Does Application.ReadWrite.OwnedBy require admin consent?

Yes, Application permissions always require admin consent. An administrator must grant consent in the Azure portal.

How do I add Application.ReadWrite.OwnedBy to my app registration?

Go to Azure Portal > App registrations > Your app > API permissions > Add permission > Microsoft Graph, then search for Application.ReadWrite.OwnedBy and select it.

Application.ReadWrite.OwnedBy Permission - Microsoft Graph API

Permission Details

Application Permission

Manage apps that this app creates or owns

Allows the app to create other applications, and fully manage those applications (read, update, update application secrets and delete), without a signed-in user. It cannot update any apps that it is not an owner of.

Permission ID: 18a4783c-866b-4cc7-a460-3d5e5662c884

Properties

Property	Type	Description
`id`	`string`	The unique identifier for an entity. Read-only.

Relationships

Relationship	Type	Description
`createdOnBehalfOf`	`directoryObject`	Supports $filter (/$count eq 0, /$count ne 0). Read-only.
`extensionProperties`	`extensionProperty collection`	Read-only. Nullable. Supports $expand and $filter.
`federatedIdentityCredentials`	`federatedIdentityCredential collection`	Federated identities for applications. Supports $expand and $filter.
`owners`	`directoryObject collection`	Directory objects that are owners of the application. Read-only. Nullable. Supports $expand.
`tokenIssuancePolicies`	`tokenIssuancePolicy collection`	Token issuance policies assigned to this application. Supports $expand.
`tokenLifetimePolicies`	`tokenLifetimePolicy collection`	Token lifetime policies assigned to this application. Supports $expand.

