ConfigurationMonitoring.ReadWrite.All
Export JSON
Export CSV
Copy URL
Print
ApplicationDelegated
Read/Write
All Resources
Allows the app to read and write all Configuration Monitoring entities, without a signed-in user.
Permission data: May 21, 2026 at 4:34 AM UTC
Delegated Access
App-Only Access
Permission Details
Application Permission
Read and write all Configuration Monitoring entities
Allows the app to read and write all Configuration Monitoring entities, without a signed-in user.
Permission ID:
cfa85bfb-2ee8-4e13-8e7f-489e57a015a1
Delegated Permission
Admin consent required
Read and write all Configuration Monitoring entities
Allows the app to read and write all Configuration Monitoring entities on behalf of the signed-in user.
User sees: Allows the app to read and write all Configuration Monitoring entities on your behalf.
Permission ID:
54505ce9-e719-41f7-a7cc-dbe114e1d811
Properties
Microsoft Graph v1.0
endpoint-derived-docs
Properties is shown from stable Microsoft Graph v1.0 metadata.
| Property | Type | Description |
|---|---|---|
configurationManagement |
object |
A container for Tenant Configuration Management (TCM) resources. Read-only. |
edge |
object |
A container for Microsoft Edge resources. Read-only. |
exchange |
object |
A container for the Exchange admin functionality. Read-only. |
microsoft365Apps |
object |
A container for the Microsoft 365 apps admin functionality. |
people |
object |
Represents a setting to control people-related admin settings in the tenant. |
reportSettings |
object |
A container for administrative resources to manage reports. |
serviceAnnouncement |
object |
A container for service communications resources. Read-only. |
sharepoint |
object |
|
teams |
object |
A container for Teams administration functionalities, such as Teams telephone number management functionalities, user Teams configurations, and policy assignments. |
JSON Representation
Microsoft Graph v1.0
endpoint-derived-docs
JSON representation is shown from stable Microsoft Graph v1.0 metadata.
JSON representation
{
"@odata.type": "#microsoft.graph.admin"
}Relationships
Microsoft Graph v1.0
endpoint-derived-docs
Relationships is shown from stable Microsoft Graph v1.0 metadata.
| Relationship | Type | Description |
|---|---|---|
configurationManagement |
configurationManagement |
A container for Tenant Configuration Management (TCM) resources. Read-only. |
edge |
edge |
A container for Microsoft Edge resources. Read-only. |
exchange |
exchangeAdmin |
A container for the Exchange admin functionality. Read-only. |
microsoft365Apps |
adminMicrosoft365Apps |
A container for the Microsoft 365 apps admin functionality. |
people |
peopleAdminSettings |
Represents a setting to control people-related admin settings in the tenant. |
reportSettings |
adminReportSettings |
A container for administrative resources to manage reports. |
serviceAnnouncement |
serviceAnnouncement |
A container for service communications resources. Read-only. |
sharepointSettings |
sharepointSettings |
A container for administrative resources to manage tenant-level settings for SharePoint and OneDrive. |
teams |
teamsAdministration.teamsAdminRoot |
A container for Teams administration functionalities, such as Teams telephone number management functionalities, user Teams configurations, and policy assignments. |
Graph Methods
Delegated access
App-only access
Exact Microsoft Learn match
Microsoft Graph v1.0 endpoints are mapped directly from refreshed Microsoft Learn permissions tables.
Exact Microsoft Learn match
Microsoft Graph beta endpoints are mapped directly from refreshed Microsoft Learn permissions tables.
Exact Microsoft Learn PowerShell match
Microsoft Graph PowerShell v1.0 commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.
Exact Microsoft Learn PowerShell match
Microsoft Graph PowerShell beta commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.
