Policy.Read.All | Graph Permissions

Permission Details

Application Permission

Read your organization's policies

Allows the app to read all your organization's policies without a signed in user.

Permission ID: 246dd0d5-5bd0-4def-940b-0421030a5b68

Delegated Permission

Read your organization's policies

Allows the app to read your organization's policies on behalf of the signed-in user.

Permission ID: 572fea84-0151-49b2-9301-11cb16974376

Properties

Microsoft Graph v1.0 mapped-docs

Properties is shown from stable Microsoft Graph v1.0 metadata.

Property	Type	Description
`id`	`String`	Unique identifier of the policy. Inherited from entity.
`activityBasedTimeoutPolicies`	`activityBasedTimeoutPolicy collection`	The policy that controls the idle time out for web sessions for applications.
`adminConsentRequestPolicy`	`object`	The policy by which consent requests are created and managed for the entire tenant.
`appManagementPolicies`	`appManagementPolicy collection`	The policies that enforce app management restrictions for specific applications and service principals, overriding the defaultAppManagementPolicy.
`authenticationFlowsPolicy`	`object`	The policy configuration of the self-service sign-up experience of external users.
`authenticationMethodsPolicy`	`object`	The authentication methods and the users that are allowed to use them to sign in and perform multifactor authentication (MFA) in Microsoft Entra ID.
`authenticationStrengthPolicies`	`authenticationStrengthPolicy collection`	The authentication method combinations that are to be used in scenarios defined by Microsoft Entra Conditional Access.
`authorizationPolicy`	`object`	The policy that controls Microsoft Entra authorization settings.
`claimsMappingPolicies`	`claimsMappingPolicy collection`	The claim-mapping policies for WS-Fed, SAML, OAuth 2.0, and OpenID Connect protocols, for tokens issued to a specific application.
`conditionalAccessPolicies`	`conditionalAccessPolicy collection`	The custom rules that define an access scenario.
`crossTenantAccessPolicy`	`object`	The custom rules that define an access scenario when interacting with external Microsoft Entra tenants.
`defaultAppManagementPolicy`	`object`	The tenant-wide policy that enforces app management restrictions for all applications and service principals.
`deviceRegistrationPolicy`	`object`
`featureRolloutPolicies`	`featureRolloutPolicy collection`	The feature rollout policy associated with a directory object.
`homeRealmDiscoveryPolicies`	`homeRealmDiscoveryPolicy collection`	The policy to control Microsoft Entra authentication behavior for federated users.

Showing 15 of 21 properties.

JSON Representation

Microsoft Graph v1.0 mapped-docs

JSON representation is shown from stable Microsoft Graph v1.0 metadata.

JSON representation

{
  "@odata.type": "#microsoft.graph.policyRoot",
  "id": "String (identifier)"
}

Relationships

Microsoft Graph v1.0 mapped-docs

Relationships is shown from stable Microsoft Graph v1.0 metadata.

