🔍 Code Extractor

class AuthorizationPolicy

Maturity: 51

A singleton class representing Azure Active Directory authorization policy settings that control tenant-level authorization behaviors.

File:
/tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/policies/authorization.py
Lines:
4 - 15
Complexity:
simple

Purpose

This class provides access to Azure Active Directory authorization policy settings for a tenant. It inherits from PolicyBase and represents a singleton policy object that always exists for the tenant. The class allows querying authorization-related settings such as whether users can join the tenant through email validation. It serves as a read-only interface to tenant authorization configuration.

Source Code

class AuthorizationPolicy(PolicyBase):
    """Represents a policy that can control Azure Active Directory authorization settings.
    It's a singleton that inherits from base policy type, and always exists for the tenant.
    """

    @property
    def allowed_to_sign_up_email_based_subscriptions(self):
        """
        Indicates whether a user can join the tenant by email validation.
        :rtype: bool
        """
        return self.properties.get("allowedToSignUpEmailBasedSubscriptions", None)

Parameters

Name Type Default Kind
bases PolicyBase -

Parameter Details

__init__: The constructor parameters are inherited from PolicyBase. No explicit __init__ is defined in this class, so it uses the parent class constructor which typically accepts context and resource path parameters for Microsoft Graph API interactions.

Return Value

Instantiation returns an AuthorizationPolicy object that represents the tenant's authorization policy. The class provides property accessors that return specific policy settings. The allowed_to_sign_up_email_based_subscriptions property returns a boolean (or None) indicating whether email-based subscription sign-ups are allowed.

Class Interface

Attributes

Name Type Description Scope
allowed_to_sign_up_email_based_subscriptions bool or None Indicates whether a user can join the tenant by email validation. Returns True if email-based subscriptions are allowed, False if not, or None if the property is not set. instance
properties dict Inherited from PolicyBase. Dictionary containing the raw policy properties retrieved from Microsoft Graph API. instance

Dependencies

  • office365

Required Imports

from office365.directory.policies.authorization import AuthorizationPolicy
from office365.directory.policies.base import PolicyBase

Usage Example

from office365.graph_client import GraphClient
from office365.directory.policies.authorization import AuthorizationPolicy

# Initialize Graph client with credentials
client = GraphClient.with_client_secret(tenant_id='your_tenant_id', client_id='your_client_id', client_secret='your_client_secret')

# Get the authorization policy (singleton)
auth_policy = client.policies.authorization_policy.get().execute_query()

# Check if email-based subscriptions are allowed
can_signup = auth_policy.allowed_to_sign_up_email_based_subscriptions
print(f'Email-based sign-up allowed: {can_signup}')

# Access other inherited properties from PolicyBase
print(f'Policy ID: {auth_policy.id}')
print(f'Display Name: {auth_policy.display_name}')

Best Practices

  • This is a singleton class - only one instance exists per tenant, retrieve it rather than creating new instances
  • The class is primarily read-only; use it to query authorization policy settings
  • Always call execute_query() after get() to fetch the actual data from Microsoft Graph API
  • Check for None values when accessing properties as they may not be set in all tenants
  • Ensure proper authentication and permissions (Policy.Read.All minimum) before accessing
  • The class inherits from PolicyBase, so all base class properties and methods are available
  • Properties are lazily loaded from the underlying properties dictionary
  • This represents tenant-wide settings, not user-specific or application-specific policies

Tags

azure-ad authorization policy tenant-settings microsoft-graph singleton directory access-control email-validation sign-up

Similar Components

AI-powered semantic similarity - components with related functionality:

  • class TenantAppManagementPolicy 74.5% similar

    A class representing a tenant-wide application authentication method policy that enforces app management restrictions for all applications and service principals in Microsoft 365/Azure AD.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/policies/tenant_app_management.py

  • class CrossTenantAccessPolicy 70.9% similar

    Represents the base policy in the directory for cross-tenant access settings in Microsoft 365/Azure AD environments.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/policies/cross_tenant_access.py

  • class PolicyRoot 69.6% similar

    PolicyRoot is a resource class that provides access to various Azure Active Directory (Azure AD) policy configurations through navigation properties, acting as a singleton entry point for policy management.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/policies/root.py

  • class AuthenticationStrengthPolicy 67.6% similar

    Represents an Azure AD authentication strength policy that defines specific combinations of authentication methods and metadata for Conditional Access scenarios.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/policies/authentication_strength.py

  • class ConditionalAccessPolicy 66.0% similar

    Represents an Azure Active Directory conditional access policy entity that defines custom rules for access scenarios.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/policies/conditional_access.py
← Back to Browse