Code Examples
C# / .NET SDK
Create configurationMonitor
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new ConfigurationMonitor
{
DisplayName = "Demo Monitor",
Description = "This is a Demo Monitor",
Baseline = new ConfigurationBaseline
{
DisplayName = "Demo Baseline",
Description = "This is a baseline with resources SharedMailbox, AcceptedDomain and MailContact",
Resources = new List<BaselineResource>
{
new BaselineResource
{
DisplayName = "TestSharedMailbox Resource",
ResourceType = "microsoft.exchange.sharedmailbox",
Properties = new OpenComplexDictionaryType
{
AdditionalData = new Dictionary<string, object>
{
{
"DisplayName" , "TestSharedMailbox"
},
{
"Alias" , "testSharedMailbox"
},
{
"Identity" , "TestSharedMailbox"
},
{
"Ensure" , "Present"
},
{
"PrimarySmtpAddress" , "[email protected]"
},
{
"EmailAddresses" , new List<string>
{
"[email protected]",
}
},
},
},
},
new BaselineResource
{
DisplayName = "Accepted Domain",
ResourceType = "microsoft.exchange.accepteddomain",
Properties = new OpenComplexDictionaryType
{
AdditionalData = new Dictionary<string, object>
{
{
"Identity" , "contoso.onmicrosoft.com"
},
{
"DomainType" , "InternalRelay"
},
{
"Ensure" , "Present"
},
},
},
},
new BaselineResource
{
DisplayName = "Mail Contact Resource",
ResourceType = "microsoft.exchange.mailcontact",
Properties = new OpenComplexDictionaryType
{
AdditionalData = new Dictionary<string, object>
{
{
"Name" , "Chris"
},
{
"DisplayName" , "Chris"
},
{
"ExternalEmailAddress" , "SMTP:[email protected]"
},
{
"Alias" , "Chrisa"
},
{
"Ensure" , "Present"
},
},
},
},
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Admin.ConfigurationManagement.ConfigurationMonitors.PostAsync(requestBody);
JavaScript
configurationBaseline: createSnapshot
const options = {
authProvider,
};
const client = Client.init(options);
const configurationSnapshotJob = {
displayName: 'Snapshot Demo',
description: 'This is Snapshot Description',
resources: [
'microsoft.exchange.sharedmailbox',
'microsoft.exchange.transportrule'
]
};
await client.api('/admin/configurationManagement/configurationSnapshots/createSnapshot')
.post(configurationSnapshotJob);
PowerShell
Create configurationMonitor
Import-Module Microsoft.Graph.ConfigurationManagement
$params = @{
displayName = "Demo Monitor"
description = "This is a Demo Monitor"
baseline = @{
displayName = "Demo Baseline"
description = "This is a baseline with resources SharedMailbox, AcceptedDomain and MailContact"
resources = @(
@{
displayName = "TestSharedMailbox Resource"
resourceType = "microsoft.exchange.sharedmailbox"
properties = @{
DisplayName = "TestSharedMailbox"
Alias = "testSharedMailbox"
Identity = "TestSharedMailbox"
Ensure = "Present"
PrimarySmtpAddress = "[email protected]"
EmailAddresses = @(
"[email protected]"
)
}
}
@{
displayName = "Accepted Domain"
resourceType = "microsoft.exchange.accepteddomain"
properties = @{
Identity = "contoso.onmicrosoft.com"
DomainType = "InternalRelay"
Ensure = "Present"
}
}
@{
displayName = "Mail Contact Resource"
resourceType = "microsoft.exchange.mailcontact"
properties = @{
Name = "Chris"
DisplayName = "Chris"
ExternalEmailAddress = "SMTP:[email protected]"
Alias = "Chrisa"
Ensure = "Present"
}
}
)
}
}
New-MgAdminConfigurationManagementConfigurationMonitor -BodyParameter $params
Python
Create configurationMonitor
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.configuration_monitor import ConfigurationMonitor
from msgraph.generated.models.configuration_baseline import ConfigurationBaseline
from msgraph.generated.models.baseline_resource import BaselineResource
from msgraph.generated.models.open_complex_dictionary_type import OpenComplexDictionaryType
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = ConfigurationMonitor(
display_name = "Demo Monitor",
description = "This is a Demo Monitor",
baseline = ConfigurationBaseline(
display_name = "Demo Baseline",
description = "This is a baseline with resources SharedMailbox, AcceptedDomain and MailContact",
resources = [
BaselineResource(
display_name = "TestSharedMailbox Resource",
resource_type = "microsoft.exchange.sharedmailbox",
properties = OpenComplexDictionaryType(
additional_data = {
"display_name" : "TestSharedMailbox",
"alias" : "testSharedMailbox",
"identity" : "TestSharedMailbox",
"ensure" : "Present",
"primary_smtp_address" : "[email protected]",
"email_addresses" : [
"[email protected]",
],
}
),
),
BaselineResource(
display_name = "Accepted Domain",
resource_type = "microsoft.exchange.accepteddomain",
properties = OpenComplexDictionaryType(
additional_data = {
"identity" : "contoso.onmicrosoft.com",
"domain_type" : "InternalRelay",
"ensure" : "Present",
}
),
),
BaselineResource(
display_name = "Mail Contact Resource",
resource_type = "microsoft.exchange.mailcontact",
properties = OpenComplexDictionaryType(
additional_data = {
"name" : "Chris",
"display_name" : "Chris",
"external_email_address" : "SMTP:[email protected]",
"alias" : "Chrisa",
"ensure" : "Present",
}
),
),
],
),
)
result = await graph_client.admin.configuration_management.configuration_monitors.post(request_body)App Registration
1
Navigate to Azure Portal
Go to App registrations in Microsoft Entra admin center
2
Add API Permission
Select your app → API permissions → Add a permission → Microsoft Graph
3
Select Permission Type
Choose Application permissions or delegated permissions and search for ConfigurationMonitoring.ReadWrite.All
4
Grant Admin Consent
Application permissions always require admin consent.