Graph Methods

Delegated access App-only access

Methods
GET `/applications`
GET `/applications(appId='{appId}')`
GET `/applications(appId='{appId}')/extensionProperties`
GET `/applications(appId='{appId}')/extensionProperties/{extensionPropertyId}`
GET `/applications(appId='{appId}')/federatedIdentityCredentials`
GET `/applications(appId='{appId}')/federatedIdentityCredentials/{federatedIdentityCredentialId}`
GET `/applications(appId='{appId}')/federatedIdentityCredentials/{federatedIdentityCredentialName}`
GET `/applications(appId='{appId}')/owners`
GET `/applications(appId='{appId}')/tokenIssuancePolicies`
GET `/applications(appId='{appId}')/tokenLifetimePolicies`
GET `/applications/{application ObjectId}/extensionProperties`
GET `/applications/{application ObjectId}/extensionProperties/{extensionPropertyId}`
GET `/applications/{applicationObjectId}`
GET `/applications/{id}/federatedIdentityCredentials`
GET `/applications/{id}/federatedIdentityCredentials/{federatedIdentityCredentialId}`
GET `/applications/{id}/federatedIdentityCredentials/{federatedIdentityCredentialName}`
GET `/applications/{id}/owners`
GET `/applications/{id}/synchronization/templates/{templateId}/schema`
GET `/applications/{id}/synchronization/templates/{templateId}/schema/filterOperators`
GET `/applications/{id}/synchronization/templates/{templateId}/schema/functions`
GET `/applications/{id}/tokenIssuancePolicies`
GET `/applications/{id}/tokenLifetimePolicies`
GET `/applications/delta`
GET `/servicePrincipals`
GET `/servicePrincipals(appId='{appId}')`
GET `/servicePrincipals(appId='{appId}')/appRoleAssignedTo`
GET `/servicePrincipals(appId='{appId}')/appRoleAssignments`
GET `/servicePrincipals(appId='{appId}')/claimsMappingPolicies`
GET `/servicePrincipals(appId='{appId}')/createdObjects`
GET `/servicePrincipals(appId='{appId}')/delegatedPermissionClassifications`
GET `/servicePrincipals(appId='{appId}')/homeRealmDiscoveryPolicies`
GET `/servicePrincipals(appId='{appId}')/memberOf`
GET `/servicePrincipals(appId='{appId}')/ownedObjects`
GET `/servicePrincipals(appId='{appId}')/owners`
GET `/servicePrincipals(appId='{appId}')/tokenLifetimePolicies`
GET `/servicePrincipals/{id}`
GET `/servicePrincipals/{id}/appRoleAssignedTo`
GET `/servicePrincipals/{id}/appRoleAssignments`
GET `/servicePrincipals/{id}/claimsMappingPolicies`
GET `/servicePrincipals/{id}/createdObjects`
GET `/servicePrincipals/{id}/delegatedPermissionClassifications`
GET `/servicePrincipals/{id}/homeRealmDiscoveryPolicies`
GET `/servicePrincipals/{id}/memberOf`
GET `/servicePrincipals/{id}/ownedObjects`
GET `/servicePrincipals/{id}/owners`
GET `/servicePrincipals/{id}/synchronization/jobs/`
GET `/servicePrincipals/{id}/synchronization/jobs/{jobId}/`
GET `/servicePrincipals/{id}/synchronization/jobs/{jobId}/schema`
GET `/servicePrincipals/{id}/synchronization/jobs/{jobId}/schema/filterOperators`
GET `/servicePrincipals/{id}/synchronization/jobs/{jobId}/schema/functions`
GET `/servicePrincipals/{id}/synchronization/templates/{templateId}/schema`
GET `/servicePrincipals/{id}/synchronization/templates/{templateId}/schema/filterOperators`
GET `/servicePrincipals/{id}/synchronization/templates/{templateId}/schema/functions`
GET `/servicePrincipals/{id}/tokenLifetimePolicies`
GET `/servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration`
GET `/servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration/targetDeviceGroups`
GET `/servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration/targetDeviceGroups/{targetDeviceGroupId}`
GET `/servicePrincipals/delta`
GET `applications/{id}/synchronization/templates`
GET `applications/{id}/synchronization/templates/{templateId}`
GET `servicePrincipals/{id}/synchronization/templates`
GET `servicePrincipals/{id}/synchronization/templates/{templateId}`
POST `/applications`
POST `/applications(appId='{appId}')/addKey`
POST `/applications(appId='{appId}')/addPassword`
POST `/applications(appId='{appId}')/extensionProperties`
POST `/applications(appId='{appId}')/federatedIdentityCredentials`
POST `/applications(appId='{appId}')/owners/$ref`
POST `/applications(appId='{appId}')/removeKey`
POST `/applications(appId='{appId}')/removePassword`
POST `/applications(appId='{appId}')/tokenIssuancePolicies/$ref`
POST `/applications(appId='{appId}')/tokenLifetimePolicies/$ref`
POST `/applications/{application ObjectId}/extensionProperties`
POST `/applications/{applicationsId}/synchronization/acquireAccessToken`
POST `/applications/{id}/addKey`
POST `/applications/{id}/addPassword`
POST `/applications/{id}/federatedIdentityCredentials`
POST `/applications/{id}/owners/$ref`
POST `/applications/{id}/removeKey`
POST `/applications/{id}/removePassword`
POST `/applications/{id}/tokenIssuancePolicies/$ref`
POST `/applications/{id}/tokenLifetimePolicies/$ref`
POST `/applicationTemplates/{applicationTemplate-id}/instantiate`
POST `/directory/deletedItems/{id}/restore`
POST `/servicePrincipals`
POST `/servicePrincipals(appId='{appId}')/addKey`
POST `/servicePrincipals(appId='{appId}')/addPassword`
