Merge pull request #25584 from microsoftgraph/yrandhawa/app-mgmt-policies

Lauragra · web-flow · commit 5fab228a33f8 · 2024-11-06T18:39:46.000-08:00
[app mgmt policies] update docs for adding restriction state to v1 API
diff --git a/api-reference/beta/resources/keycredentialconfiguration.md b/api-reference/beta/resources/keycredentialconfiguration.md
@@ -19,9 +19,9 @@ Represents a key credential configuration object that contains properties to con
 
 | Property                                    | Type                            | Description |
 | :------------------------------------------ | :------------------------------ | :--------------------------------------------------------------------------------------------------------------------------------------- |
-| certificateBasedApplicationConfigurationIds | String collection            | Collection of GUIDs that represent [certificateBasedApplicationConfiguration](../resources/certificatebasedapplicationconfiguration.md) that is allowed as root and intermediate certificate authorities.|
+| certificateBasedApplicationConfigurationIds | String collection               | Collection of GUIDs that represent [certificateBasedApplicationConfiguration](../resources/certificatebasedapplicationconfiguration.md) that is allowed as root and intermediate certificate authorities.|
 | maxLifetime                                 | Duration                        | String value that indicates the maximum lifetime for key expiration, defined as an ISO 8601 duration. For example, `P4DT12H30M5S` represents four days, 12 hours, 30 minutes, and five seconds. This property is required when **restrictionType** is set to `keyLifetime`.|
-| restrictForAppsCreatedAfterDateTime         | DateTimeOffset                   | Specifies the date from which the policy restriction applies to newly created applications. For existing applications, the enforcement date can be retroactively applied.|
+| restrictForAppsCreatedAfterDateTime         | DateTimeOffset                  | Specifies the date from which the policy restriction applies to newly created applications. For existing applications, the enforcement date can be retroactively applied.|
 | restrictionType                             | appKeyCredentialRestrictionType | The type of restriction being applied. Possible values are `asymmetricKeyLifetime`, and `unknownFutureValue`. Each value of restrictionType can be used only once per policy.|
 | state                                       | appManagementRestrictionState   | String value that indicates if the restriction is evaluated. The possible values are: `enabled`, `disabled`, and `unknownFutureValue`. If `enabled`, the restriction is evaluated. If `disabled`, the restriction isn't evaluated or enforced.|
 
diff --git a/api-reference/v1.0/resources/enums.md b/api-reference/v1.0/resources/enums.md
@@ -99,6 +99,14 @@ Namespace: microsoft.graph
 | additionalStepsRequired |
 | unknownFutureValue |
 
+### appManagementRestrictionState values
+
+| Member |
+| ---- |
+| enabled |
+| disabled |
+| unknownFutureValue |
+
 ### appCredentialRestrictionType values
 
 | Member |
diff --git a/api-reference/v1.0/resources/keycredentialconfiguration.md b/api-reference/v1.0/resources/keycredentialconfiguration.md
@@ -1,6 +1,6 @@
 ---
 title: "keyCredentialConfiguration resource type"
-description: "Key credential configuration complex type to configure key credential restriction, maxLifetime, and enforcement date"
+description: "Represents a key credential configuration object that contains properties to configure application certificate restrictions."
 ms.localizationpriority: medium
 author: "madansr7"
 ms.subservice: "entra-sign-in"
@@ -11,15 +11,16 @@ doc_type: resourcePageType
 
 Namespace: microsoft.graph
 
-Key credential configuration object that contains properties to configure restrictions such as restricting the lifetime of key secrets.
+Represents a key credential configuration object that contains properties to configure application certificate restriction.
 
