🔍 Code Extractor

class CrossTenantAccessPolicy

Maturity: 47

Represents the base policy in the directory for cross-tenant access settings in Microsoft 365/Azure AD environments.

File:
/tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/policies/cross_tenant_access.py
Lines:
5 - 15
Complexity:
moderate

Purpose

This class manages cross-tenant access policies that control collaboration between different Microsoft cloud tenants. It extends PolicyBase to provide specific functionality for configuring which Microsoft cloud endpoints an organization can collaborate with, enabling secure cross-tenant access scenarios in multi-cloud Microsoft environments.

Source Code

class CrossTenantAccessPolicy(PolicyBase):
    """Represents the base policy in the directory for cross-tenant access settings."""

    @property
    def allowed_cloud_endpoints(self):
        """
        Used to specify which Microsoft clouds an organization would like to collaborate with. By default, this value
        is empty. Supported values for this field are: microsoftonline.com, microsoftonline.us,
        and partner.microsoftonline.cn.
        """
        return self.properties.get("allowedCloudEndpoints", StringCollection())

Parameters

Name Type Default Kind
bases PolicyBase -

Parameter Details

__init__: Inherits constructor from PolicyBase. The exact parameters depend on the parent class implementation, but typically includes policy configuration data and connection context for Microsoft Graph API interactions.

Return Value

Instantiation returns a CrossTenantAccessPolicy object that provides access to cross-tenant policy settings. The allowed_cloud_endpoints property returns a StringCollection containing the list of permitted Microsoft cloud endpoints for collaboration.

Class Interface

Methods

@property allowed_cloud_endpoints(self) -> StringCollection property

Purpose: Retrieves the list of Microsoft cloud endpoints that the organization is allowed to collaborate with for cross-tenant access

Returns: StringCollection containing allowed Microsoft cloud endpoints. Returns empty collection if not configured. Possible values include 'microsoftonline.com', 'microsoftonline.us', and 'partner.microsoftonline.cn'

Attributes

Name Type Description Scope
properties dict Inherited from PolicyBase. Dictionary containing the policy configuration data, including the 'allowedCloudEndpoints' key instance

Dependencies

  • office365

Required Imports

from office365.directory.policies.base import PolicyBase
from office365.runtime.types.collections import StringCollection

Usage Example

# Assuming you have an authenticated Office 365 client context
from office365.directory.policies.cross_tenant_access import CrossTenantAccessPolicy

# Instantiate through the Office 365 client (typical usage pattern)
# policy = client.policies.cross_tenant_access_policy.get().execute_query()

# Access allowed cloud endpoints
allowed_endpoints = policy.allowed_cloud_endpoints
for endpoint in allowed_endpoints:
    print(f"Allowed endpoint: {endpoint}")

# The property returns endpoints like:
# - microsoftonline.com (commercial cloud)
# - microsoftonline.us (US Government cloud)
# - partner.microsoftonline.cn (China cloud)

Best Practices

  • This class is typically instantiated through the Office 365 client context rather than directly, as it requires proper authentication and API connection setup
  • The allowed_cloud_endpoints property is read-only and retrieves data from the underlying properties dictionary
  • Always ensure proper permissions are granted before attempting to access or modify cross-tenant policies
  • The class inherits from PolicyBase, so all base policy methods and properties are available
  • Handle cases where allowedCloudEndpoints might not be set in the properties dictionary (returns empty StringCollection by default)
  • Supported cloud endpoints are limited to: microsoftonline.com, microsoftonline.us, and partner.microsoftonline.cn
  • Changes to cross-tenant policies may require additional API calls to persist, depending on the parent class implementation

Tags

azure-ad cross-tenant policy microsoft-365 cloud-collaboration access-control multi-tenant directory-policy

Similar Components

AI-powered semantic similarity - components with related functionality:

  • class TenantAppManagementPolicy 71.8% similar

    A class representing a tenant-wide application authentication method policy that enforces app management restrictions for all applications and service principals in Microsoft 365/Azure AD.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/policies/tenant_app_management.py

  • class AuthorizationPolicy 70.9% similar

    A singleton class representing Azure Active Directory authorization policy settings that control tenant-level authorization behaviors.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/policies/authorization.py

  • class ConditionalAccessPolicy 67.6% similar

    Represents an Azure Active Directory conditional access policy entity that defines custom rules for access scenarios.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/policies/conditional_access.py

  • class PolicyRoot 65.5% similar

    PolicyRoot is a resource class that provides access to various Azure Active Directory (Azure AD) policy configurations through navigation properties, acting as a singleton entry point for policy management.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/policies/root.py

  • class PolicyBase 64.1% similar

    PolicyBase is an abstract base class that represents a policy object in a directory service, providing common functionality for policy types to inherit from.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/policies/base.py
← Back to Browse