Relationship	Type	Description
`activityBasedTimeoutPolicies`	`activityBasedTimeoutPolicy collection`	The policy that controls the idle time out for web sessions for applications.
`adminConsentRequestPolicy`	`adminConsentRequestPolicy`	The policy by which consent requests are created and managed for the entire tenant.
`appManagementPolicies`	`appManagementPolicy collection`	The policies that enforce app management restrictions for specific applications and service principals, overriding the defaultAppManagementPolicy.
`authenticationFlowsPolicy`	`authenticationFlowsPolicy`	The policy configuration of the self-service sign-up experience of external users.
`authenticationMethodsPolicy`	`authenticationMethodsPolicy`	The authentication methods and the users that are allowed to use them to sign in and perform multifactor authentication (MFA) in Microsoft Entra ID.
`authenticationStrengthPolicies`	`authenticationStrengthPolicy collection`	The authentication method combinations that are to be used in scenarios defined by Microsoft Entra Conditional Access.
`authorizationPolicy`	`authorizationPolicy collection`	The policy that controls Microsoft Entra authorization settings.
`claimsMappingPolicies`	`claimsMappingPolicy collection`	The claim-mapping policies for WS-Fed, SAML, OAuth 2.0, and OpenID Connect protocols, for tokens issued to a specific application.
`conditionalAccessPolicies`	`conditionalAccessPolicy`	The custom rules that define an access scenario.
`crossTenantAccessPolicy`	`crossTenantAccessPolicy`	The custom rules that define an access scenario when interacting with external Microsoft Entra tenants.
`defaultAppManagementPolicy`	`tenantAppManagementPolicy`	The tenant-wide policy that enforces app management restrictions for all applications and service principals.
`featureRolloutPolicies`	`featureRolloutPolicy collection`	The feature rollout policy associated with a directory object.
`homeRealmDiscoveryPolicies`	`homeRealmDiscoveryPolicy collection`	The policy to control Microsoft Entra authentication behavior for federated users.
`identitySecurityDefaultsEnforcementPolicy`	`identitySecurityDefaultsEnforcementPolicy`	The policy that represents the security defaults that protect against common attacks.
`permissionGrantPolicies`	`permissionGrantPolicy collection`	The policy that specifies the conditions under which consent can be granted.
`roleManagementPolicies`	`unifiedRoleManagementPolicy collection`	Specifies the various policies associated with scopes and roles.
`roleManagementPolicyAssignments`	`unifiedRoleManagementPolicyAssignment collection`	The assignment of a role management policy to a role definition object.
`tokenIssuancePolicies`	`tokenIssuancePolicy collection`	The policy that specifies the characteristics of SAML tokens issued by Microsoft Entra ID.
`tokenLifetimePolicies`	`tokenLifetimePolicy collection`	The policy that controls the lifetime of a JWT access token, an ID token, or a SAML 1.1/2.0 token issued by Microsoft Entra ID.
`b2bManagementPolicies`	`b2bManagementPolicy collection`	The policy to manage Microsoft Entra B2B features in Microsoft Entra External ID for workforce tenants.
`mobileAppManagementPolicies`	`mobileAppManagementPolicy collection`	The policy that defines autoenrollment configuration for a mobility management (MDM or MAM) application.
`mobileDeviceManagementPolicies`	`mobileDeviceManagementPolicy collection`	Related mobileDeviceManagementPolicies data exposed by this resource.
`onPremAuthenticationPolicies`	`onPremAuthenticationPolicy collection`	The policy that controls how authentication requests from on-premises environments are managed.
`permissionGrantPreApprovalPolicies`	`permissionGrantPreApprovalPolicy collection`	Policies that specify the conditions under which consent can be granted to a specific application.
`servicePrincipalCreationPolicies`	`servicePrincipalCreationPolicy collection`	Related servicePrincipalCreationPolicies data exposed by this resource.

