ESC
Type to search...
Navigate Open ESC Close

Agreement.ReadWrite.All

Export JSON
Export CSV
Copy URL
Print
ApplicationDelegated Read/Write All Resources

Allows the app to read and write terms of use agreements, without a signed in user.

Permission data: April 6, 2026 at 4:06 AM UTC
Delegated Access App-Only Access

Permission Details

Application Permission

Read and write all terms of use agreements

Allows the app to read and write terms of use agreements, without a signed in user.

Permission ID: c9090d00-6101-42f0-a729-c41074260d47
Delegated Permission Admin consent required

Read and write all terms of use agreements

Allows the app to read and write terms of use agreements on behalf of the signed-in user.

User sees: Allows the app to read and write terms of use agreements on your behalf.
Permission ID: ef4b5d93-3104-4664-9053-a5c49ab44218

Properties

Microsoft Graph v1.0 exact-category-docs

Properties is shown from stable Microsoft Graph v1.0 metadata.

Property Type Description
displayName StringNullable Display name of the agreement. The display name is used for internal tracking of the agreement but isn't shown to end users who view the agreement. Supports $filter (eq).
id String The identifier of the agreement. Read-only. Supports $filter (eq).
isPerDeviceAcceptanceRequired BooleanNullable Indicates whether end users are required to accept this agreement on every device that they access it from. The end user is required to register their device in Microsoft Entra ID, if they haven't already done so. Supports $filter (eq).
isViewingBeforeAcceptanceRequired BooleanNullable Indicates whether the user has to expand the agreement before accepting. Supports $filter (eq).
termsExpiration termsExpiration Expiration schedule and frequency of agreement for all users. Supports $filter (eq).
userReacceptRequiredFrequency DurationNullable The duration after which the user must reaccept the terms of use. The value is represented in ISO 8601 format for durations. Supports $filter (eq).
acceptances agreementAcceptance collection Read-only. Information about acceptances of this agreement.
file object Default PDF linked to this agreement.
files agreementFileLocalization collection PDFs linked to this agreement. This property is in the process of being deprecated. Use the file property instead. Supports $expand.

JSON Representation

Microsoft Graph v1.0 exact-category-docs

JSON representation is shown from stable Microsoft Graph v1.0 metadata.

JSON representation 
{
  "@odata.type": "#microsoft.graph.agreement",
  "displayName": "String",
  "id": "String (identifier)",
  "isPerDeviceAcceptanceRequired": "Boolean",
  "isViewingBeforeAcceptanceRequired": "Boolean",
  "termsExpiration": {
    "@odata.type": "microsoft.graph.termsExpiration"
  },
  "userReacceptRequiredFrequency": "String (duration)"
}

Relationships

Microsoft Graph v1.0 exact-category-docs

Relationships is shown from stable Microsoft Graph v1.0 metadata.

Relationship Type Description
acceptances agreementAcceptance collection Read-only. Information about acceptances of this agreement.
file agreementFile Default PDF linked to this agreement.
files agreementFileLocalization collection PDFs linked to this agreement. This property is in the process of being deprecated. Use the file property instead. Supports $expand.

Graph Methods

Delegated access App-only access
Exact Microsoft Learn match

Microsoft Graph v1.0 endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

Methods
GET /agreements/{agreementsId}/file
GET /agreements/{agreementsId}/file/localizations
POST /agreements/{agreementsId}/files
POST /identityGovernance/termsOfUse/agreements
PATCH /identityGovernance/termsOfUse/agreements/{id}
DELETE /identityGovernance/termsOfUse/agreements/{id}
Exact Microsoft Learn match

Microsoft Graph beta endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

Methods
GET /agreements/{agreementsId}/file
GET /agreements/{agreementsId}/file/localizations
POST /agreements/{agreementsId}/files
POST /identityGovernance/termsOfUse/agreements
PATCH /identityGovernance/termsOfUse/agreements/{id}
DELETE /identityGovernance/termsOfUse/agreements/{id}
Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell v1.0 commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

