azuread_conditional_access_policy support for Insider Risk condition

[sdx-jkataja]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritise this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritise the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Please add support for specifying the Insider risk condition in Conditional Access Policies.

API Documentation: please see the insiderRiskLevels field in the conditionalAccessConditionSet resource type: https://learn.microsoft.com/en-us/graph/api/resources/conditionalaccessconditionset?view=graph-rest-1.0

New or Affected Resource(s)

• azuread_conditional_access_policy

Potential Terraform Configuration

Add the insider_risk_levels array inside the conditions block with possible values elevated, moderate and minor .

resource "azuread_conditional_access_policy" "example" {
  display_name = "example policy"
  state        = "disabled"

  conditions {
    client_app_types = ["all"]
    insider_risk_levels = ["elevated", "moderate", "minor"]

    applications {
      included_applications = ["All"]
    }

    users {
      included_users = ["All"]
    }
  }

  grant_controls {
    operator          = "OR"
    built_in_controls = ["block"]
  }
}

References

• https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/insider-risk-in-conditional-access-microsoft-entra-microsoft/ba-p/4087181
• https://learn.microsoft.com/en-us/graph/api/resources/conditionalaccessconditionset?view=graph-rest-1.0