POST `/servicePrincipals(appId='{appId}')/addTokenSigningCertificate`
POST `/servicePrincipals(appId='{appId}')/claimsMappingPolicies/$ref`
POST `/servicePrincipals(appId='{appId}')/homeRealmDiscoveryPolicies/$ref`
POST `/servicePrincipals(appId='{appId}')/owners/$ref`
POST `/servicePrincipals(appId='{appId}')/removeKey`
POST `/servicePrincipals(appId='{appId}')/removePassword`
POST `/servicePrincipals(appId='{appId}')/tokenLifetimePolicies/$ref`
POST `/serviceprincipals/{id}/addKey`
POST `/servicePrincipals/{id}/addPassword`
POST `/servicePrincipals/{id}/addTokenSigningCertificate`
POST `/servicePrincipals/{id}/claimsMappingPolicies/$ref`
POST `/servicePrincipals/{id}/homeRealmDiscoveryPolicies/$ref`
POST `/servicePrincipals/{id}/owners/$ref`
POST `/serviceprincipals/{id}/removeKey`
POST `/servicePrincipals/{id}/removePassword`
POST `/servicePrincipals/{id}/synchronization/jobs/`
POST `/servicePrincipals/{id}/synchronization/jobs/{id}/schema/parseExpression`
POST `/servicePrincipals/{id}/synchronization/jobs/{id}/validateCredentials`
POST `/servicePrincipals/{id}/synchronization/jobs/{jobId}/pause`
POST `/servicePrincipals/{id}/synchronization/jobs/{jobId}/schema/directories/{directoryId}/discover`
POST `/servicePrincipals/{id}/synchronization/jobs/{jobId}/start`
POST `/servicePrincipals/{id}/synchronization/templates/{id}/schema/parseExpression`
POST `/servicePrincipals/{id}/tokenLifetimePolicies/$ref`
POST `/servicePrincipals/{servicePrincipalId}/synchronization/jobs/{jobId}/restart`
POST `/servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration/targetDeviceGroups`
POST `/servicePrincipals/{servicePrincipalsId}/synchronization/acquireAccessToken`
POST `/servicePrincipals/{servicePrincipalsId}/synchronization/jobs/{synchronizationJobId}/provisionOnDemand`
PATCH `/applications(appId='{appId}')`
PATCH `/applications(appId='{appId}')/federatedIdentityCredentials(name='{name}')`
PATCH `/applications(appId='{appId}')/federatedIdentityCredentials/{federatedIdentityCredentialId}`
PATCH `/applications(appId='{appId}')/federatedIdentityCredentials/{federatedIdentityCredentialName}`
PATCH `/applications(uniqueName='{uniqueName}')`
PATCH `/applications/{applicationObjectId}`
PATCH `/applications/{id}/federatedIdentityCredentials(name='{name}')`
PATCH `/applications/{id}/federatedIdentityCredentials/{federatedIdentityCredentialId}`
PATCH `/applications/{id}/federatedIdentityCredentials/{federatedIdentityCredentialName}`
PATCH `/servicePrincipals(appId='{appId}')`
PATCH `/servicePrincipals(appId='appId')`
PATCH `/servicePrincipals/{id}`
PATCH `/servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration/targetDeviceGroups/{targetDeviceGroupId}`
PATCH `applications/{id}/synchronization/templates/{templateId}`
PUT `/applications/{id}/synchronization/templates/{templateId}/schema`
PUT `/servicePrincipals/{id}/synchronization/jobs/{jobId}/schema`
PUT `/servicePrincipals/{id}/synchronization/secrets`
DELETE `/applications(appId='{appId}')`
DELETE `/applications(appId='{appId}')/extensionProperties/{extensionPropertyId}`
DELETE `/applications(appId='{appId}')/federatedIdentityCredentials/{federatedIdentityCredentialId}`
DELETE `/applications(appId='{appId}')/federatedIdentityCredentials/{federatedIdentityCredentialName}`
DELETE `/applications(appId='{appId}')/owners/{id}/$ref`
DELETE `/applications(appId='{appId}')/tokenIssuancePolicies/{id}/$ref`
DELETE `/applications(appId='{appId}')/tokenLifetimePolicies/{tokenLifetimePolicyId}/$ref`
DELETE `/applications/{application ObjectId}/extensionProperties/{extensionPropertyId}`
DELETE `/applications/{applicationObjectId}`
DELETE `/applications/{applicationObjectId}/tokenLifetimePolicies/{tokenLifetimePolicyId}/$ref`
DELETE `/applications/{id}/federatedIdentityCredentials/{federatedIdentityCredentialId}`
DELETE `/applications/{id}/federatedIdentityCredentials/{federatedIdentityCredentialName}`
DELETE `/applications/{id}/owners/{id}/$ref`
DELETE `/applications/{id}/synchronization/templates/{templateId}/schema`
DELETE `/applications/{id}/tokenIssuancePolicies/{id}/$ref`
DELETE `/directory/deletedItems/{id}`
DELETE `/servicePrincipals(appId='{appId}')`
DELETE `/servicePrincipals(appId='{appId}')/claimsMappingPolicies/{id}/$ref`
DELETE `/servicePrincipals(appId='{appId}')/homeRealmDiscoveryPolicies/{id}/$ref`
DELETE `/servicePrincipals(appId='{appId}')/owners/{id}/$ref`
DELETE `/servicePrincipals(appId='{appId}')/tokenLifetimePolicies/{tokenLifetimePolicyId}/$ref`
DELETE `/servicePrincipals/{id}`
DELETE `/servicePrincipals/{id}/claimsMappingPolicies/{id}/$ref`
DELETE `/servicePrincipals/{id}/homeRealmDiscoveryPolicies/{id}/$ref`
DELETE `/serviceprincipals/{id}/owners/{id}/$ref`
DELETE `/servicePrincipals/{id}/synchronization/jobs/{jobId}/`
DELETE `/servicePrincipals/{id}/synchronization/jobs/{jobId}/schema`
DELETE `/servicePrincipals/{servicePrincipalObjectId}/tokenLifetimePolicies/{tokenLifetimePolicyId}/$ref`
DELETE `/servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration/targetDeviceGroups/{targetDeviceGroupId}/$ref`

