AgentCollection.ReadWrite.ManagedBy
Allows the app to create, read, update, and delete collections that designate the calling app as their manager and manage their membership in your organization's Agent Registry without a signed-in user.
Permission Details
Read and write managed-by collections in Agent Registry
Allows the app to create, read, update, and delete collections that designate the calling app as their manager and manage their membership in your organization's Agent Registry without a signed-in user.
2e0fb698-9996-479f-926b-ce63f4397829
Properties
Properties is shown from beta metadata because a stable v1.0 schema is not available for this resource mapping.
| Property | Type | Description |
|---|---|---|
createdBy |
String |
Object ID of the user or app that created the agent instance. |
createdDateTime |
DateTimeOffset |
Timestamp when agent collection was created. |
description |
String |
Description / purpose of the collection. |
displayName |
String |
Friendly name of the collection. |
id |
String |
Unique identifier for the collection. Key. Inherited from entity. |
lastModifiedDateTime |
DateTimeOffset |
Timestamp of last update. |
managedBy |
String |
appId (referred to as Application (client) ID on the Microsoft Entra admin center) of the service principal managing this agent. |
originatingStore |
String |
Source system/store where the collection originated. For example Copilot Studio. |
ownerIds |
String collection |
List of object IDs for the owners of the agent instance. |
copilotTools |
copilotTool collection |
JSON Representation
JSON representation is shown from beta metadata because a stable v1.0 schema is not available for this resource mapping.
{
"@odata.type": "#microsoft.graph.agentCollection",
"id": "String (identifier)",
"ownerIds": [
"String"
],
"managedBy": "String",
"originatingStore": "String",
"createdBy": "String",
"displayName": "String",
"description": "String",
"createdDateTime": "String (timestamp)",
"lastModifiedDateTime": "String (timestamp)"
}Relationships
Relationships is shown from beta metadata because a stable v1.0 schema is not available for this resource mapping.
| Relationship | Type | Description |
|---|---|---|
members |
agentInstance collection |
List of agent instances that are members of this collection. Supports $expand. |
copilotTools |
copilotTool collection |
Related copilotTools data exposed by this resource. |
Graph Methods
Microsoft Graph v1.0 endpoints are mapped directly from refreshed Microsoft Learn permissions tables.
No API methods available for this version.
Microsoft Graph beta endpoints are mapped directly from refreshed Microsoft Learn permissions tables.
Microsoft Graph PowerShell v1.0 commands are not available from refreshed Microsoft Learn PowerShell snippets for this permission.
No deterministic PowerShell command map is available for this permission.
Browse PowerShell docsMicrosoft Graph PowerShell beta commands are not available from refreshed Microsoft Learn PowerShell snippets for this permission.
No deterministic PowerShell command map is available for this permission.
Browse PowerShell docsCode Examples
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new AgentCollection
{
Id = "Security Copilot Platform Workspace: 001",
OwnerIds = new List<string>
{
"daf58b0e-44e1-433c-b6b0-ca70cae320b8",
"b9108c41-d2d2-4e78-b073-92f57b752bd0",
},
ManagedBy = "719cc904-9700-4e08-9941-fd826cc84c60",
OriginatingStore = "Microsoft Security Copilot",
CreatedBy = "d47bffae-411a-4de9-8548-05e79bc01f0d",
DisplayName = "Conditional Access Agents",
Description = "A collection of agents to manage your organizations conditional access policies",
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.AgentRegistry.AgentCollections.PostAsync(requestBody);const options = {
authProvider,
};
const client = Client.init(options);
const agentInstance = {
'@odata.id': 'https://graph.microsoft.com/beta/agentRegistry/agentInstances(\'agent-instance-id\')'
};
await client.api('/agentRegistry/agentInstances/{agentInstanceId}/collections/{agentCollectionId}/members/$ref')
.version('beta')
.post(agentInstance);Connect-MgGraph -Scopes "AgentCollection.ReadWrite.ManagedBy"
Invoke-MgGraphRequest -Method GET -Uri "https://graph.microsoft.com/v1.0/agentRegistry/agentCollections"# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.agent_collection import AgentCollection
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = AgentCollection(
id = "Security Copilot Platform Workspace: 001",
owner_ids = [
"daf58b0e-44e1-433c-b6b0-ca70cae320b8",
"b9108c41-d2d2-4e78-b073-92f57b752bd0",
],
managed_by = "719cc904-9700-4e08-9941-fd826cc84c60",
originating_store = "Microsoft Security Copilot",
created_by = "d47bffae-411a-4de9-8548-05e79bc01f0d",
display_name = "Conditional Access Agents",
description = "A collection of agents to manage your organizations conditional access policies",
)
result = await graph_client.agent_registry.agent_collections.post(request_body)App Registration
Navigate to Azure Portal
Go to App registrations in Microsoft Entra admin center
Add API Permission
Select your app → API permissions → Add a permission → Microsoft Graph
Select Permission Type
Choose Application permissions and search for AgentCollection.ReadWrite.ManagedBy
Grant Admin Consent
Application permissions always require admin consent.