blockType": "ignored" } -->
diff --git a/api-reference/beta/resources/appmanagementpolicyactorexemptions.md b/api-reference/beta/resources/appmanagementpolicyactorexemptions.md
@@ -0,0 +1,38 @@
+---
+title: "appManagementPolicyActorExemptions resource type"
+description: "Represents a collection of exemptions from the enforcement of identifierUri restrictions on an app management policy."
+author: "yogesh-randhawa"
+ms.localizationpriority: medium
+ms.subservice: "entra-sign-in"
+doc_type: resourcePageType
+ms.date: 11/17/2024
+---
+
+# appManagementPolicyActorExemptions resource type
+
+Namespace: microsoft.graph
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Represents a collection of exemptions from the enforcement of [identifierUri restrictions](../resources/identifierurirestriction.md) on an app management policy.
+
+## Properties
+None.
+
+## Relationships
+|Relationship|Type|Description|
+|:---|:---|:---|
+|customSecurityAttributes|[customSecurityAttributeExemption](../resources/customsecurityattributeexemption.md) collection| The collection of [customSecurityAttributeExemption](../resources/customsecurityattributeexemption.md) to exempt from the policy enforcement. Limit of 5. |
+
+## JSON representation
+The following JSON representation shows the resource type.
+<!-- {
+  "blockType": "resource",
+  "@odata.type": "microsoft.graph.appManagementPolicyActorExemptions"
+}
+-->
+``` json
+{
+  "@odata.type": "#microsoft.graph.appManagementPolicyActorExemptions"
+}
+```
diff --git a/api-reference/beta/resources/customsecurityattributeexemption.md b/api-reference/beta/resources/customsecurityattributeexemption.md
@@ -0,0 +1,62 @@
+---
+title: "customSecurityAttributeExemption resource type"
+description: "Configuration object to configure a custom security attribute exemption for a restriction on application management policies."
+author: "yogesh-randhawa"
+ms.localizationpriority: medium
+ms.subservice: "entra-sign-in"
+doc_type: resourcePageType
+ms.date: 11/17/2024
+---
+
+# customSecurityAttributeExemption resource type
+
+Namespace: microsoft.graph
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Configuration object to configure a custom security attribute exemption for a restriction on application management policies.
+This resource is an abstract type from which the [customSecurityAttributeStringValueExemption](../resources/customSecurityAttributeStringValueExemption.md) derives.
+
+
+Inherits from [entity](../resources/entity.md).
+
+
+## Methods
+None.
+<!-- The direct access methods are not functional in the underlying Service. Excluding them until they are operational.
+
+|Method|Return type|Description|
+|:---|:---|:---|
+|[List](../api/appmanagementpolicyactorexemptions-list-customsecurityattributes.md)|[customSecurityAttributeExemption](../resources/customsecurityattributeexemption.md) collection|Get a list of the [customSecurityAttributeExemption](../resources/customsecurityattributeexemption.md) objects and their properties.|
+|[Create](../api/appmanagementpolicyactorexemptions-post-customsecurityattributes.md)|[customSecurityAttributeExemption](../resources/customsecurityattributeexemption.md)|Create a new [customSecurityAttributeExemption](../resources/customsecurityattributeexemption.md) object.|
+|[Get](../api/customsecurityattributeexemption-get.md)|[customSecurityAttributeExemption](../resources/customsecurityattributeexemption.md)|Read the properties and relationships of a [customSecurityAttributeExemption](../resources/customsecurityattributeexemption.md) object.|
+|[Update](../api/customsecurityattributeexemption-update.md)|[customSecurityAttributeExemption](../resources/customsecurityattributeexemption.md)|Update the properties of a [customSecurityAttributeExemption](../resources/customsecurityattributeexemption.md) object.|
+|[Delete](../api/appmanagementpolicyactorexemptions-delete-customsecurityattributes.md)|None|Delete a [customSecurityAttributeExemption](../resources/customsecurityattributeexemption.md) object.|
+-->
+
+## Properties
+| Property                  | Type                                           | Description                 |
+| :-------------------------| :--------------------------------------------- | :-------------------------- |
+| id                        | String                                         | Unique identifier with combination of the custom security attribute set name and attribute name. For example, `AttributeSetName_AttributeName`. Inherited from [entity](../resources/entity.md). |
+| operator                  | customSecurityAttributeComparisonOperator      | The possible values are: `equals`, `unknownFutureValue`. If `equals`, the customSecurityAttributeExemption value is compared to match the custom security attribute value for the exemption to be applied. The comparison is case sensitive. |
+
+## Relationships
+None.
+
+## JSON representation
+The following JSON representation shows the resource type.