Methods
GET `/applications`
GET `/applications(appId='{appId}')`
GET `/applications(appId='{appId}')/extensionProperties`
GET `/applications(appId='{appId}')/extensionProperties/{extensionPropertyId}`
GET `/applications(appId='{appId}')/federatedIdentityCredentials`
GET `/applications(appId='{appId}')/federatedIdentityCredentials/{federatedIdentityCredentialId}`
GET `/applications(appId='{appId}')/federatedIdentityCredentials/{federatedIdentityCredentialName}`
GET `/applications(appId='{appId}')/owners`
GET `/applications(appId='{appId}')/tokenIssuancePolicies`
GET `/applications(appId='{appId}')/tokenLifetimePolicies`
GET `/applications/{application ObjectId}/extensionProperties`
GET `/applications/{application ObjectId}/extensionProperties/{extensionPropertyId}`
GET `/applications/{applicationObjectId}`
GET `/applications/{applicationObjectId}/onPremisesPublishing/segmentsConfiguration/microsoft.graph.ipSegmentConfiguration/applicationSegments`
GET `/applications/{applicationObjectId}/onPremisesPublishing/segmentsConfiguration/microsoft.graph.ipSegmentConfiguration/applicationSegments/{applicationSegment-id}`
GET `/applications/{id}/federatedIdentityCredentials`
GET `/applications/{id}/federatedIdentityCredentials/{federatedIdentityCredentialId}`
GET `/applications/{id}/federatedIdentityCredentials/{federatedIdentityCredentialName}`
GET `/applications/{id}/owners`
GET `/applications/{id}/synchronization/templates`
GET `/applications/{id}/synchronization/templates/{templateId}`
GET `/applications/{id}/synchronization/templates/{templateId}/schema`
GET `/applications/{id}/synchronization/templates/{templateId}/schema/filterOperators`
GET `/applications/{id}/synchronization/templates/{templateId}/schema/functions`
GET `/applications/{id}/tokenIssuancePolicies`
GET `/applications/{id}/tokenLifetimePolicies`
GET `/applications/delta`
GET `/applications/microsoft.graph.agentIdentityBlueprint`
GET `/servicePrincipals`
GET `/servicePrincipals(appId='{appId}')`
GET `/servicePrincipals(appId='{appId}')/tokenLifetimePolicies`
GET `/servicePrincipals/{id}`
GET `/servicePrincipals/{id}/appRoleAssignedTo`
GET `/servicePrincipals/{id}/appRoleAssignments`
GET `/servicePrincipals/{id}/claimsMappingPolicies`
GET `/servicePrincipals/{id}/createdObjects`
GET `/servicePrincipals/{id}/delegatedPermissionClassifications`
GET `/servicePrincipals/{id}/homeRealmDiscoveryPolicies`
GET `/servicePrincipals/{id}/memberOf`
GET `/servicePrincipals/{id}/ownedObjects`
GET `/servicePrincipals/{id}/owners`
GET `/servicePrincipals/{id}/synchronization/jobs/`
GET `/servicePrincipals/{id}/synchronization/jobs/{jobId}/`
GET `/servicePrincipals/{id}/synchronization/jobs/{jobId}/schema`
GET `/servicePrincipals/{id}/synchronization/jobs/{jobId}/schema/filterOperators`
GET `/servicePrincipals/{id}/synchronization/jobs/{jobId}/schema/functions`
GET `/servicePrincipals/{id}/synchronization/templates`
GET `/servicePrincipals/{id}/synchronization/templates/{templateId}`
GET `/servicePrincipals/{id}/synchronization/templates/{templateId}/schema`
GET `/servicePrincipals/{id}/synchronization/templates/{templateId}/schema/filterOperators`
GET `/servicePrincipals/{id}/synchronization/templates/{templateId}/schema/functions`
GET `/servicePrincipals/{id}/tokenLifetimePolicies`
GET `/servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration`
GET `/servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration/targetDeviceGroups`
GET `/servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration/targetDeviceGroups/{targetDeviceGroupId}`
GET `/servicePrincipals/delta`
GET `/servicePrincipals/microsoft.graph.agentIdentity`
GET `/servicePrincipals/microsoft.graph.agentIdentityBlueprintPrincipal`
POST `/applications`
POST `/applications(appId='{appId}')/addKey`
POST `/applications(appId='{appId}')/addPassword`
POST `/applications(appId='{appId}')/extensionProperties`
POST `/applications(appId='{appId}')/federatedIdentityCredentials`
POST `/applications(appId='{appId}')/owners/$ref`
POST `/applications(appId='{appId}')/removeKey`
POST `/applications(appId='{appId}')/removePassword`
POST `/applications(appId='{appId}')/tokenIssuancePolicies/$ref`
POST `/applications(appId='{appId}')/tokenLifetimePolicies/$ref`
POST `/applications/{application ObjectId}/extensionProperties`
POST `/applications/{applicationObjectId}/onPremisesPublishing/segmentsConfiguration/microsoft.graph.ipSegmentConfiguration/applicationSegments`
POST `/applications/{applicationsId}/synchronization/acquireAccessToken`
POST `/applications/{id}/addKey`
POST `/applications/{id}/addPassword`
POST `/applications/{id}/federatedIdentityCredentials`
POST `/applications/{id}/owners/$ref`
POST `/applications/{id}/removeKey`
POST `/applications/{id}/removePassword`
POST `/applications/{id}/tokenIssuancePolicies/$ref`
POST `/applications/{id}/tokenLifetimePolicies/$ref`
POST `/applicationTemplates/{applicationTemplate-id}/instantiate`
POST `/directory/deleteditems/{id}/restore`
POST `/servicePrincipals`
POST `/servicePrincipals(appId='{appId}')/addKey`
POST `/servicePrincipals(appId='{appId}')/addPassword`
POST `/servicePrincipals(appId='{appId}')/addTokenSigningCertificate`
POST `/servicePrincipals(appId='{appId}')/claimsMappingPolicies/$ref`
