Merge pull request #25634 from microsoftgraph/jbzdarkid/ga-auth-flow

Add authenticationFlows CA condition to v1.0 docs

Author: Lauragra

api-reference/v1.0/resources/conditionalaccessauthenticationflows.md

@@ -0,0 +1,38 @@
+---
+title: "conditionalAccessAuthenticationFlows resource type"
+description: "Represents the authentication flows in scope for the policy."
+author: "nickludwig"
+ms.localizationpriority: medium
+ms.subservice: "entra-sign-in"
+doc_type: resourcePageType
+---
+
+# conditionalAccessAuthenticationFlows resource type
+
+Namespace: microsoft.graph
+
+Represents the authentication flows in scope for the policy.
+
+## Properties
+
+|Property|Type|Description|
+|:---|:---|:---|
+|transferMethods|conditionalAccessTransferMethods|Represents the transfer methods in scope for the policy. The possible values are: `none`, `deviceCodeFlow`, `authenticationTransfer`, `unknownFutureValue`.|
+
+## Relationships
+
+None.
+
+## JSON representation
+
+The following JSON representation shows the resource type.
+
+<!-- {
+  "blockType": "resource",
+  "@odata.type": "microsoft.graph.conditionalAccessAuthenticationFlows"
+}-->
+``` json
+{
+  "transferMethods": "String",
+}
+```

api-reference/v1.0/resources/conditionalaccessconditionset.md

@@ -20,8 +20,9 @@ Represents the type of conditions that govern when the policy applies.
 | Property     | Type        | Description |
 |:-------------|:------------|:------------|
 |applications|[conditionalAccessApplications](conditionalaccessapplications.md)| Applications and user actions included in and excluded from the policy. Required. |
+|authenticationFlows|[conditionalAccessAuthenticationFlows](conditionalaccessauthenticationflows.md)| Authentication flows included in the policy scope. |
 |clientApplications|[conditionalAccessClientApplications](../resources/conditionalaccessclientapplications.md)|Client applications (service principals and workload identities) included in and excluded from the policy. Either **users** or **clientApplications** is required. |
-|clientAppTypes|conditionalAccessClientApp collection| Client application types included in the policy. Possible values are: `all`, `browser`, `mobileAppsAndDesktopClients`, `exchangeActiveSync`, `easSupported`, `other`. Required. <br/><br/> The `easUnsupported` enumeration member will be deprecated in favor of `exchangeActiveSync` which includes EAS supported and unsupported platforms.|
+|clientAppTypes|conditionalAccessClientApp collection| Client application types included in the policy. Possible values are: `all`, `browser`, `mobileAppsAndDesktopClients`, `exchangeActiveSync`, `easSupported`, `other`. Required. <br/><br/> The `easUnsupported` enumeration member will be deprecated in favor of `exchangeActiveSync`, which includes EAS supported and unsupported platforms.|
 |devices|[conditionalAccessDevices](conditionalaccessdevices.md)| Devices in the policy. |
 |locations|[conditionalAccessLocations](conditionalaccesslocations.md)| Locations included in and excluded from the policy. |
 |platforms|[conditionalAccessPlatforms](conditionalaccessplatforms.md)| Platforms included in and excluded from the policy. |
@@ -46,7 +47,8 @@ The following JSON representation shows the resource type.
     "devices",
     "locations",
     "platforms",
-    "signInRiskLevels"
+    "signInRiskLevels",
+    "authenticationFlows"
   ],
   "@odata.type": "microsoft.graph.conditionalAccessConditionSet",
   "baseType": null
@@ -65,7 +67,8 @@ The following JSON representation shows the resource type.
   "signInRiskLevels": ["String"],
   "userRiskLevels": ["String"],
   "users": {"@odata.type": "microsoft.graph.conditionalAccessUsers"},
-  "insiderRiskLevels": "String"
+  "insiderRiskLevels": "String",
+  "authenticationFlows": {"@odata.type": "microsoft.graph.conditionalAccessAuthenticationFlows"}
 }
 ```
 

api-reference/v1.0/resources/enums.md

@@ -3404,3 +3404,11 @@ Possible values for user account types (group membership), per Windows definitio
 | all |
 | unknownFutureValue |
 
+### conditionalAccessTransferMethods values
+
+|Member|
+|:---|
+|none|
+|deviceCodeFlow|
+|authenticationTransfer|
+|unknownFutureValue|

changelog/Microsoft.IdentityProtectionServices.json

@@ -1231,6 +1231,40 @@
       "CreatedDateTime": "2024-06-05T23:22:24.8127939Z",
       "WorkloadArea": "Identity and access",
       "SubArea": "Network access"
+    },
+    {
+      "ChangeList": [
+        {
+          "Id": "c1ddba56-7ffe-4bf3-bd1f-f0cfdefaddaf",
+          "ApiChange": "Enumeration",
+          "ChangedApiName": "conditionalAccessTransferMethods",
+          "ChangeType": "Addition",
+          "Description": "Added the **conditionalAccessTransferMethods** enumeration type.",
+          "Target": "conditionalAccessTransferMethods"
+        },
+        {
+          "Id": "c1ddba56-7ffe-4bf3-bd1f-f0cfdefaddaf",
+          "ApiChange": "Resource",
+          "ChangedApiName": "conditionalAccessAuthenticationFlows",
+          "ChangeType": "Addition",
+          "Description": "Added the [conditionalAccessAuthenticationFlows](https://learn.microsoft.com/en-us/graph/api/resources/conditionalAccessAuthenticationFlows?view=graph-rest-1.0) resource.",
+          "Target": "conditionalAccessAuthenticationFlows"
+        },
+        {
+          "Id": "c1ddba56-7ffe-4bf3-bd1f-f0cfdefaddaf",
+          "ApiChange": "Property",
+          "ChangedApiName": "authenticationFlows",
+          "ChangeType": "Addition",
+          "Description": "Added the **authenticationFlows** property to the [conditionalAccessConditionSet](https://learn.microsoft.com/en-us/graph/api/resources/conditionalAccessConditionSet?view=graph-rest-1.0) resource.",
+          "Target": "conditionalAccessConditionSet"
+        }
+      ],
+      "Id": "c1ddba56-7ffe-4bf3-bd1f-f0cfdefaddaf",
+      "Cloud": "Prod",
+      "Version": "v1.0",
+      "CreatedDateTime": "2024-12-03T08:55:37.2663572Z",
+      "WorkloadArea": "Identity and access",
+      "SubArea": "Identity and sign-in"
     }
   ]
 }