 ## Properties
 
-| Property                            | Type                                                                               | Description                                                                                                                                                                                                                                                                                   |
-| :---------------------------------- | :--------------------------------------------------------------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| restrictionType                     | appKeyCredentialRestrictionType | The type of restriction being applied. Possible values are `asymmetricKeyLifetime`, `unknownFutureValue`. Each value of restrictionType can be used only once per policy.                                                                                                                        |
-| maxLifetime                         | Duration                        | Value that can be used as the maximum duration in days, hours, minutes, or seconds from the date of key creation, for which the key is valid.  Defined in ISO 8601 format for Durations. For example, `P4DT12H30M5S` represents a duration of four days, twelve hours, thirty minutes, and five seconds. This property is required when **restrictionType** is set to `keyLifetime`. |
-| restrictForAppsCreatedAfterDateTime | DateTimeOffset                  | Timestamp when the policy is enforced for all apps created on or after the specified date. For existing applications, the enforcement date would be back dated. To apply to all applications regardless of their creation date, this property would be `null`. Nullable. |
+| Property                                    | Type                            | Description |
+| :------------------------------------------ | :------------------------------ | :--------------------------------------------------------------------------------------------------------------------------------------- |
+| maxLifetime                                 | Duration                        | String value that indicates the maximum lifetime for key expiration, defined as an ISO 8601 duration. For example, `P4DT12H30M5S` represents four days, 12 hours, 30 minutes, and five seconds. This property is required when **restrictionType** is set to `keyLifetime`.|
+| restrictForAppsCreatedAfterDateTime         | DateTimeOffset                  | Specifies the date from which the policy restriction applies to newly created applications. For existing applications, the enforcement date can be retroactively applied.|
+| restrictionType                             | appKeyCredentialRestrictionType | The type of restriction being applied. Possible values are `asymmetricKeyLifetime`, and `unknownFutureValue`. Each value of restrictionType can be used only once per policy.|
+| state                                       | appManagementRestrictionState   | String value that indicates if the restriction is evaluated. The possible values are: `enabled`, `disabled`, and `unknownFutureValue`. If `enabled`, the restriction is evaluated. If `disabled`, the restriction isn't evaluated or enforced.|
 