POST `/servicePrincipals(appId='{appId}')/getPasswordSingleSignOnCredentials`
POST `/servicePrincipals(appId='{appId}')/homeRealmDiscoveryPolicies/$ref`
POST `/servicePrincipals(appId='{appId}')/owners/$ref`
POST `/serviceprincipals(appId='{appId}')/removeKey`
POST `/servicePrincipals(appId='{appId}')/removePassword`
POST `/servicePrincipals(appId='{appId}')/tokenLifetimePolicies/$ref`
POST `/servicePrincipals/{id}/addKey`
POST `/servicePrincipals/{id}/addPassword`
POST `/servicePrincipals/{id}/addTokenSigningCertificate`
POST `/servicePrincipals/{id}/claimsMappingPolicies/$ref`
POST `/servicePrincipals/{id}/getPasswordSingleSignOnCredentials`
POST `/servicePrincipals/{id}/homeRealmDiscoveryPolicies/$ref`
POST `/servicePrincipals/{id}/owners/$ref`
POST `/serviceprincipals/{id}/removeKey`
POST `/servicePrincipals/{id}/removePassword`
POST `/servicePrincipals/{id}/synchronization/jobs/`
POST `/servicePrincipals/{id}/synchronization/jobs/{id}/schema/parseExpression`
POST `/servicePrincipals/{id}/synchronization/jobs/{id}/validateCredentials`
POST `/servicePrincipals/{id}/synchronization/jobs/{jobId}/pause`
POST `/servicePrincipals/{id}/synchronization/jobs/{jobId}/schema/directories/{directoryId}/discover`
POST `/servicePrincipals/{id}/synchronization/jobs/{jobId}/start`
POST `/servicePrincipals/{id}/synchronization/templates/{id}/schema/parseExpression`
POST `/servicePrincipals/{id}/tokenLifetimePolicies/$ref`
POST `/servicePrincipals/{servicePrincipalId}/synchronization/jobs/{jobId}/restart`
POST `/servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration/targetDeviceGroups`
POST `/servicePrincipals/{servicePrincipalsId}/synchronization/acquireAccessToken`
POST `/servicePrincipals/{servicePrincipalsId}/synchronization/jobs/{synchronizationJobId}/provisionOnDemand`
PATCH `/applications(appId='{appId}')`
PATCH `/applications(appId='{appId}')/federatedIdentityCredentials(name='{name}')`
PATCH `/applications(appId='{appId}')/federatedIdentityCredentials/{federatedIdentityCredentialId}`
PATCH `/applications(appId='{appId}')/federatedIdentityCredentials/{federatedIdentityCredentialName}`
PATCH `/applications(uniqueName='{uniqueName}')`
PATCH `/applications/{applicationObjectId}`
PATCH `/applications/{applicationObjectId}/onPremisesPublishing/segmentsConfiguration/microsoft.graph.ipSegmentConfiguration/applicationSegments/{ipApplicationSegmentID}`
PATCH `/applications/{id}/federatedIdentityCredentials(name='{name}')`
PATCH `/applications/{id}/federatedIdentityCredentials/{federatedIdentityCredentialId}`
PATCH `/applications/{id}/federatedIdentityCredentials/{federatedIdentityCredentialName}`
PATCH `/applications/{id}/synchronization/templates/{templateId}`
PATCH `/servicePrincipals(appId='{appId}')`
PATCH `/servicePrincipals(appId='appId')`
PATCH `/servicePrincipals/{id}`
PATCH `/servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration/targetDeviceGroups/{targetDeviceGroupId}`
PUT `/applications/{id}/synchronization/templates/{templateId}/schema`
PUT `/servicePrincipals/{id}/synchronization/jobs/{jobId}/schema`
PUT `/servicePrincipals/{id}/synchronization/secrets`
DELETE `/applications(appId='{appId}')`
DELETE `/applications(appId='{appId}')/extensionProperties/{extensionPropertyId}`
DELETE `/applications(appId='{appId}')/federatedIdentityCredentials/{federatedIdentityCredentialId}`
DELETE `/applications(appId='{appId}')/federatedIdentityCredentials/{federatedIdentityCredentialName}`
DELETE `/applications(appId='{appId}')/owners/{id}/$ref`
DELETE `/applications(appId='{appId}')/tokenLifetimePolicies/{tokenLifetimePolicyId}/$ref`
DELETE `/applications/{application ObjectId}/extensionProperties/{extensionPropertyId}`
DELETE `/applications/{applicationObjectId}`
DELETE `/applications/{applicationObjectId}/onPremisesPublishing/segmentsConfiguration/microsoft.graph.ipSegmentConfiguration/applicationSegments/{ipApplicationSegmentID}`
DELETE `/applications/{applicationObjectId}/tokenLifetimePolicies/{tokenLifetimePolicyId}/$ref`
DELETE `/applications/{id}/federatedIdentityCredentials/{federatedIdentityCredentialId}`
DELETE `/applications/{id}/federatedIdentityCredentials/{federatedIdentityCredentialName}`
DELETE `/applications/{id}/owners/{id}/$ref`
DELETE `/applications/{id}/synchronization/templates/{templateId}/schema`
DELETE `/applications/{id}/tokenIssuancePolicies/{id}/$ref`
DELETE `/directory/deleteditems/{id}`
DELETE `/servicePrincipals(appId='{appId}')`
DELETE `/servicePrincipals(appId='{appId}')/claimsMappingPolicies/{id}/$ref`
DELETE `/servicePrincipals(appId='{appId}')/homeRealmDiscoveryPolicies/{policyId}/$ref`
DELETE `/servicePrincipals(appId='{appId}')/tokenLifetimePolicies/{tokenLifetimePolicyId}/$ref`
DELETE `/servicePrincipals/{id}`
DELETE `/servicePrincipals/{id}/claimsMappingPolicies/{id}/$ref`
DELETE `/servicePrincipals/{id}/homeRealmDiscoveryPolicies/{policyId}/$ref`
DELETE `/servicePrincipals/{id}/owners/{id}/$ref`
DELETE `/servicePrincipals/{id}/synchronization/jobs/{jobId}/`
DELETE `/servicePrincipals/{id}/synchronization/jobs/{jobId}/schema`
DELETE `/servicePrincipals/{servicePrincipalObjectId}/tokenLifetimePolicies/{tokenLifetimePolicyId}/$ref`
DELETE `/servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration/targetDeviceGroups/{targetDeviceGroupId}/$ref`

