Merge pull request #7384 from abhishekkp09/security-defaults-api-docs

Add documentation for Azure AD security defaults API

api-reference/beta/api/identitysecuritydefaultsenforcementpolicy-get.md

@@ -0,0 +1,101 @@
+---
+title: "Get identitySecurityDefaultsEnforcementPolicy"
+description: "Retrieve the properties and relationships of identitysecuritydefaultsenforcementpolicy object."
+localization_priority: Normal
+author: "davidmu1"
+ms.prod: "microsoft-identity-platform"
+doc_type: apiPageType
+---
+
+# Get identitySecurityDefaultsEnforcementPolicy
+
+Namespace: microsoft.graph
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Retrieve the properties of an [identitySecurityDefaultsEnforcementPolicy](../resources/identitysecuritydefaultsenforcementpolicy.md) object.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+| Permission type                        | Permissions (from least to most privileged) |
+|:---------------------------------------|:--------------------------------------------|
+| Delegated (work or school account)     | Policy.Read.All |
+| Delegated (personal Microsoft account) | Not supported. |
+| Application                            | Policy.Read.All |
+
+## HTTP request
+
+<!-- { "blockType": "ignored" } -->
+
+```http
+GET /policies/identitySecurityDefaultsEnforcementPolicy
+```
+
+## Optional query parameters
+
+This method supports the `select` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+
+| Name      |Description|
+|:----------|:----------|
+| Authorization | Bearer {token}. Required. |
+
+## Request body
+
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and the requested [identitySecurityDefaultsEnforcementPolicy](../resources/identitysecuritydefaultsenforcementpolicy.md) object in the response body.
+
+## Examples
+
+### Request
+
+The following is an example of the request.
+<!-- {
+  "blockType": "request",
+  "name": "get_identitysecuritydefaultsenforcementpolicy"
+}-->
+
+```http
+GET https://graph.microsoft.com/beta/policies/identitySecurityDefaultsEnforcementPolicy
+```
+
+### Response
+
+The following is an example of the response.
+
+> **Note:** The response object shown here might be shortened for readability. All the properties will be returned from an actual call.
+
+<!-- {
+  "blockType": "response",
+  "truncated": true,
+  "@odata.type": "microsoft.graph.identitySecurityDefaultsEnforcementPolicy"
+} -->
+
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+  "@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/identitySecurityDefaultsEnforcementPolicy",
+  "description": "Security defaults is a set of basic identity security mechanisms recommended by Microsoft. When enabled, these recommendations will be automatically enforced in your organization. Administrators and users will be better protected from common identity related attacks.",
+  "displayName": "Security Defaults",
+  "id": "00000000-0000-0000-0000-000000000005",
+  "isEnabled": true
+}
+```
+
+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98
+2019-02-04 14:57:30 UTC -->
+<!-- {
+  "type": "#page.annotation",
+  "description": "Get identitySecurityDefaultsEnforcementPolicy",
+  "keywords": "",
+  "section": "documentation",
+  "tocPath": ""
+}-->

api-reference/beta/api/identitysecuritydefaultsenforcementpolicy-update.md

@@ -0,0 +1,96 @@
+---
+title: "Update identitySecurityDefaultsEnforcementPolicy"
+description: "Update the properties of an identitySecurityDefaultsEnforcementPolicy object."
+localization_priority: Normal
+author: "davidmu1"
+ms.prod: "microsoft-identity-platform"
+doc_type: apiPageType
+---
+
+# Update identitySecurityDefaultsEnforcementPolicy
+
+Namespace: microsoft.graph
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Update the properties of an [identitySecurityDefaultsEnforcementPolicy](../resources/identitysecuritydefaultsenforcementpolicy.md) object.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+| Permission type                        | Permissions (from least to most privileged) |
+|:---------------------------------------|:--------------------------------------------|
+| Delegated (work or school account)     | Policy.Readwrite.ConditionalAccess |
+| Delegated (personal Microsoft account) | Not supported. |
+| Application                            | Policy.Readwrite.ConditionalAccess |
+
+## HTTP request
+
+<!-- { "blockType": "ignored" } -->
+
+```http
+PATCH /policies/identitySecurityDefaultsEnforcementPolicy
+```
+
+## Request headers
+
+| Name       | Description|
+|:-----------|:-----------|
+| Authorization | Bearer {token}. Required. |
+| Content-type | application/json. Required. |
+
+## Request body
+
+In the request body, supply the values for relevant fields that should be updated. Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values. For best performance, don't include existing values that haven't changed.
+
+| Property     | Type        | Description |
+|:-------------|:------------|:------------|
+|isEnabled|Boolean|If set to true, Azure Active Directory security defaults is enabled for the tenant.|
+
+## Response
+
+If successful, this method returns a `204 No Content` response code. It does not return anything in the response body.
+
+## Examples
+
+### Request
+
+The following is an example of the request.
+<!-- {
+  "blockType": "request",
+  "name": "update_identitysecuritydefaultsenforcementpolicy"
+}-->
+
+```http
+PATCH https://graph.microsoft.com/beta/policies/identitySecurityDefaultsEnforcementPolicy
+Content-type: application/json
+
+{
+  "isEnabled": false
+}
+```
+
+### Response
+
+The following is an example of the response.
+
+<!-- {
+  "blockType": "response",
+  "truncated": true,
+  "@odata.type": "microsoft.graph.identitySecurityDefaultsEnforcementPolicy"
+} -->
+
+```http
+HTTP/1.1 204 No Content
+```
+
+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98
+2019-02-04 14:57:30 UTC -->
+<!-- {
+  "type": "#page.annotation",
+  "description": "Update identitysecuritydefaultsenforcementpolicy",
+  "keywords": "",
+  "section": "documentation",
+  "tocPath": ""
+}-->