Graph Methods

Delegated access App-only access

Exact Microsoft Learn match

Microsoft Graph v1.0 endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

Methods
GET `/applications(appId='{appId}')/tokenIssuancePolicies`
GET `/applications(appId='{appId}')/tokenLifetimePolicies`
GET `/applications/{id}/tokenIssuancePolicies`
GET `/applications/{id}/tokenLifetimePolicies`
GET `/identity/conditionalAccess/authenticationStrength/authenticationMethodModes`
GET `/identity/conditionalAccess/authenticationStrength/authenticationMethodModes/{authenticationMethodModeDetailId}`
GET `/identity/conditionalAccess/authenticationStrength/combinations`
GET `/identity/conditionalAccess/authenticationStrength/policies/{authenticationStrengthPolicyId}/combinationConfigurations`
GET `/identity/conditionalAccess/authenticationStrength/policies/{authenticationStrengthPolicyId}/combinationConfigurations/{authenticationCombinationConfigurationId}`
GET `/identity/conditionalAccess/namedLocations`
GET `/identity/conditionalAccess/namedLocations/{id}`
GET `/identity/conditionalAccess/policies`
GET `/identity/conditionalAccess/policies/{id}`
GET `/identity/conditionalAccess/templates`
GET `/identity/conditionalAccess/templates/{id}`
GET `/policies/activityBasedTimeoutPolicies`
GET `/policies/activityBasedTimeoutPolicies/{id}`
GET `/policies/adminConsentRequestPolicy`
GET `/policies/appManagementPolicies`
GET `/policies/appManagementPolicies/{id}`
GET `/policies/appManagementPolicies/{id}/appliesTo`
GET `/policies/authenticationFlowsPolicy`
GET `/policies/authenticationMethodsPolicy`
GET `/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/{id}`
GET `/policies/authenticationStrengthPolicies`
GET `/policies/authenticationStrengthPolicies/{authenticationStrengthPolicyId}`
GET `/policies/authenticationStrengthPolicies/{authenticationStrengthPolicyId}/usage`
GET `/policies/authorizationPolicy`
GET `/policies/claimsMappingPolicies`
GET `/policies/claimsMappingPolicies/{id}`
GET `/policies/claimsMappingPolicies/{id}/appliesTo`
GET `/policies/crossTenantAccessPolicy`
GET `/policies/crossTenantAccessPolicy/default`
GET `/policies/crossTenantAccessPolicy/partners`
GET `/policies/crossTenantAccessPolicy/partners/{id}`
GET `/policies/crossTenantAccessPolicy/partners/{id}/identitySynchronization`
GET `/policies/crossTenantAccessPolicy/templates/multiTenantOrganizationIdentitySynchronization`
GET `/policies/crossTenantAccessPolicy/templates/multiTenantOrganizationPartnerConfiguration`
GET `/policies/defaultAppManagementPolicy`
GET `/policies/homeRealmDiscoveryPolicies`
GET `/policies/homeRealmDiscoveryPolicies/{id}`
GET `/policies/homeRealmDiscoveryPolicies/{id}/appliesTo`
GET `/policies/identitySecurityDefaultsEnforcementPolicy`
GET `/policies/tokenIssuancePolicies`
GET `/policies/tokenIssuancePolicies/{id}`
GET `/policies/tokenIssuancePolicies/{id}/appliesTo`
GET `/policies/tokenLifetimePolicies`
GET `/policies/tokenLifetimePolicies/{id}`
GET `/policies/tokenLifetimePolicies/{id}/appliesTo`
GET `/servicePrincipals(appId='{appId}')/claimsMappingPolicies`
GET `/servicePrincipals(appId='{appId}')/homeRealmDiscoveryPolicies`
GET `/servicePrincipals(appId='{appId}')/tokenLifetimePolicies`
GET `/servicePrincipals/{id}/claimsMappingPolicies`
GET `/servicePrincipals/{id}/homeRealmDiscoveryPolicies`
GET `/servicePrincipals/{id}/tokenLifetimePolicies`
POST `/applications(appId='{appId}')/tokenIssuancePolicies/$ref`
POST `/applications(appId='{appId}')/tokenLifetimePolicies/$ref`
POST `/applications/{id}/tokenIssuancePolicies/$ref`
POST `/applications/{id}/tokenLifetimePolicies/$ref`
POST `/identity/conditionalAccess/evaluate`
POST `/identity/conditionalAccess/namedLocations`
POST `/identity/conditionalAccess/policies`
POST `/servicePrincipals(appId='{appId}')/claimsMappingPolicies/$ref`
POST `/servicePrincipals(appId='{appId}')/homeRealmDiscoveryPolicies/$ref`
POST `/servicePrincipals(appId='{appId}')/tokenLifetimePolicies/$ref`
POST `/servicePrincipals/{id}/claimsMappingPolicies/$ref`
POST `/servicePrincipals/{id}/homeRealmDiscoveryPolicies/$ref`
POST `/servicePrincipals/{id}/tokenLifetimePolicies/$ref`
PATCH `/identity/conditionalAccess/namedLocations/{id}`
PATCH `/identity/conditionalAccess/policies/{id}`
PATCH `/policies/identitySecurityDefaultsEnforcementPolicy`
DELETE `/applications(appId='{appId}')/tokenIssuancePolicies/{id}/$ref`
DELETE `/applications(appId='{appId}')/tokenLifetimePolicies/{tokenLifetimePolicyId}/$ref`
DELETE `/applications/{applicationObjectId}/tokenLifetimePolicies/{tokenLifetimePolicyId}/$ref`
DELETE `/applications/{id}/tokenIssuancePolicies/{id}/$ref`
DELETE `/identity/conditionalAccess/namedLocations/{id}`
DELETE `/identity/conditionalAccess/policies/{id}`
DELETE `/servicePrincipals(appId='{appId}')/claimsMappingPolicies/{id}/$ref`
DELETE `/servicePrincipals(appId='{appId}')/homeRealmDiscoveryPolicies/{id}/$ref`
DELETE `/servicePrincipals(appId='{appId}')/tokenLifetimePolicies/{tokenLifetimePolicyId}/$ref`
DELETE `/servicePrincipals/{id}/claimsMappingPolicies/{id}/$ref`
DELETE `/servicePrincipals/{id}/homeRealmDiscoveryPolicies/{id}/$ref`
DELETE `/servicePrincipals/{servicePrincipalObjectId}/tokenLifetimePolicies/{tokenLifetimePolicyId}/$ref`