Commands
`Add-MgApplicationKey`
`Add-MgApplicationPassword`
`Add-MgServicePrincipalKey`
`Add-MgServicePrincipalPassword`
`Add-MgServicePrincipalTokenSigningCertificate`
`Find-MgServicePrincipalSynchronizationJobSchemaDirectory`
`Get-MgApplication`
`Get-MgApplicationByAppId`
`Get-MgApplicationDelta`
`Get-MgApplicationExtensionProperty`
`Get-MgApplicationFederatedIdentityCredential`
`Get-MgApplicationOwner`
`Get-MgApplicationSynchronizationAccessToken`
`Get-MgApplicationSynchronizationTemplate`
`Get-MgApplicationTokenIssuancePolicy`
`Get-MgApplicationTokenLifetimePolicy`
`Get-MgServicePrincipal`
`Get-MgServicePrincipalAppRoleAssignedTo`
`Get-MgServicePrincipalAppRoleAssignment`
`Get-MgServicePrincipalClaimMappingPolicy`
`Get-MgServicePrincipalCreatedObject`
`Get-MgServicePrincipalDelegatedPermissionClassification`
`Get-MgServicePrincipalDelta`
`Get-MgServicePrincipalHomeRealmDiscoveryPolicy`
`Get-MgServicePrincipalMemberOf`
`Get-MgServicePrincipalOwnedObject`
`Get-MgServicePrincipalOwner`
`Get-MgServicePrincipalRemoteDesktopSecurityConfiguration`
`Get-MgServicePrincipalRemoteDesktopSecurityConfigurationTargetDeviceGroup`
`Get-MgServicePrincipalSynchronizationJob`
`Get-MgServicePrincipalSynchronizationJobSchema`
`Get-MgServicePrincipalSynchronizationTemplate`
`Get-MgServicePrincipalTokenLifetimePolicy`
`Invoke-MgFilterServicePrincipalSynchronizationJobSchemaOperator`
`Invoke-MgFunctionServicePrincipalSynchronizationJobSchema`
`Invoke-MgInstantiateApplicationTemplate`
`Invoke-MgParseApplicationSynchronizationJobSchemaExpression`
`Invoke-MgParseApplicationSynchronizationTemplateSchemaExpression`
`Invoke-MgParseServicePrincipalSynchronizationJobSchemaExpression`
`Invoke-MgParseServicePrincipalSynchronizationTemplateSchemaExpression`
`New-MgApplication`
`New-MgApplicationExtensionProperty`
`New-MgApplicationFederatedIdentityCredential`
`New-MgApplicationOwnerByRef`
`New-MgApplicationTokenIssuancePolicyByRef`
`New-MgApplicationTokenLifetimePolicyByRef`
`New-MgServicePrincipal`
`New-MgServicePrincipalClaimMappingPolicyByRef`
`New-MgServicePrincipalHomeRealmDiscoveryPolicyByRef`
`New-MgServicePrincipalOwnerByRef`
`New-MgServicePrincipalRemoteDesktopSecurityConfigurationTargetDeviceGroup`
`New-MgServicePrincipalSynchronizationJob`
`New-MgServicePrincipalSynchronizationJobOnDemand`
`New-MgServicePrincipalTokenLifetimePolicyByRef`
`Remove-MgApplication`
`Remove-MgApplicationExtensionProperty`
`Remove-MgApplicationFederatedIdentityCredential`
`Remove-MgApplicationKey`
`Remove-MgApplicationOwnerDirectoryObjectByRef`
`Remove-MgApplicationPassword`
`Remove-MgApplicationSynchronizationTemplateSchema`
`Remove-MgApplicationTokenIssuancePolicyTokenIssuancePolicyByRef`
`Remove-MgApplicationTokenLifetimePolicyTokenLifetimePolicyByRef`
`Remove-MgDirectoryDeletedItem`
`Remove-MgServicePrincipal`
`Remove-MgServicePrincipalClaimMappingPolicyClaimMappingPolicyByRef`
`Remove-MgServicePrincipalHomeRealmDiscoveryPolicyHomeRealmDiscoveryPolicyByRef`
`Remove-MgServicePrincipalKey`
`Remove-MgServicePrincipalOwnerDirectoryObjectByRef`
`Remove-MgServicePrincipalPassword`
`Remove-MgServicePrincipalRemoteDesktopSecurityConfigurationTargetDeviceGroup`
`Remove-MgServicePrincipalSynchronizationJob`
`Remove-MgServicePrincipalSynchronizationJobSchema`
`Remove-MgServicePrincipalTokenLifetimePolicyTokenLifetimePolicyByRef`
`Restart-MgServicePrincipalSynchronizationJob`
`Restore-MgDirectoryDeletedItem`
`Set-MgServicePrincipalSynchronizationSecret`
`Start-MgServicePrincipalSynchronizationJob`
`Suspend-MgServicePrincipalSynchronizationJob`
`Test-MgApplicationSynchronizationJobCredential`
`Test-MgServicePrincipalSynchronizationJobCredential`
`Update-MgApplication`
`Update-MgApplicationByUniqueName`
`Update-MgApplicationFederatedIdentityCredential`
`Update-MgApplicationFederatedIdentityCredentialByName`
`Update-MgApplicationSynchronizationTemplate`
`Update-MgServicePrincipal`
`Update-MgServicePrincipalByAppId`
`Update-MgServicePrincipalRemoteDesktopSecurityConfigurationTargetDeviceGroup`
`Update-MgServicePrincipalSynchronizationJobSchema`