api-reference/beta/resources/identitysecuritydefaultsenforcementpolicy.md

@@ -0,0 +1,71 @@
+---
+title: "identitySecurityDefaultsEnforcementPolicy resource type"
+description: "Represents the Azure Active Directory security defaults policy. Security defaults contain preconfigured security settings that protect against common attacks."
+localization_priority: Normal
+author: "davidmu1"
+ms.prod: "microsoft-identity-platform"
+doc_type: apiPageType
+---
+
+# identitySecurityDefaultsEnforcementPolicy resource type
+
+Namespace: microsoft.graph
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Represents the Azure Active Directory [security defaults](https://docs.microsoft.com/azure/active-directory/fundamentals/concept-fundamentals-security-defaults) policy. Security defaults contain preconfigured security settings that protect against common attacks.
+
+Inherits from [policyBase](../resources/policybase.md).
+
+## Methods
+
+| Method       | Return Type | Description |
+|:-------------|:------------|:------------|
+| [Get](../api/identitysecuritydefaultsenforcementpolicy-get.md) | [identitySecurityDefaultsEnforcementPolicy](identitysecuritydefaultsenforcementpolicy.md) | Read the properties of an **identitySecurityDefaultsEnforcementPolicy** object. |
+| [Update](../api/identitysecuritydefaultsenforcementpolicy-update.md) | [identitySecurityDefaultsEnforcementPolicy](identitysecuritydefaultsenforcementpolicy.md) | Update an **identitySecurityDefaultsEnforcementPolicy** object. |
+
+## Properties
+
+| Property     | Type        | Description |
+|:-------------|:------------|:------------|
+|description|String|Description for this policy. Read-only.|
+|displayName|String|Display name for this policy. Read-only.|
+|id|String|Identifier for this policy. Read-only.|
+|isEnabled|Boolean|If set to true, Azure Active Directory security defaults is enabled for the tenant.|
+
+## Relationships
+
+None.
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+
+<!-- {
+  "blockType": "resource",
+  "optionalProperties": [
+
+  ],
+  "@odata.type": "microsoft.graph.identitySecurityDefaultsEnforcementPolicy",
+  "baseType": "",
+  "keyProperty": "id"
+}-->
+
+```json
+{
+  "description": "String",
+  "displayName": "String",
+  "id": "String (identifier)",
+  "isEnabled": true
+}
+```
+
+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98
+2019-02-04 14:57:30 UTC -->
+<!-- {
+  "type": "#page.annotation",
+  "description": "identitySecurityDefaultsEnforcementPolicy resource",
+  "keywords": "",
+  "section": "documentation",
+  "tocPath": ""
+}-->

api-reference/beta/resources/policy-overview.md

@@ -24,6 +24,7 @@ Azure Active Directory (Azure AD) uses policies to control Azure AD feature beha
 |[homeRealmDiscoveryPolicies](homeRealmDiscoveryPolicy.md)| Represents a policy to control Azure Active Directory authentication behavior for federated users, in particular for auto-acceleration and user authentication restrictions in federated domains.| Configure all users to skip home realm discovery and be routed directly to ADFS for authentication. |
 |[tokenLifetimePolicies](tokenlifetimepolicy.md)|Represents the lifetime duration of access tokens used to access protected resources.| Configure a particularly sensitive application with a shorter than default token lifetime.|
 |[tokenIssuancePolicy](tokenIssuancePolicy.md)|Represents the policy to specify the characteristics of SAML tokens issued by Azure AD.| Configure the signing algorithm or SAML token version to be used to issue the SAML token.
+|[identitySecurityDefaultsEnforcementPolicy](identitysecuritydefaultsenforcementpolicy.md)|Represents the Azure AD security defaults policy.| Configure the Azure AD security defaults policy to protect against common attacks.
 
 ## Next steps
 

api-reference/beta/toc.yml

@@ -9229,6 +9229,13 @@
             href: api/tokenlifetimepolicy-delete.md
           - name: List applied to applications
             href: api/tokenlifetimepolicy-list-appliesto.md
+        - name: Security defaults policy
+          href: resources/identitysecuritydefaultsenforcementpolicy.md
+          items:
+          - name: Get
+            href: api/identitysecuritydefaultsenforcementpolicy-get.md
+          - name: Update
+            href: api/identitysecuritydefaultsenforcementpolicy-update.md
       - name: Privileged Identity Management
         items:
         - name: Privileged Identity Management

concepts/changelog.md

@@ -67,6 +67,7 @@ For details about known issues with Microsoft Graph APIs, see [Known issues](kno
 | Addition | v1.0 | Added new user permission [User.ManageIdentities.All](/graph/permissions-reference#user-permissions).|
 | Addition | beta | Added the PrivilegedAccess.Read.AzureResources application permission for [Privileged Identity Management - Azure resources](/graph/api/resources/privilegedidentitymanagement-resources?view=graph-rest-beta).|
 | Addition | beta | Added the [Auditlogs.Read.All](/graph/permissions-reference#user-permissions) permission for listing the sign-in activity of a user.|
+| Addition | beta | Added the [identitySecurityDefaultsEnforcementPolicy API](/graph/api/resources/identitysecuritydefaultsenforcementpolicy?view=graph-rest-beta), which represents Azure Active Directory security defaults policy.|
 
 ### Reports | Office 365 usage reports