Netskope

Office 365 Entities supported in DSL

Data

Endpoint

Identity

Management

Security

Attribute Type Description
AdminAuditLogEnabled boolean Indicate whether the audit log is enabled.
UnifiedAuditLogIngestionEnabled boolean Indicate whether the audit log search is turned on.
Attribute Type Description
Name string Name of the AntiPhish policy, e.g. "Office365 AntiPhish Default".
EnableSpoofIntelligence boolean "True" if "Spoof Intelligence" is enabled.
EnableUnauthenticatedSender boolean "True" if Unauthenticated Sender Identification is enabled. (https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-anti-phishing-policies?view=o365-worldwide#unauthenticated-sender)
EnableViaTag boolean If "True", the "Via Tag" will be applied to certain email messages. See https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-anti-phishing-policies?view=o365-worldwide#unauthenticated-sender for more details.
AuthenticationFailAction string When an incoming email message's sender fails authentication, this setting describes the possible default actions that will take place. Possible values are "MoveToJmf" (Moves the email to the junk folder), "Quarantine" (Moves the email to quarantine).
Attribute Type Description
isDefault boolean True if this is the default sharing policy.
name string Name of the sharing policy.
sharingEnabled boolean The "enabled" setting from the PowerShell command. If "False", no calendar sharing is allowed with users outside of the O365 organization.
domains list List of domains and what kind of calendar details can be shared with them.
 domain string Possible values are "*" (represents users outside of the o365 organization who have an o365 account), "Anonymous" (represents users outside of the o365 organization who do not have an o365 account).
 sharingAllowedDetails string Possible values are "CalendarSharingFreeBusySimple" (share free/busy hours only), "CalendarSharingFreeBusyDetail" (share free/busy hours, subject, and location), "CalendarSharingFreeBusyReviewer" (share free/busy hours, subject, location, and the body of the message or calendar item), "ContactsSharing" (share contacts only).
Attribute Type Description
id string Specifies the identifier of a conditionalAccessPolicy object.
state boolean Specifies the state of the conditionalAccessPolicy object. Possible values are "enabled", "disabled", "enabledForReportingButNotEnforced".
conditions sequence Specifies the rules that must be met for the policy to apply.
 clientAppTypes list Client application types included in the policy. Possible values are "all", "browser", "mobileAppsAndDesktopClients", "exchangeActiveSync", "easSupported", "other".
 users sequence Users, groups, and roles included in and excluded from the policy.
  includeUsers list A list of user IDs in the scope of the policy (unless the user ID explicitly excluded, i.e. the user ID is in the "excludeUsers" list), or one of "None", "All", or "GuestsOrExternalUsers", .
  excludeUsers list A list of user IDs excluded from the scope of the policy and/or "GuestsOrExternalUsers".
  includeGroups list A list of group IDs in the scope of the policy (unless the group ID is explicitly excluded, i.e. the group ID is in the "excludeGroups" list), or "All".
  excludeGroups list Group IDs excluded from scope of policy.
  includeRoles list A list of role IDs in scope of policy (unless explicitly excluded, i.e. the role ID is in the "excludeRoles" list), or "All".
  excludeRoles list Role IDs excluded from scope of policy.
grantControls sequence Specifies the grant controls that must be fulfilled to pass the policy.
 builtInControls list List of values of built-in controls required by the policy. Possible values are "block", "mfa", "compliantDevice", "domainJoinedDevice", "approvedApplication", "compliantApplication", "passwordChange".
Attribute Type Description
ClientAdalAuthOverride boolean Enable or disable ADAL (Modern Authentication) for Skype for Business Online in your tenant. Valid values are "NoOverride" (use global OAuth configuration), "Allowed" (enables OAuth for the tenant), "Disallowed" (disables OAuth for the tenant).
Attribute Type Description
id string The ID of the compliance policy.
odatatype string The OData type of the entity, e.g. "#microsoft.graph.iosCompliancePolicy".
securityBlockJailbrokenDevices boolean If true, block jailbroken or rooted devices.
managedEmailProfileRequired boolean If true, the owner of the device will only be able to use a managed email account.
Attribute Type Description
id string The ID of the compliance policy.
odatatype string To distinguish between different platforms (Android, iOS).
passwordPreviousPasswordBlockCount number Prevent reuse of previous passwords.
passcodePreviousPasscodeBlockCount number For iOS to prevent reuse of previous passwords.
passwordExpirationDays number Password expiration in days. "null" if no expiration.
passcodeExpirationDays number Passcode expiration in days. "null" if no expiration. (iOS)