Commands
`Add-MgBetaApplicationKey`
`Add-MgBetaApplicationPassword`
`Add-MgBetaServicePrincipalTokenSigningCertificate`
`Find-MgBetaServicePrincipalSynchronizationJobSchemaDirectory`
`Get-MgBetaApplication`
`Get-MgBetaApplicationByAppId`
`Get-MgBetaApplicationDelta`
`Get-MgBetaApplicationExtensionProperty`
`Get-MgBetaApplicationFederatedIdentityCredential`
`Get-MgBetaApplicationOwner`
`Get-MgBetaApplicationSynchronizationAccessToken`
`Get-MgBetaApplicationSynchronizationTemplate`
`Get-MgBetaApplicationTokenIssuancePolicy`
`Get-MgBetaApplicationTokenLifetimePolicy`
`Get-MgBetaServicePrincipal`
`Get-MgBetaServicePrincipalAppRoleAssignedTo`
`Get-MgBetaServicePrincipalAppRoleAssignment`
`Get-MgBetaServicePrincipalClaimMappingPolicy`
`Get-MgBetaServicePrincipalCreatedObject`
`Get-MgBetaServicePrincipalDelegatedPermissionClassification`
`Get-MgBetaServicePrincipalDelta`
`Get-MgBetaServicePrincipalHomeRealmDiscoveryPolicy`
`Get-MgBetaServicePrincipalMemberOf`
`Get-MgBetaServicePrincipalOwnedObject`
`Get-MgBetaServicePrincipalOwner`
`Get-MgBetaServicePrincipalPasswordSingleSignOnCredential`
`Get-MgBetaServicePrincipalRemoteDesktopSecurityConfiguration`
`Get-MgBetaServicePrincipalRemoteDesktopSecurityConfigurationTargetDeviceGroup`
`Get-MgBetaServicePrincipalSynchronizationJob`
`Get-MgBetaServicePrincipalSynchronizationJobSchema`
`Get-MgBetaServicePrincipalSynchronizationTemplate`
`Get-MgBetaServicePrincipalTokenLifetimePolicy`
`Invoke-MgBetaFilterServicePrincipalSynchronizationJobSchemaOperator`
`Invoke-MgBetaFunctionServicePrincipalSynchronizationJobSchema`
`Invoke-MgBetaInstantiateApplicationTemplate`
`Invoke-MgBetaParseApplicationSynchronizationJobSchemaExpression`
`Invoke-MgBetaParseApplicationSynchronizationTemplateSchemaExpression`
`Invoke-MgBetaParseServicePrincipalSynchronizationJobSchemaExpression`
`Invoke-MgBetaParseServicePrincipalSynchronizationTemplateSchemaExpression`
`New-MgBetaApplication`
`New-MgBetaApplicationExtensionProperty`
`New-MgBetaApplicationFederatedIdentityCredential`
`New-MgBetaApplicationOwnerByRef`
`New-MgBetaApplicationTokenIssuancePolicyByRef`
`New-MgBetaApplicationTokenLifetimePolicyByRef`
`New-MgBetaServicePrincipal`
`New-MgBetaServicePrincipalClaimMappingPolicyByRef`
`New-MgBetaServicePrincipalHomeRealmDiscoveryPolicyByRef`
`New-MgBetaServicePrincipalOwnerByRef`
`New-MgBetaServicePrincipalRemoteDesktopSecurityConfigurationTargetDeviceGroup`
`New-MgBetaServicePrincipalSynchronizationJob`
`New-MgBetaServicePrincipalSynchronizationJobOnDemand`
`New-MgBetaServicePrincipalTokenLifetimePolicyByRef`
`Remove-MgBetaApplication`
`Remove-MgBetaApplicationExtensionProperty`
`Remove-MgBetaApplicationFederatedIdentityCredential`
`Remove-MgBetaApplicationKey`
`Remove-MgBetaApplicationOwnerDirectoryObjectByRef`
`Remove-MgBetaApplicationPassword`
`Remove-MgBetaApplicationSynchronizationTemplateSchema`
`Remove-MgBetaApplicationTokenIssuancePolicyTokenIssuancePolicyByRef`
`Remove-MgBetaApplicationTokenLifetimePolicyTokenLifetimePolicyByRef`
`Remove-MgBetaDirectoryDeletedItem`
`Remove-MgBetaServicePrincipal`
`Remove-MgBetaServicePrincipalClaimMappingPolicyClaimMappingPolicyByRef`
`Remove-MgBetaServicePrincipalHomeRealmDiscoveryPolicyHomeRealmDiscoveryPolicyByRef`
`Remove-MgBetaServicePrincipalRemoteDesktopSecurityConfigurationTargetDeviceGroup`
`Remove-MgBetaServicePrincipalSynchronizationJob`
`Remove-MgBetaServicePrincipalSynchronizationJobSchema`
`Remove-MgBetaServicePrincipalTokenLifetimePolicyTokenLifetimePolicyByRef`
`Remove-MgServicePrincipalOwnerDirectoryObjectByRef`
`Restart-MgBetaServicePrincipalSynchronizationJob`
`Restore-MgBetaDirectoryDeletedItem`
`Set-MgBetaServicePrincipalSynchronizationSecret`
`Start-MgBetaServicePrincipalSynchronizationJob`
`Suspend-MgBetaServicePrincipalSynchronizationJob`
`Test-MgBetaServicePrincipalSynchronizationJobCredential`
`Update-MgBetaApplication`
`Update-MgBetaApplicationByUniqueName`
`Update-MgBetaApplicationFederatedIdentityCredential`
`Update-MgBetaApplicationFederatedIdentityCredentialByName`
`Update-MgBetaApplicationSynchronizationTemplate`
`Update-MgBetaServicePrincipal`
`Update-MgBetaServicePrincipalByAppId`
`Update-MgBetaServicePrincipalRemoteDesktopSecurityConfigurationTargetDeviceGroup`
`Update-MgBetaServicePrincipalSynchronizationJobSchema`