+<!-- {
+  "blockType": "resource",
+  "keyProperty": "id",
+  "@odata.type": "microsoft.graph.customSecurityAttributeExemption",
+  "baseType": "microsoft.graph.entity",
+  "openType": false
+}
+-->
+``` json
+{
+  "@odata.type": "#microsoft.graph.customSecurityAttributeExemption",
+  "id": "String (identifier)",
+  "operator": "String"
+}
+```
diff --git a/api-reference/beta/resources/customsecurityattributestringvalueexemption.md b/api-reference/beta/resources/customsecurityattributestringvalueexemption.md
@@ -0,0 +1,61 @@
+---
+title: "customSecurityAttributeStringValueExemption resource type"
+description: "Configuration object to configure a custom security attribute string value exemption for a restriction on application management policies."
+author: "yogesh-randhawa"
+ms.localizationpriority: medium
+ms.subservice: "entra-sign-in"
+doc_type: resourcePageType
+ms.date: 11/17/2024
+---
+
+# customSecurityAttributeStringValueExemption resource type
+
+Namespace: microsoft.graph
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Configuration object to configure a custom security attribute exemption for a restriction on application management policies.
+
+Inherits from [customSecurityAttributeExemption](../resources/customsecurityattributeexemption.md).
+
+## Methods
+None.
+
+<!-- The direct access methods are not functional in the underlying Service. Excluding them until they are operational.
+
+|Method|Return type|Description|
+|:---|:---|:---|
+|[List](../api/customsecurityattributestringvalueexemption-list.md)|[customSecurityAttributeStringValueExemption](../resources/customsecurityattributestringvalueexemption.md) collection|Get a list of the [customSecurityAttributeStringValueExemption](../resources/customsecurityattributestringvalueexemption.md) objects and their properties.|
+|[Get](../api/customsecurityattributestringvalueexemption-get.md)|[customSecurityAttributeStringValueExemption](../resources/customsecurityattributestringvalueexemption.md)|Read the properties and relationships of a [customSecurityAttributeStringValueExemption](../resources/customsecurityattributestringvalueexemption.md) object.|
+|[Update](../api/customsecurityattributestringvalueexemption-update.md)|[customSecurityAttributeStringValueExemption](../resources/customsecurityattributestringvalueexemption.md)|Update the properties of a [customSecurityAttributeStringValueExemption](../resources/customsecurityattributestringvalueexemption.md) object.|
+|[Delete](../api/customsecurityattributestringvalueexemption-delete.md)|None|Delete a [customSecurityAttributeStringValueExemption](../resources/customsecurityattributestringvalueexemption.md) object.|
+-->
+
+## Properties
+| Property                  | Type                                           | Description                 |
+| :-------------------------| :--------------------------------------------- | :-------------------------- |
+| id                        | string                                         | Unique identifier with combination of the custom security attribute set name and attribute name. , `AttributeSetName_AttributeName`. Inherited from [entity](../resources/entity.md). |
+| operator                  | customSecurityAttributeComparisonOperator      | Inherited from [customSecurityAttributeExemption](../resources/customsecurityattributeexemption.md).The possible values are: `equals`, `unknownFutureValue`. If `equals`, the customSecurityAttributeExemption value is compared to match the custom security attribute value for the exemption to be applied. The comparison is case sensitive. |
+| value                     | string                                         | Value representing custom security attribute value to compare against while evaluating the exemption. |
+
+## Relationships
+None.
+
+## JSON representation
+The following JSON representation shows the resource type.