passwordMinimumLength number Minimum length of the password.
passcodeMinimumLength number Minimum length of the password. (iOS)
passwordRequiredType string The password type (e.g. alphanumeric).
passcodeRequiredType string The password type (e.g. alphanumeric). (iOS)
passwordBlockSimple boolean Block simple passwords.
passcodeBlockSimple boolean Block simple passwords. (iOS)
passwordRequired boolean Require the use of a password.
passcodeRequired boolean Require the use of a password. (iOS)
storageRequireDeviceEncryption boolean Indicates whether or not to require device encryption.
passcodeSignInFailureCountBeforeWipe number Number of failed authentication attempts before a device is wiped. (iOS)
passwordSignInFailureCountBeforeFactoryReset number Number of failed authentication attempts before a device is wiped. (Windows 8)
passwordMinutesOfInactivityBeforeScreenTimeout number Minutes of inactivity before the screen times out.
passcodeMinutesOfInactivityBeforeScreenTimeout number Minutes of inactivity before the screen times out.
passwordRequireWhenResumeFromIdleState boolean Require the user to provide a password when the device is resumed from idle status.
Attribute Type Description
domain string A domain under the current O365 tenant.
Enabled boolean "True" if DKIM signing is enabled for this tenant, "False" otherwise.
Attribute Type Description
id string The unique identifier for this domain. (e.g. "dev-o365.yourcompany.com" or "yourcompany.onmicrosoft.com")
spfRecordPublished boolean To get this value, use `nslookup -type=txt domain.com` and ensure that a value exists that contains `include:spf.protection.outlook.com.` Set this to "true" if the record is valid and existing.
DMARCRecordPublished boolean To get this value, use `nslookup -type=txt _dmarc.` and Ensure that a policy exists that starts with `v=DMARC1;`. Set this to "true" if the record is valid and existing.
Attribute Type Description
Name string Name of the policy.
Description string Description of the role assignment policy.
IsDefault boolean True if this is the default role assignment policy.
IsValid boolean True if this is a valid role assignment policy.
AssignedRoles list List of roles assigned to this policy. Some sample values are "My Custom Apps", "My Marketplace Apps", "My ReadWriteMailbox Apps".
Attribute Type Description
BccSuspiciousOutboundMail boolean Send copies of suspicious messages to specific people.
NotifyOutboundSpam boolean Notify specific people if senders are blocked.
Enabled boolean Whether this policy is enabled or not.
Identity string Unique Identifier for the policy.
Attribute Type Description
id string The unique identifier for this domain. (e.g. "dev-o365.yourcompany.com" or "yourcompany.onmicrosoft.com")
supportedServices list List of supported services for this domain (e.g. "Intune")
Attribute Type Description
unreviewedRiskEventsExist boolean If true, then there are new risk events that need to be reviewed at https://portal.azure.com/#blade/Microsoft_AAD_IAM/SecurityMenuBlade/RiskDetections.
globalAdminUserCount number The total number of global admin users.
AnyMailTransportRuleRedirectMessageToExternalDomain boolean True if any of the mail transport rules is set up to redirect to any external domains.
Attribute Type Description
OAuth2ClientProfileEnabled boolean Whether OAuth 2.0 is enabled.
MailTipsAllTipsEnabled boolean True if mail tips are enabled.
MailTipsExternalRecipientsTipsEnabled boolean True if external recipient mail tips are enabled.
MailTipsGroupMetricsEnabled boolean True if mail tips group metrics are enabled.
MailTipsLargeAudienceThreshold number This setting defines a "large audience" in your tenant. If an email is about to be sent to a large audience, a mail tip will be shown to alert the user.
userMailboxAuditEnabled boolean If true, mailbox auditing is enabled for all user mailboxes.
nonUserMailboxAuditEnabled boolean If true, all non-user mailboxes have audit enabled. Otherwise, at least 1 non-user mailbox has auditing disabled. You can get this information from PowerShell using the command `Get-Mailbox -Filter 'AuditEnabled -eq $false -and RecipientTypeDetails -ne "UserMailbox" -and RecipientTypeDetails -ne "SharedMailbox"' -ResultSize 1 | Select-Object Id, Name, AuditEnabled`
DefaultMailboxRegion string The default mailbox region of the organization. Example value - "nam"
OrganizationId string The identifier for the Exchange organization.
Attribute Type Description
LinkedInEnabled boolean If False, LinkedIn contact synchronization is disabled.
FacebookEnabled boolean If False, Facebook contact synchronization is disabled.
AdditionalStorageProvidersAvailable boolean If False, additional storage providers (such as Box, DropBox, etc.) in Outlook on the Web will be restricted.
Attribute Type Description
Identity string The id of the TransportRule
Name string The name of the Mail Transport Rule.