Code Examples

C# / .NET SDK

// Install: dotnet add package Microsoft.Graph
// Install: dotnet add package Azure.Identity
using Microsoft.Graph;
using Azure.Identity;



// Application permissions - daemon/service app
var tenantId = "YOUR_TENANT_ID";
var clientId = "YOUR_CLIENT_ID";
var clientSecret = "YOUR_CLIENT_SECRET";

var credential = new ClientSecretCredential(tenantId, clientId, clientSecret);
var graphClient = new GraphServiceClient(credential);

// Example: GET /users/{user-id}
var users = await graphClient.Users.GetAsync();
foreach (var user in users?.Value ?? [])
{
    Console.WriteLine($"User: {user.DisplayName}");
}

JavaScript / TypeScript

// npm install @azure/msal-browser @microsoft/microsoft-graph-client
import { PublicClientApplication } from "@azure/msal-browser";
import { Client } from "@microsoft/microsoft-graph-client";
import { AuthCodeMSALBrowserAuthenticationProvider } from 
    "@microsoft/microsoft-graph-client/authProviders/authCodeMsalBrowser";

const msalConfig = {
    auth: {
        clientId: "YOUR_CLIENT_ID",
        authority: "https://login.microsoftonline.com/YOUR_TENANT_ID"
    }
};

const pca = new PublicClientApplication(msalConfig);
await pca.initialize();



// Application: Use client credentials (Node.js backend only)
// npm install @azure/identity @microsoft/microsoft-graph-client
import { ClientSecretCredential } from "@azure/identity";
import { TokenCredentialAuthenticationProvider } from 
    "@microsoft/microsoft-graph-client/authProviders/azureTokenCredentials";

const credential = new ClientSecretCredential(
    "YOUR_TENANT_ID",
    "YOUR_CLIENT_ID", 
    "YOUR_CLIENT_SECRET"
);

const authProvider = new TokenCredentialAuthenticationProvider(credential, {
    scopes: ["https://graph.microsoft.com/.default"]
});

const graphClient = Client.initWithMiddleware({ authProvider });
const result = await graphClient.api("/users").get();
console.log(result);

PowerShell

# Install Microsoft Graph PowerShell module
Install-Module Microsoft.Graph -Scope CurrentUser



# Application access with certificate
$params = @{
    ClientId = "YOUR_CLIENT_ID"
    TenantId = "YOUR_TENANT_ID"
    CertificateThumbprint = "YOUR_CERT_THUMBPRINT"
}
Connect-MgGraph @params

# Or with client secret (not recommended for production)
# Connect-MgGraph -ClientSecretCredential $credential

# Example: GET /users
$result = Invoke-MgGraphRequest -Method GET -Uri "https://graph.microsoft.com/v1.0/users"
$result | ConvertTo-Json -Depth 5

# Always disconnect when done
Disconnect-MgGraph

Python

# pip install msgraph-sdk azure-identity
from azure.identity import InteractiveBrowserCredential, ClientSecretCredential
from msgraph import GraphServiceClient
import asyncio



# Application permissions - client credentials
credential = ClientSecretCredential(
    tenant_id="YOUR_TENANT_ID",
    client_id="YOUR_CLIENT_ID",
    client_secret="YOUR_CLIENT_SECRET"
)
scopes = ["https://graph.microsoft.com/.default"]
client = GraphServiceClient(credential, scopes)

async def get_users():
    # Example: GET /users
    result = await client.users.get()
    for user in result.value:
        print(f"User: {user.display_name}")
    return result

asyncio.run(get_users())

App Registration

Navigate to Azure Portal

Go to App registrations in Microsoft Entra admin center

Add API Permission

Select your app → API permissions → Add a permission → Microsoft Graph

Select Permission Type

Choose Application permissions and search for Application.ReadWrite.OwnedBy

Grant Admin Consent

Application permissions always require admin consent. Click "Grant admin consent" in the Azure portal.