+<!-- {
+  "blockType": "resource",
+  "keyProperty": "id",
+  "@odata.type": "microsoft.graph.customSecurityAttributeStringValueExemption",
+  "baseType": "microsoft.graph.customSecurityAttributeExemption",
+  "openType": false
+}
+-->
+``` json
+{
+  "@odata.type": "#microsoft.graph.customSecurityAttributeStringValueExemption",
+  "id": "String (identifier)",
+  "operator": "String",
+  "value": "String"
+}
+```
diff --git a/api-reference/beta/resources/enums.md b/api-reference/beta/resources/enums.md
@@ -756,6 +756,13 @@ Namespace: microsoft.graph
 | trustedCertificateAuthority |
 | unknownFutureValue |
 
+### customSecurityAttributeComparisonOperator values 
+
+| Member |
+| ---- |
+| equals |
+| unknownFutureValue |
+
 ### synchronizationSecret values
 
 | Member |
diff --git a/api-reference/beta/resources/identifierurirestriction.md b/api-reference/beta/resources/identifierurirestriction.md
@@ -5,7 +5,7 @@ author: "yogesh-randhawa"
 ms.localizationpriority: medium
 ms.subservice: "entra-sign-in"
 doc_type: resourcePageType
-ms.date: 09/13/2024
+ms.date: 11/17/2024
 ---
 
 # identifierUriRestriction resource type
@@ -19,7 +19,8 @@ Configuration object to configure a restriction for identifier URIs on applicati
 ## Properties
 | Property                                    | Type                            | Description                 |
 | :------------------------------------------ | :------------------------------ | :-------------------------- |
-| excludeAppsReceivingV2Tokens                | Boolean                         | If `true`, the restriction isn't enforced for applications that are configured to receive V2 tokens in Entra ID; else, the restriction isn't enforced for those applications.|
+| excludeActors                | [appManagementPolicyActorExemptions](appmanagementpolicyactorexemptions.md)                         | Collection of custom security attribute exemptions. If an actor user or service principal has the custom security attribute, they're exempted from the restriction. |
+| excludeAppsReceivingV2Tokens                | Boolean                         | If `true`, the restriction isn't enforced for applications that are configured to receive V2 tokens in Microsoft Entra ID; else, the restriction isn't enforced for those applications.|
 | excludeSaml                                 | Boolean                         | If `true`, the restriction isn't enforced for SAML applications in Microsoft Entra ID; else, the restriction is enforced for those applications.|
 | restrictForAppsCreatedAfterDateTime         | String                  | Specifies the date from which the policy restriction applies to newly created applications. For existing applications, the enforcement date can be retroactively applied.|
 | state                                       | appManagementRestrictionState   |  String value that indicates if the restriction is evaluated. The possible values are: `enabled`, `disabled`, and `unknownFutureValue`. If `enabled`, the restriction is evaluated. If `disabled`, the restriction isn't evaluated or enforced.|
@@ -40,7 +41,10 @@ The following JSON representation shows the resource type.
   "state": "String",
   "restrictForAppsCreatedAfterDateTime": "String (timestamp)",
   "excludeAppsReceivingV2Tokens": "Boolean",
-  "excludeSaml": "Boolean"
+  "excludeSaml": "Boolean",
+  "excludeActors": {
+      "@odata.type": "microsoft.graph.appManagementPolicyActorExemptions"
+    }
 }
 ```
 
diff --git a/changelog/Microsoft.DirectoryServices.json b/changelog/Microsoft.DirectoryServices.json
@@ -1,5 +1,47 @@
 {
   "changelog": [
+    {
+      "ChangeList": [
+        {
+          "Id": "ddcf7401-9746-4cdd-8406-15c0e0801925",
+          "ApiChange": "Enumeration",
+          "ChangedApiName": "customSecurityAttributeComparisonOperator",
+          "ChangeType": "Addition",
+          "Description": "Added the **customSecurityAttributeComparisonOperator** enumeration type.",
+          "Target": "customSecurityAttributeComparisonOperator"
+        },
+        {
+          "Id": "ddcf7401-9746-4cdd-8406-15c0e0801925",
+          "ApiChange": "Property",
+          "ChangedApiName": "excludeActors",
+          "ChangeType": "Addition",
+          "Description": "Added the **excludeActors** property to the [identifierUriRestriction](https://learn.microsoft.com/en-us/graph/api/resources/identifierUriRestriction?view=graph-rest-beta) resource.",
+          "Target": "identifierUriRestriction"
+        },
+        {
+          "Id": "ddcf7401-9746-4cdd-8406-15c0e0801925",
+          "ApiChange": "Resource",
+          "ChangedApiName": "customSecurityAttributeExemption",
+          "ChangeType": "Addition",
+          "Description": "Added the [customSecurityAttributeExemption](https://learn.microsoft.com/en-us/graph/api/resources/customSecurityAttributeExemption?view=graph-rest-beta) resource.",
+          "Target": "customSecurityAttributeExemption"
+        },
+        {
+          "Id": "ddcf7401-9746-4cdd-8406-15c0e0801925",
+          "ApiChange": "Resource",
+          "ChangedApiName": "customSecurityAttributeStringValueExemption",
+          "ChangeType": "Addition",
+          "Description": "Added the [customSecurityAttributeStringValueExemption](https://learn.microsoft.com/en-us/graph/api/resources/customSecurityAttributeStringValueExemption?view=graph-rest-beta) resource.",
+          "Target": "customSecurityAttributeStringValueExemption"
+        }
+      ],
+      "Id": "ddcf7401-9746-4cdd-8406-15c0e0801925",
+      "Cloud": "Prod",
+      "Version": "beta",
+      "CreatedDateTime": "2024-10-04T14:28:39.9651197Z",
+      "WorkloadArea": "Applications",
+      "SubArea": ""
+    },
     {
       "ChangeList": [
         {
