OnPremisesPublishingProfiles.ReadWrite.All

Permission Details

Application Permission

Manage on-premises published resources

Allows the app to create, view, update and delete on-premises published resources, on-premises agents and agent groups, as part of a hybrid identity configuration, without a signed in user.

Permission ID: 0b57845e-aa49-4e6f-8109-ce654fffa618

Delegated Permission

Manage on-premises published resources

Allows the app to manage hybrid identity service configuration by creating, viewing, updating and deleting on-premises published resources, on-premises agents and agent groups, on behalf of the signed-in user.

Permission ID: 8c4d5184-71c2-4bf8-bb9d-bc3378c9ad42

Properties

Microsoft Graph beta endpoint-derived-docs

Properties is shown from beta metadata because a stable v1.0 schema is not available for this resource mapping.

Property	Type	Description
`hybridAgentUpdaterConfiguration`	`hybridAgentUpdaterConfiguration`	Represents a hybridAgentUpdaterConfiguration object.
`id`	`String`	Represents a publishing type. The possible values are: applicationProxy, exchangeOnline, authentication, provisioning, adAdministration. Read-only.
`isDefaultAccessEnabled`	`Boolean`Nullable	Specifies whether default access for app proxy is enabled or disabled.
`isEnabled`	`Boolean`Nullable	Represents if Microsoft Entra application proxy is enabled for the tenant.
`agentGroups`	`onPremisesAgentGroup collection`	List of existing onPremisesAgentGroup objects. Read-only. Nullable.
`agents`	`onPremisesAgent collection`	List of existing onPremisesAgent objects. Read-only. Nullable.
`applicationSegments`	`ipApplicationSegment collection`	Represents the segment configurations that are allowed for an on-premises non-web application published through Microsoft Entra application proxy.
`connectorGroups`	`connectorGroup collection`	List of existing connectorGroup objects for applications published through Application Proxy. Read-only. Nullable.
`connectors`	`connector collection`	List of existing connector objects for applications published through Application Proxy. Read-only. Nullable.
`publishedResources`	`publishedResource collection`	List of existing publishedResource objects. Read-only. Nullable.
`sensors`	`privateAccessSensor collection`	A lightweight agent installed on domain controllers that helps secure access and enforce MFA to on-premise resources.

JSON Representation

Microsoft Graph beta endpoint-derived-docs

JSON representation is shown from beta metadata because a stable v1.0 schema is not available for this resource mapping.

JSON representation

{
  "@odata.type": "#microsoft.graph.onPremisesPublishingProfile",
  "id": "String (identifier)",
  "isEnabled": "Boolean",
  "isDefaultAccessEnabled": "Boolean",
  "hybridAgentUpdaterConfiguration": {
    "@odata.type": "microsoft.graph.hybridAgentUpdaterConfiguration"
  }
}

Relationships

Microsoft Graph beta endpoint-derived-docs

Relationships is shown from beta metadata because a stable v1.0 schema is not available for this resource mapping.

Relationship	Type	Description
`agentGroups`	`onPremisesAgentGroup collection`	List of existing onPremisesAgentGroup objects. Read-only. Nullable.
`agents`	`onPremisesAgent collection`	List of existing onPremisesAgent objects. Read-only. Nullable.
`applicationSegments`	`ipApplicationSegment collection`	Represents the segment configurations that are allowed for an on-premises non-web application published through Microsoft Entra application proxy.
`connectorGroups`	`connectorGroup collection`	List of existing connectorGroup objects for applications published through Application Proxy. Read-only. Nullable.
`connectors`	`connector collection`	List of existing connector objects for applications published through Application Proxy. Read-only. Nullable.
`publishedResources`	`publishedResource collection`	List of existing publishedResource objects. Read-only. Nullable.
`sensors`	`privateAccessSensor collection`	A lightweight agent installed on domain controllers that helps secure access and enforce MFA to on-premise resources.

Graph Methods

Delegated access App-only access

Exact Microsoft Learn match

Microsoft Graph v1.0 endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

No API methods available for this version.

Exact Microsoft Learn match

Microsoft Graph beta endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

Methods
GET `/onPremisesPublishingProfiles/{profile-id}/publishedResources`
GET `/onPremisesPublishingProfiles/{profile-id}/publishedResources/{resource-id}`
GET `/onPremisesPublishingProfiles/privateAccess/sensors`
GET `/onPremisesPublishingProfiles/privateAccess/sensors/{privateAccessSensorId}`
POST `/onPremisesPublishingProfiles/{profile-id}/publishedResources`
POST `/onPremisesPublishingProfiles/{profile-id}/publishedResources/{resource-id}/agentGroups/$ref`
PATCH `/onPremisesPublishingProfiles/{profile-id}/publishedResources/{resource-id}`
DELETE `/onPremisesPublishingProfiles/{profile-id}/publishedResources/{resource-id}/agentGroups/{agentGroup-id}/$ref`

Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell v1.0 commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

No deterministic PowerShell command map is available for this permission.

