🔍 Code Extractor

class PolicyRoot

Maturity: 53

PolicyRoot is a resource class that provides access to various Azure Active Directory (Azure AD) policy configurations through navigation properties, acting as a singleton entry point for policy management.

File:
/tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/policies/root.py
Lines:
19 - 153
Complexity:
moderate

Purpose

This class serves as a centralized access point for managing and retrieving different types of Azure AD policies including authentication methods, authorization, conditional access, cross-tenant access, and app management policies. It inherits from Entity and provides property-based access to various policy collections and individual policy objects. The class follows a lazy-loading pattern where policy objects are created on-demand when accessed through properties.

Source Code

class PolicyRoot(Entity):
    """Resource type exposing navigation properties for the policies singleton."""

    @property
    def authentication_methods_policy(self):
        """
        The authentication methods and the users that are allowed to use them to sign in and perform multi-factor
        authentication (MFA) in Azure Active Directory (Azure AD).
        """
        return self.properties.get(
            "authenticationMethodsPolicy",
            AuthenticationMethodsPolicy(
                self.context,
                ResourcePath("authenticationMethodsPolicy", self.resource_path),
            ),
        )

    def authentication_strength_policies(self):
        # type: () -> EntityCollection[AuthenticationStrengthPolicy]
        """
        The authentication method combinations that are to be used in scenarios defined by Azure AD Conditional Access.
        """
        return self.properties.get(
            "authenticationStrengthPolicies",
            EntityCollection(
                self.context,
                AuthenticationStrengthPolicy,
                ResourcePath("authenticationStrengthPolicies", self.resource_path),
            ),
        )

    @property
    def authentication_flows_policy(self):
        """The policy configuration of the self-service sign-up experience of external users."""
        return self.properties.get(
            "authenticationFlowsPolicy",
            AuthenticationFlowsPolicy(
                self.context,
                ResourcePath("authenticationFlowsPolicy", self.resource_path),
            ),
        )

    @property
    def authorization_policy(self):
        """The policy that controls Azure AD authorization settings."""
        return self.properties.get(
            "authorizationPolicy",
            AuthorizationPolicy(
                self.context, ResourcePath("authorizationPolicy", self.resource_path)
            ),
        )

    @property
    def app_management_policies(self):
        # type: () -> EntityCollection[AppManagementPolicy]
        """The policies that enforce app management restrictions for specific applications and service principals,
        overriding the defaultAppManagementPolicy."""
        return self.properties.get(
            "appManagementPolicies",
            EntityCollection(
                self.context,
                AppManagementPolicy,
                ResourcePath("appManagementPolicies", self.resource_path),
            ),
        )

    @property
    def cross_tenant_access_policy(self):
        """
        The custom rules that define an access scenario when interacting with external Azure AD tenants.
        """
        return self.properties.get(
            "crossTenantAccessPolicy",
            CrossTenantAccessPolicy(
                self.context,
                ResourcePath("crossTenantAccessPolicy", self.resource_path),
            ),
        )

    @property
    def default_app_management_policy(self):
        """
        The tenant-wide policy that enforces app management restrictions for all applications and service principals.
        """
        return self.properties.get(
            "defaultAppManagementPolicy",
            TenantAppManagementPolicy(
                self.context,
                ResourcePath("defaultAppManagementPolicy", self.resource_path),
            ),
        )

    @property
    def permission_grant_policies(self):
        # type: () -> EntityCollection[PermissionGrantPolicy]
        """
        The policy that specifies the conditions under which consent can be granted.
        """
        return self.properties.get(
            "permissionGrantPolicies",
            EntityCollection(
                self.context,
                PermissionGrantPolicy,
                ResourcePath("permissionGrantPolicies", self.resource_path),
            ),
        )

    @property
    def conditional_access_policies(self):
        # type: () -> EntityCollection[ConditionalAccessPolicy]
        """The custom rules that define an access scenario"""
        return self.properties.get(
            "conditionalAccessPolicies",
            EntityCollection(
                self.context,
                ConditionalAccessPolicy,
                ResourcePath("conditionalAccessPolicies", self.resource_path),
            ),
        )

    def get_property(self, name, default_value=None):
        if default_value is None:
            property_mapping = {
                "authenticationStrengthPolicies": self.authentication_strength_policies,
                "authenticationFlowsPolicy": self.authentication_flows_policy,
                "appManagementPolicies": self.app_management_policies,
                "authenticationMethodsPolicy": self.authentication_methods_policy,
                "authorizationPolicy": self.authorization_policy,
                "conditional_access_policies": self.conditional_access_policies,
                "crossTenantAccessPolicy": self.cross_tenant_access_policy,
                "defaultAppManagementPolicy": self.default_app_management_policy,
                "permissionGrantPolicies": self.permission_grant_policies,
            }
            default_value = property_mapping.get(name, None)
        return super(PolicyRoot, self).get_property(name, default_value)

Parameters

Name Type Default Kind
bases Entity -

Parameter Details

context: The execution context required by the parent Entity class, typically containing authentication and connection information for Azure AD API calls

resource_path: The ResourcePath object inherited from Entity that defines the API endpoint path for this policy root resource

Return Value

Instantiation returns a PolicyRoot object that provides access to various policy-related resources. Property accessors return either individual policy objects (like AuthenticationMethodsPolicy, AuthorizationPolicy) or EntityCollection objects containing multiple policy instances. The get_property method returns the requested property value or a default value if not found.