Exact Microsoft Learn match

Microsoft Graph beta endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

Methods
GET `/applications(appId='{appId}')/tokenIssuancePolicies`
GET `/applications(appId='{appId}')/tokenLifetimePolicies`
GET `/applications/{id}/tokenIssuancePolicies`
GET `/applications/{id}/tokenLifetimePolicies`
GET `/directory/authenticationMethodDevices/hardwareOathDevices`
GET `/directory/authenticationMethodDevices/hardwareOathDevices/{hardwareOathTokenAuthenticationMethodDeviceId}`
GET `/identity/conditionalAccess/authenticationStrength/authenticationMethodModes`
GET `/identity/conditionalAccess/authenticationStrength/authenticationMethodModes/{authenticationMethodModeDetailId}`
GET `/identity/conditionalAccess/authenticationStrength/combinations`
GET `/identity/conditionalAccess/authenticationStrength/policies/{authenticationStrengthPolicyId}/combinationConfigurations`
GET `/identity/conditionalAccess/authenticationStrength/policies/{authenticationStrengthPolicyId}/combinationConfigurations/{authenticationCombinationConfigurationId}`
GET `/identity/conditionalAccess/deletedItems/namedLocations`
GET `/identity/conditionalAccess/deletedItems/namedLocations/{id}`
GET `/identity/conditionalAccess/deletedItems/policies`
GET `/identity/conditionalAccess/deletedItems/policies/{id}`
GET `/identity/conditionalAccess/namedLocations`
GET `/identity/conditionalAccess/namedLocations/{id}`
GET `/identity/conditionalAccess/policies`
GET `/identity/conditionalAccess/policies/{id}`
GET `/identity/conditionalAccess/templates`
GET `/identity/conditionalAccess/templates/{id}`
GET `/identity/continuousAccessEvaluationPolicy`
GET `/identity/events/onSignupStart`
GET `/identity/events/onSignupStart/{id}`
GET `/identityGovernance/accessReviews/policy`
GET `/me/authentication/requirements`
GET `/policies/accessReviewPolicy`
GET `/policies/activityBasedTimeoutPolicies`
GET `/policies/activityBasedTimeoutPolicies/{id}`
GET `/policies/adminConsentRequestPolicy`
GET `/policies/appManagementPolicies`
GET `/policies/appManagementPolicies/{id}`
GET `/policies/appManagementPolicies/{id}/appliesTo`
GET `/policies/authenticationFlowsPolicy`
GET `/policies/authenticationMethodsPolicy`
GET `/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/{id}`
GET `/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/VerifiableCredentials`
GET `/policies/authenticationStrengthPolicies`
GET `/policies/authenticationStrengthPolicies/{authenticationStrengthPolicyId}`
GET `/policies/authenticationStrengthPolicies/{authenticationStrengthPolicyId}/usage`
GET `/policies/authenticationStrengthPolicies/findByMethodMode(authenticationMethodModes={authenticationMethodMode})`
GET `/policies/authorizationPolicy`
GET `/policies/b2cAuthenticationMethodsPolicy`
GET `/policies/claimsMappingPolicies`
GET `/policies/claimsMappingPolicies/{id}`
GET `/policies/claimsMappingPolicies/{id}/appliesTo`
GET `/policies/crossTenantAccessPolicy`
GET `/policies/crossTenantAccessPolicy/default`
GET `/policies/crossTenantAccessPolicy/partners`
GET `/policies/crossTenantAccessPolicy/partners/{id}`
GET `/policies/crossTenantAccessPolicy/partners/{id}/identitySynchronization`
GET `/policies/crossTenantAccessPolicy/templates/multiTenantOrganizationIdentitySynchronization`
GET `/policies/crossTenantAccessPolicy/templates/multiTenantOrganizationPartnerConfiguration`
GET `/policies/defaultAppManagementPolicy`
GET `/policies/deletedItems/crossTenantPartners`
GET `/policies/deletedItems/crossTenantPartners/{id}`
GET `/policies/deletedItems/crossTenantSyncPolicyPartners`
GET `/policies/deletedItems/crossTenantSyncPolicyPartners/{id}`
GET `/policies/deviceRegistrationPolicy`