State string The state of the TransportRule. For example, "Enabled"
RedirectMessageTo string An email address that this MailTransportRule will auto-forward emails to.
SetScl number Spam Confidence Level. -1 = Bypass spam filters. 0-4 = perform normal spam filtering. 5-6 = mark as spam. 7-9 = mark as high confidence spam. See https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/use-mail-flow-rules-to-set-the-spam-confidence-level-scl-in-messages?view=o365-worldwide for more info.
SenderDomainIs list The sender domain that is being checked in this Mail Transport Rule.
Priority number The priority level of the Transport Rule that determines the order of rule processing. 0 is the highest priority.
SentToScope string The "sent to scope" condition being checked in this Transport Rule. Possible values are "InOrganization", "NotInOrganization", "ExternalPartner" and "ExternalNonPartner". See https://docs.microsoft.com/en-us/powershell/module/exchange/set-transportrule?view=exchange-ps for more details.
FromScope string The "from scope" condition being checked in this Transport Rule. Possible values are "InOrganization" "NotInOrganization". See https://docs.microsoft.com/en-us/powershell/module/exchange/set-transportrule?view=exchange-ps for more details.
MessageTypeMatches string Specifies a condition that looks for messages of a specified type. Possible values are "OOF", "AutoForward", "Encrypted", "Calendaring", "PermissionControlled", Voicemail", "Signed", "ApprovalRequest", and "ReadReceipt". See https://docs.microsoft.com/en-us/powershell/module/exchange/set-transportrule?view=exchange-ps for more information.
RejectMessageEnhancedStatusCode string Specifies the enhanced status code that's used when the rule rejects messages. See https://docs.microsoft.com/en-us/powershell/module/exchange/set-transportrule?view=exchange-ps for more information.
RejectMessageReasonText string Specifies the explanation text that's used when a TransportRule rejects a message.
Attribute Type Description
id string ID of the MalwareFilterPolicy
Name string Name of the MalwareFilterPolicy
EnableFileFilter boolean The Common Attachment Types Filter lets a user block known and custom malicious file types from being attached to emails. This setting is set to "True" if the "Common Attachment Types" filter is enabled.
EnableInternalSenderAdminNotifications boolean If true, an admin will receive an email notification if an internal user is detected sending malware.
InternalSenderAdminAddress string The email address of the admin who will receive notifications when an internal user is detected sending malware.
Attribute Type Description
Name string The name of the Remote Domain asset. The default Remote Domain on an O365 account has name "Default", and domain "*".
DomainName string The remote domain that is being configured. "*" represents any remote domain. The default Remote Domain setting in an O365 account has the name "Default" and domain "*".
AutoForwardEnabled boolean If False, AutoForwarding of email to this remote domain will not be allowed.
Attribute Type Description
id string Combination of azureTenantId_createdDateTime.
azureTenantId string GUID string for tenant ID.
createdDateTime string The date when the entity is created.
maxScore number Tenant maximum possible score on specified date.
currentScore number Tenant current attained score on specified date.
controlScores list Contains tenant scores for a set of controls.
 controlName string Unique name for the control.
 controlCategory string Control action category (Identity, Data, Device, Apps, Infrastructure).
 score number Tenant achieved score for the control (it varies day by day depending on tenant operations on the control).
 description string Description of the control.
 isEnforced boolean Whether this control score is enforced or not.
 IsApplicable boolean Whether this control score is applicable or not.
 implementationStatus string Description of current status, e.g. "You currently have 4 global admins".
 lastSynced string The datetime when last synced in ISO 8601 format.
 scoreInPercentage number The current score as a percentage.
 total number None
 count number None
 on boolean Indicate whether the policy is turned on.
 reviewed number Unix timestamp.
Attribute Type Description
legacyAuthProtocolsEnabled boolean If False, basic authentication and other legacy authentication mechanisms are not allowed for this SharePoint tenant.
disallowInfectedFileDownload boolean If True, files that ATP has detected as infected will not be allowed to be downloaded via SharePoint.
preventExternalUsersFromResharing boolean If True, external users will not be able to share files and folders unless they were the original owner of the resource.
sharingDomainRestrictionMode number The sharing domain restriction being used. 0 = None, 1 = "AllowList", 2 = "BlockList". See https://docs.microsoft.com/en-us/dotnet/api/microsoft.sharepoint.client.sharing.sharingdomainrestrictionmode?view=sharepoint-csom
