DSCResources/MSFT_AADConditionalAccessPolicy/settings.json

{
    "resourceName": "AADConditionalAccessPolicy",
    "description": "This resource configures an Azure Active Directory Conditional Access Policy.",
    "roles": {
        "read": [
            "Security Reader"
        ],
        "update": [
            "Conditional Access Administrator"
        ]
    },
    "permissions": {
        "graph": {
            "delegated": {
                "read": [
                    {
                        "name": "Agreement.Read.All"
                    },
                    {
                        "name": "Group.Read.All"
                    },
                    {
                        "name": "Policy.Read.All"
                    },
                    {
                        "name": "RoleManagement.Read.Directory"
                    },
                    {
                        "name": "User.Read.All"
                    }
                ],
                "update": [
                    {
                        "name": "Agreement.Read.All"
                    },
                    {
                        "name": "Group.Read.All"
                    },
                    {
                        "name": "Policy.Read.All"
                    },
                    {
                        "name": "Policy.ReadWrite.ConditionalAccess"
                    },
                    {
                        "name": "RoleManagement.Read.Directory"
                    },
                    {
                        "name": "User.Read.All"
                    }
                ]
            },
            "application": {
                "read": [
                    {
                        "name": "Agreement.Read.All"
                    },
                    {
                        "name": "Application.Read.All"
                    },
                    {
                        "name": "Group.Read.All"
                    },
                    {
                        "name": "Policy.Read.All"
                    },
                    {
                        "name": "RoleManagement.Read.Directory"
                    },
                    {
                        "name": "User.Read.All"
                    }
                ],
                "update": [
                    {
                        "name": "Agreement.Read.All"
                    },
                    {
                        "name": "Application.Read.All"
                    },
                    {
                        "name": "Group.Read.All"
                    },
                    {
                        "name": "Policy.Read.All"
                    },
                    {
                        "name": "Policy.ReadWrite.ConditionalAccess"
                    },
                    {
                        "name": "RoleManagement.Read.Directory"
                    },
                    {
                        "name": "User.Read.All"
                    }
                ]
            }
        }
    }
}