Browse PowerShell docs

Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell beta commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

Commands
`Get-MgBetaOnPremisePublishingProfilePublishedResource` /onPremisesPublishingProfiles/{profile-id}/publishedResources List publishedResources
`Get-MgBetaOnPremisePublishingProfilePublishedResource` /onPremisesPublishingProfiles/{profile-id}/publishedResources/{resource-id} Get publishedResource
`Get-MgBetaOnPremisePublishingProfileSensor` /onPremisesPublishingProfiles/privateAccess/sensors List privateAccessSensor objects
`Get-MgBetaOnPremisePublishingProfileSensor` /onPremisesPublishingProfiles/privateAccess/sensors/{privateAccessSensorId} Get privateAccessSensor
`New-MgBetaOnPremisePublishingProfilePublishedResource` /onPremisesPublishingProfiles/{profile-id}/publishedResources Create publishedResource
`New-MgBetaOnPremisePublishingProfilePublishedResourceAgentGroupByRef` /onPremisesPublishingProfiles/{profile-id}/publishedResources/{resource-id}/agentGroups/$ref Assign publishedResource to onPremisesAgentGroup
`Remove-MgBetaOnPremisePublishingProfilePublishedResourceAgentGroupOnPremiseAgentGroupByRef` /onPremisesPublishingProfiles/{profile-id}/publishedResources/{resource-id}/agentGroups/{agentGroup-id}/$ref Delete publishedResource
`Remove-MgBetaOnPremisePublishingProfilePublishedResourceAgentGroupOnPremiseAgentGroupByRef` /onPremisesPublishingProfiles/{profile-id}/publishedResources/{resource-id}/agentGroups/{agentGroup-id}/$ref Remove publishedResource from an onPremisesAgentGroup
`Update-MgBetaOnPremisePublishingProfilePublishedResource` /onPremisesPublishingProfiles/{profile-id}/publishedResources/{resource-id} Update publishedResource

Code Examples

C# / .NET SDK

Assign publishedResource to onPremisesAgentGroup

View official example on Microsoft Learn

// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Beta.Models;

var requestBody = new ReferenceCreate
{
	OdataId = "https://graph.microsoft.com/beta/onPremisesPublishingProfiles/provisioning/agentGroups/2B032383-897C-42BA-917E-700B6890BDC3/",
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
await graphClient.OnPremisesPublishingProfiles["{onPremisesPublishingProfile-id}"].PublishedResources["{publishedResource-id}"].AgentGroups.Ref.PostAsync(requestBody);

JavaScript

Assign publishedResource to onPremisesAgentGroup

View official example on Microsoft Learn

const options = {
	authProvider,
};

const client = Client.init(options);

const onPremisesAgentGroup = {
 '@odata.id': 'https://graph.microsoft.com/beta/onPremisesPublishingProfiles/provisioning/agentGroups/2B032383-897C-42BA-917E-700B6890BDC3/'
};

await client.api('/onPremisesPublishingProfiles/provisioning/publishedResources/1234b780-965f-4149-85c5-a8c73e58b67d/agentGroups/$ref')
	.version('beta')
	.post(onPremisesAgentGroup);

PowerShell

Assign publishedResource to onPremisesAgentGroup

View official example on Microsoft Learn

Import-Module Microsoft.Graph.Beta.Applications

$params = @{
	"@odata.id" = "https://graph.microsoft.com/beta/onPremisesPublishingProfiles/provisioning/agentGroups/2B032383-897C-42BA-917E-700B6890BDC3/"
}

New-MgBetaOnPremisePublishingProfilePublishedResourceAgentGroupByRef -OnPremisesPublishingProfileId $onPremisesPublishingProfileId -PublishedResourceId $publishedResourceId -BodyParameter $params

Python

Assign publishedResource to onPremisesAgentGroup

View official example on Microsoft Learn

# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.reference_create import ReferenceCreate
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = ReferenceCreate(
	odata_id = "https://graph.microsoft.com/beta/onPremisesPublishingProfiles/provisioning/agentGroups/2B032383-897C-42BA-917E-700B6890BDC3/",
)

await graph_client.on_premises_publishing_profiles.by_on_premises_publishing_profile_id('onPremisesPublishingProfile-id').published_resources.by_published_resource_id('publishedResource-id').agent_groups.ref.post(request_body)

App Registration

1

Navigate to Azure Portal

Go to App registrations in Microsoft Entra admin center

2

Add API Permission

Select your app → API permissions → Add a permission → Microsoft Graph

3

Select Permission Type

Choose Application permissions or delegated permissions and search for OnPremisesPublishingProfiles.ReadWrite.All

4

Grant Admin Consent

Application permissions always require admin consent.