sharingAllowedDomainList Reference to string List of domains that resources are allowed to be shared with, if "sharingDomainRestrictionMode" = 1 (AllowList)
sharingBlockedDomainList Reference to string List of domains that resources will not be allowed to be shared with, if "sharingDomainRestrictionMode" = 2 (BlockList)
isUnmanagedSyncClientForTenantRestricted boolean If True, file syncing for OneDrive / SharePoint will only be allowed on PCs joined to specific domains. (See property "allowedDomainListForSyncClient")
allowedDomainListForSyncClient Reference to string The list of allowed domains if "isUnManagedSyncClientForTenantRestricted" is set to True.
blockMacSync boolean If True, MacOS devices cannot sync files from OneDrive / SharePoint.
requireAnonymousLinksExpireInDays number The number of days before an anonymous sharing link for a file expires. A value of -1 indicates no expiry.
Attribute Type Description
AllowBasicAuthActiveSync boolean Whether to allow Basic authentication with Exchange Active Sync.
AllowBasicAuthAutodiscover boolean Whether to allow Basic authentication with Autodiscover.
AllowBasicAuthImap boolean Whether to allow Basic authentication with IMAP.
AllowBasicAuthMapi boolean Whether to allow Basic authentication with MAPI.
AllowBasicAuthOfflineAddressBook boolean Whether to allow Basic authentication with Offline Address Books.
AllowBasicAuthOutlookService boolean Whether to allow Basic authentication with the Outlook service.
AllowBasicAuthPop boolean Whether to allow Basic authentication with POP.
AllowBasicAuthPowershell boolean Whether to allow Basic authentication with PowerShell.
AllowBasicAuthReportingWebServices boolean Whether to allow Basic authentication with reporting web services.
AllowBasicAuthRest boolean Whether to allow Basic authentication with REST API.
AllowBasicAuthRpc boolean Whether to allow Basic authentication with RPC.
AllowBasicAuthSmtp boolean Whether to allow Basic authentication with SMTP.
AllowBasicAuthWebServices boolean whether to allow Basic authentication with Exchange Web Services (EWS).
Attribute Type Description
id string The unique identifier for the user.
userPrincipalName string The user principal name (UPN) of the user. The UPN is an Internet-style login name for the user based on the Internet standard RFC 822. By convention, this should map to the user's email name. The general format is alias@domain, where domain must be present in the tenant's collection of verified domains. This property is required when a user is created. The verified domains for the tenant can be accessed from the verifiedDomains property of organization.
mail string The SMTP address for the user, for example, jeff@contoso.onmicrosoft.com.
displayName string The name displayed in the address book for the user.
givenName string The first name of the user.
surname string The last name of the user.
passwordPolicies string A string representing password policies applied to this specific user. If the value is empty, or "None", then this user does not have any special password policy settings and follows the default password policies set for the Azure tenant. Possible values for this field include "DisableStrongPassword", "DisablePasswordExpiration", or a combination of these two (e.g "DisableStrongPassword, DisablePasswordExpiration").
Attribute Type Description
id string The ID of the OAuth2PermissionGrant.
clientId string The ID of the client service principal for the application which is authorized to act on behalf of a signed-in user when accessing an API. Corresponds to the 'objectId' field inside the Azure 'Enterprise applications' page.
consentType string Indicates if authorization is granted for the client application to impersonate all users or only a specific user. 'AllPrincipals' indicates authorization to impersonate all users. 'Principal' indicates authorization to impersonate a specific user. Consent on behalf of all users can be granted by an administrator. Non-admin users may be authorized to consent on behalf of themselves in some cases, for some delegated permissions.
principalId string The ID of the user on behalf of whom the client is authorized to access the resource, when consentType is Principal. If consentType is 'AllPrincipals' this value is null. Required when consentType is 'Principal'.
resourceId string The ID of the resource service principal to which access is authorized. This identifies the API which the client is authorized to attempt to call on behalf of a signed-in user.
scope string A space-separated list of the claim values for delegated permissions which should be included in access tokens for the resource application (the API). For example, 'openid User.Read GroupMember.Read.All'. Each claim value should match the value field of one of the delegated permissions defined by the API, listed in the publishedPermissionScopes property of the resource service principal.