Class Interface

Methods

authentication_strength_policies() -> EntityCollection[AuthenticationStrengthPolicy]

Purpose: Returns a collection of authentication method combinations used in Azure AD Conditional Access scenarios

Returns: EntityCollection containing AuthenticationStrengthPolicy objects representing authentication strength policies

get_property(name: str, default_value=None) -> Any

Purpose: Retrieves a property value by name with optional default value, providing dynamic access to policy properties

Parameters:

  • name: The name of the property to retrieve (e.g., 'authorizationPolicy', 'conditionalAccessPolicies')
  • default_value: Optional default value to return if property is not found; if None, uses internal property mapping

Returns: The requested property value (policy object or collection) or the default value if not found

Attributes

Name Type Description Scope
authentication_methods_policy AuthenticationMethodsPolicy The authentication methods and users allowed to use them for sign-in and MFA in Azure AD instance
authentication_flows_policy AuthenticationFlowsPolicy Policy configuration for self-service sign-up experience of external users instance
authorization_policy AuthorizationPolicy Policy controlling Azure AD authorization settings instance
app_management_policies EntityCollection[AppManagementPolicy] Policies enforcing app management restrictions for specific applications and service principals instance
cross_tenant_access_policy CrossTenantAccessPolicy Custom rules defining access scenarios when interacting with external Azure AD tenants instance
default_app_management_policy TenantAppManagementPolicy Tenant-wide policy enforcing app management restrictions for all applications and service principals instance
permission_grant_policies EntityCollection[PermissionGrantPolicy] Policies specifying conditions under which consent can be granted instance
conditional_access_policies EntityCollection[ConditionalAccessPolicy] Custom rules defining access scenarios for conditional access instance

Dependencies

  • office365.directory.policies.app_management
  • office365.directory.policies.authentication_flows
  • office365.directory.policies.authentication_methods
  • office365.directory.policies.authentication_strength
  • office365.directory.policies.authorization
  • office365.directory.policies.conditional_access
  • office365.directory.policies.cross_tenant_access
  • office365.directory.policies.permission_grant
  • office365.directory.policies.tenant_app_management
  • office365.entity
  • office365.entity_collection
  • office365.runtime.paths.resource_path

Required Imports

from office365.directory.policies.app_management import AppManagementPolicy
from office365.directory.policies.authentication_flows import AuthenticationFlowsPolicy
from office365.directory.policies.authentication_methods import AuthenticationMethodsPolicy
from office365.directory.policies.authentication_strength import AuthenticationStrengthPolicy
from office365.directory.policies.authorization import AuthorizationPolicy
from office365.directory.policies.conditional_access import ConditionalAccessPolicy
from office365.directory.policies.cross_tenant_access import CrossTenantAccessPolicy
from office365.directory.policies.permission_grant import PermissionGrantPolicy
from office365.directory.policies.tenant_app_management import TenantAppManagementPolicy
from office365.entity import Entity
from office365.entity_collection import EntityCollection
from office365.runtime.paths.resource_path import ResourcePath

Usage Example

# Assuming you have a configured context object
from office365.directory.policies.policy_root import PolicyRoot
from office365.runtime.paths.resource_path import ResourcePath

# Instantiate PolicyRoot (typically done through a parent client object)
policy_root = PolicyRoot(context, ResourcePath('policies'))

# Access authentication methods policy
auth_methods = policy_root.authentication_methods_policy

# Access conditional access policies collection
conditional_policies = policy_root.conditional_access_policies

# Access authorization policy
auth_policy = policy_root.authorization_policy

# Access cross-tenant access policy
cross_tenant = policy_root.cross_tenant_access_policy

# Use get_property method for dynamic access
app_policies = policy_root.get_property('appManagementPolicies')

Best Practices

  • PolicyRoot is typically instantiated through a parent client object rather than directly, as it requires a properly configured context
  • Properties use lazy loading - policy objects are only created when first accessed, improving performance
  • The class caches property values in self.properties dictionary to avoid recreating objects on subsequent access
  • Use property accessors (e.g., policy_root.authorization_policy) for type-safe access to specific policies
  • Use get_property() method when you need dynamic property access by name
  • Ensure the context object has appropriate Azure AD permissions before accessing policy properties
  • Properties returning EntityCollection (like conditional_access_policies) support iteration and querying operations
  • The class follows the singleton pattern for policy access - there should be one PolicyRoot instance per context
  • Do not modify the properties dictionary directly; use the provided property accessors
  • Some properties return individual policy objects while others return collections - check return types before use

Tags

azure-ad policies authentication authorization conditional-access entity navigation-properties microsoft-graph policy-management singleton lazy-loading

Similar Components

AI-powered semantic similarity - components with related functionality:

  • class AuthorizationPolicy 69.6% similar

    A singleton class representing Azure Active Directory authorization policy settings that control tenant-level authorization behaviors.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/policies/authorization.py

  • class PolicyBase 67.7% similar

    PolicyBase is an abstract base class that represents a policy object in a directory service, providing common functionality for policy types to inherit from.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/policies/base.py

  • class ConditionalAccessRoot 67.2% similar

    ConditionalAccessRoot is an entry point class for the Conditional Access (CA) object model in Microsoft Graph API. It serves as a placeholder entity without any usable properties of its own.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/identities/conditional_access_root.py

  • class AuthenticationMethodsRoot 66.6% similar

    A container class for navigating and accessing Azure AD authentication methods resources, providing access to user registration details and authentication method statistics.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/authentication/methods/root.py

  • class AuditLogRoot 66.3% similar

    A singleton class representing the root of Azure Active Directory audit logs, providing access to directory audits, sign-in logs, and provisioning events.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/audit/log_root.py
← Back to Browse