 ## Relationships
 
@@ -41,7 +42,10 @@ The following JSON representation shows the resource type.
   "restrictionType": {
     "@odata.type": "microsoft.graph.appKeyCredentialRestrictionType"
   },
-  "maxLifetime": "String (duration)",
-  "restrictForAppsCreatedAfterDateTime": "DateTimeOffset"
+  "state": {
+    "@odata.type": "microsoft.graph.appManagementRestrictionState"
+  },
+  "restrictForAppsCreatedAfterDateTime": "String (DateTime)",
+  "maxLifetime": "String (duration)"
 }
 ```
diff --git a/api-reference/v1.0/resources/passwordcredentialconfiguration.md b/api-reference/v1.0/resources/passwordcredentialconfiguration.md
@@ -15,11 +15,12 @@ Password credential configuration object that contains properties to configure r
 
 ## Properties
 
-| Property                            | Type                         | Description                                                                                                                                                                                                                                                                                                                                                   |
-| :---------------------------------- | :--------------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| restrictionType                     | appCredentialRestrictionType | The type of restriction being applied. The possible values are: `passwordAddition`, `passwordLifetime`, `symmetricKeyAddition`, `symmetricKeyLifetime`,`customPasswordAddition`, `unknownFutureValue`. Each value of restrictionType can be used only once per policy.                                                                                        |
-| maxLifetime                         | Duration                     | Value that can be used as the maximum number for setting password expiration time in days, hours, minutes or seconds. Defined in ISO 8601 format for Durations. For example, "P4DT12H30M5S" represents a duration of four days, twelve hours, thirty minutes, and five seconds. This property is required when restriction type is set to `passwordLifetime`. |
-| restrictForAppsCreatedAfterDateTime | DateTimeOffset               | Enforces the policy for an app created on or after the enforcement date. For existing applications, the enforcement date would be back dated. To apply to all applications, enforcement datetime would be `null`.                                                                                                                                               |
+| Property                                    | Type                            | Description |
+| :------------------------------------------ | :------------------------------ | :--------------------------------------------------------------------------------------------------------------------------------------- |
+| maxLifetime                                 | Duration                        | String value that indicates the maximum lifetime for password expiration, defined as an ISO 8601 duration. For example, `P4DT12H30M5S` represents four days, 12 hours, 30 minutes, and five seconds. This property is required when **restrictionType** is set to `passwordLifetime`.|
+| restrictForAppsCreatedAfterDateTime         | DateTimeOffset                  | Specifies the date from which the policy restriction applies to newly created applications. For existing applications, the enforcement date can be retroactively applied.|
+| restrictionType                             | appCredentialRestrictionType    | The type of restriction being applied. The possible values are: `passwordAddition`, `passwordLifetime`, `symmetricKeyAddition`, `symmetricKeyLifetime`, `customPasswordAddition`, and `unknownFutureValue`. Each value of restrictionType can be used only once per policy.|
+| state                                       | appManagementRestrictionState   | String value that indicates if the restriction is evaluated. The possible values are: `enabled`, `disabled`, and `unknownFutureValue`. If `enabled`, the restriction is evaluated. If `disabled`, the restriction isn't evaluated or enforced.|
 
 ## Relationships
 
@@ -41,7 +42,10 @@ The following JSON representation shows the resource type.
   "restrictionType": {
     "@odata.type": "microsoft.graph.appCredentialRestrictionType"
   },
-  "maxLifetime": "String (duration)",
-  "restrictForAppsCreatedAfterDateTime": "DateTimeOffset"
+  "state": {
+    "@odata.type": "microsoft.graph.appManagementRestrictionState"
+  },
+  "restrictForAppsCreatedAfterDateTime": "String (DateTime)",
+  "maxLifetime": "String (duration)"
 }
 ```
diff --git a/changelog/Microsoft.DirectoryServices.json b/changelog/Microsoft.DirectoryServices.json
@@ -1,16 +1,50 @@
 {
   "changelog": [
     {
-        "ChangeList": [
-            {
-              "Id": "c6f4eb0f-746a-4a71-827e-da8585b89c64",
-              "ApiChange": "Resource",
-              "ChangedApiName": "user",
-              "ChangeType": "Change",
-              "Description": "Changed the following on-prem synced properties of the [user](https://learn.microsoft.com/en-us/graph/api/resources/user?view=graph-rest-beta) resource type that were read-only in Microsoft Graph to be updatable via Microsoft Graph: **onPremisesDistinguishedName**, **onPremisesDomainName**, **onPremisesSamAccountName**, **onPremisesSecurityIdentifier**, **onPremisesUserPrincipalName**.",
-              "Target": "user"
-            }
-          ],
+      "ChangeList": [
+        {
+          "Id": "33b75f19-78a3-418c-9698-d2b60a6af88a",
+          "ApiChange": "Enumeration",
+          "ChangedApiName": "appManagementRestrictionState",
+          "ChangeType": "Addition",
+          "Description": "Added the **appManagementRestrictionState** enumeration type.",
+          "Target": "appManagementRestrictionState"
+        },
+        {
+          "Id": "33b75f19-78a3-418c-9698-d2b60a6af88a",
+          "ApiChange": "Property",
+          "ChangedApiName": "state",
+          "ChangeType": "Addition",
+          "Description": "Added the **state** property to the [keyCredentialConfiguration](https://learn.microsoft.com/en-us/graph/api/resources/keyCredentialConfiguration?view=graph-rest-1.0) resource.",
+          "Target": "keyCredentialConfiguration"
+        },
+        {
+          "Id": "33b75f19-78a3-418c-9698-d2b60a6af88a",
+          "ApiChange": "Property",
+          "ChangedApiName": "state",
+          "ChangeType": "Addition",
+          "Description": "Added the **state** property to the [passwordCredentialConfiguration](https://learn.microsoft.com/en-us/graph/api/resources/passwordCredentialConfiguration?view=graph-rest-1.0) resource.",
+          "Target": "passwordCredentialConfiguration"
+        }
+      ],
+      "Id": "33b75f19-78a3-418c-9698-d2b60a6af88a",
+      "Cloud": "Prod",
+      "Version": "v1.0",
+      "CreatedDateTime": "2024-11-01T22:52:30.5735697Z",
+      "WorkloadArea": "Applications",
+      "SubArea": "Policies"
+    },
+    {
+      "ChangeList": [
+          {
+            "Id": "c6f4eb0f-746a-4a71-827e-da8585b89c64",
+            "ApiChange": "Resource",
+            "ChangedApiName": "user",
+            "ChangeType": "Change",
+            "Description": "Changed the following on-prem synced properties of the [user](https://learn.microsoft.com/en-us/graph/api/resources/user?view=graph-rest-beta) resource type that were read-only in Microsoft Graph to be updatable via Microsoft Graph: **onPremisesDistinguishedName**, **onPremisesDomainName**, **onPremisesSamAccountName**, **onPremisesSecurityIdentifier**, **onPremisesUserPrincipalName**.",
+            "Target": "user"
+          }
+        ],
         "Id": "c6f4eb0f-746a-4a71-827e-da8585b89c64",
         "Cloud": "Prod",
         "Version": "beta",