Commands
Get-MgAgreementFile /agreements/{agreementsId}/file
Get agreementFile
Get-MgAgreementFileLocalization /agreements/{agreementsId}/file/localizations
List agreementFileLocalizations
Get-MgIdentityGovernanceTermsOfUseAgreementFile /agreements/{agreementsId}/file
Get agreementFile
New-MgIdentityGovernanceTermsOfUseAgreement /identityGovernance/termsOfUse/agreements
Create agreement
New-MgIdentityGovernanceTermsOfUseAgreementFile /agreements/{agreementsId}/files
Create agreementFileLocalization
Remove-MgIdentityGovernanceTermsOfUseAgreement /identityGovernance/termsOfUse/agreements/{id}
Delete agreement
Update-MgIdentityGovernanceTermsOfUseAgreement /identityGovernance/termsOfUse/agreements/{id}
Update agreement
Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell beta commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

Commands
Get-MgBetaAgreementFile /agreements/{agreementsId}/file
Get agreementFile
Get-MgBetaAgreementFileLocalization /agreements/{agreementsId}/file/localizations
List agreementFileLocalizations
Get-MgBetaIdentityGovernanceTermsOfUseAgreementFile /agreements/{agreementsId}/file
Get agreementFile
New-MgBetaIdentityGovernanceTermsOfUseAgreement /identityGovernance/termsOfUse/agreements
Create agreement
New-MgBetaIdentityGovernanceTermsOfUseAgreementFile /agreements/{agreementsId}/files
Create agreementFileLocalization
Remove-MgBetaIdentityGovernanceTermsOfUseAgreement /identityGovernance/termsOfUse/agreements/{id}
Delete agreement
Update-MgBetaIdentityGovernanceTermsOfUseAgreement /identityGovernance/termsOfUse/agreements/{id}
Update agreement

Code Examples

C# / .NET SDK
Create agreement
View official example on Microsoft Learn
// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Models;

var requestBody = new Agreement
{
	DisplayName = "Contoso ToU for guest users",
	IsViewingBeforeAcceptanceRequired = true,
	Files = new List<AgreementFileLocalization>
	{
		new AgreementFileLocalization
		{
			FileName = "TOU.pdf",
			Language = "en",
			IsDefault = true,
			FileData = new AgreementFileData
			{
				Data = Convert.FromBase64String("SGVsbG8gd29ybGQ=//truncated-binary"),
			},
		},
	},
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.TermsOfUse.Agreements.PostAsync(requestBody);
JavaScript
Create agreement
View official example on Microsoft Learn
const options = {
	authProvider,
};

const client = Client.init(options);

const agreement = {
  displayName: 'Contoso ToU for guest users',
  isViewingBeforeAcceptanceRequired: true,
  files: [
    {
      fileName: 'TOU.pdf',
      language: 'en',
      isDefault: true,
      fileData: {
        data: 'SGVsbG8gd29ybGQ=//truncated-binary'
      }
    }
  ]
};

await client.api('/identityGovernance/termsOfUse/agreements')
	.post(agreement);
PowerShell
Create agreement
View official example on Microsoft Learn
Import-Module Microsoft.Graph.Identity.Governance

$params = @{
	displayName = "Contoso ToU for guest users"
	isViewingBeforeAcceptanceRequired = $true
	files = @(
		@{
			fileName = "TOU.pdf"
			language = "en"
			isDefault = $true
			fileData = @{
				data = [System.Text.Encoding]::ASCII.GetBytes("SGVsbG8gd29ybGQ=//truncated-binary")
			}
		}
	)
}

New-MgIdentityGovernanceTermsOfUseAgreement -BodyParameter $params
Python
Create agreement
View official example on Microsoft Learn
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.agreement import Agreement
from msgraph.generated.models.agreement_file_localization import AgreementFileLocalization
from msgraph.generated.models.agreement_file_data import AgreementFileData
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = Agreement(
	display_name = "Contoso ToU for guest users",
	is_viewing_before_acceptance_required = True,
	files = [
		AgreementFileLocalization(
			file_name = "TOU.pdf",
			language = "en",
			is_default = True,
			file_data = AgreementFileData(
				data = base64.urlsafe_b64decode("SGVsbG8gd29ybGQ=//truncated-binary"),
			),
		),
	],
)

result = await graph_client.identity_governance.terms_of_use.agreements.post(request_body)

App Registration

1

Navigate to Azure Portal

Go to App registrations in Microsoft Entra admin center

2

Add API Permission

Select your app → API permissions → Add a permission → Microsoft Graph

3

Select Permission Type

Choose Application permissions or delegated permissions and search for Agreement.ReadWrite.All

4

Grant Admin Consent

Application permissions always require admin consent.