GET `/policies/externalIdentitiesPolicy`
GET `/policies/homeRealmDiscoveryPolicies`
GET `/policies/homeRealmDiscoveryPolicies/{id}`
GET `/policies/homeRealmDiscoveryPolicies/{id}/appliesTo`
GET `/policies/identitySecurityDefaultsEnforcementPolicy`
GET `/policies/mobileAppManagementPolicies`
GET `/policies/mobileAppManagementPolicies/{id}`
GET `/policies/mobileAppManagementPolicies/{id}/includedGroups`
GET `/policies/mobileDeviceManagementPolicies`
GET `/policies/mobileDeviceManagementPolicies/{id}`
GET `/policies/mobileDeviceManagementPolicies/{id}/includedGroups`
GET `/policies/tokenIssuancePolicies`
GET `/policies/tokenIssuancePolicies/{id}`
GET `/policies/tokenIssuancePolicies/{id}/appliesTo`
GET `/policies/tokenLifetimePolicies`
GET `/policies/tokenLifetimePolicies/{id}`
GET `/policies/tokenLifetimePolicies/{id}/appliesTo`
GET `/servicePrincipals(appId='{appId}')/tokenLifetimePolicies`
GET `/servicePrincipals/{id}/claimsMappingPolicies`
GET `/servicePrincipals/{id}/homeRealmDiscoveryPolicies`
GET `/servicePrincipals/{id}/tokenLifetimePolicies`
GET `/tenantRelationships/managedTenants/conditionalAccessPolicyCoverages`
GET `/tenantRelationships/managedTenants/conditionalAccessPolicyCoverages/{conditionalAccessPolicyCoverageId}`
GET `/trustFramework/policies/`
GET `/trustFramework/policies/{id}/$value`
GET `/users/{id \| userPrincipalName}/authentication/requirements`
GET `/users/{id \| userPrincipalName}/authentication/signInPreferences`
POST `/applications(appId='{appId}')/tokenIssuancePolicies/$ref`
POST `/applications(appId='{appId}')/tokenLifetimePolicies/$ref`
POST `/applications/{id}/tokenIssuancePolicies/$ref`
POST `/applications/{id}/tokenLifetimePolicies/$ref`
POST `/identity/conditionalAccess/evaluate`
POST `/identity/conditionalAccess/namedLocations`
POST `/identity/conditionalAccess/policies`
POST `/servicePrincipals(appId='{appId}')/claimsMappingPolicies/$ref`
POST `/servicePrincipals(appId='{appId}')/homeRealmDiscoveryPolicies/$ref`
POST `/servicePrincipals(appId='{appId}')/tokenLifetimePolicies/$ref`
POST `/servicePrincipals/{id}/claimsMappingPolicies/$ref`
POST `/servicePrincipals/{id}/homeRealmDiscoveryPolicies/$ref`
POST `/servicePrincipals/{id}/tokenLifetimePolicies/$ref`
PATCH `/identity/conditionalAccess/namedLocations/{id}`
PATCH `/identity/conditionalAccess/policies/{id}`
PATCH `/identity/continuousAccessEvaluationPolicy`
PATCH `/policies/identitySecurityDefaultsEnforcementPolicy`
DELETE `/applications(appId='{appId}')/tokenLifetimePolicies/{tokenLifetimePolicyId}/$ref`
DELETE `/applications/{applicationObjectId}/tokenLifetimePolicies/{tokenLifetimePolicyId}/$ref`
DELETE `/applications/{id}/tokenIssuancePolicies/{id}/$ref`
DELETE `/identity/conditionalAccess/namedLocations/{id}`
DELETE `/identity/conditionalAccess/policies/{id}`
DELETE `/servicePrincipals(appId='{appId}')/claimsMappingPolicies/{id}/$ref`
DELETE `/servicePrincipals(appId='{appId}')/homeRealmDiscoveryPolicies/{policyId}/$ref`
DELETE `/servicePrincipals(appId='{appId}')/tokenLifetimePolicies/{tokenLifetimePolicyId}/$ref`
DELETE `/servicePrincipals/{id}/claimsMappingPolicies/{id}/$ref`
DELETE `/servicePrincipals/{id}/homeRealmDiscoveryPolicies/{policyId}/$ref`
DELETE `/servicePrincipals/{servicePrincipalObjectId}/tokenLifetimePolicies/{tokenLifetimePolicyId}/$ref`

Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell v1.0 commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

Commands
`Get-MgApplicationTokenIssuancePolicy` /applications/{id}/tokenIssuancePolicies List assigned tokenIssuancePolicies
`Get-MgApplicationTokenLifetimePolicy` /applications/{id}/tokenLifetimePolicies List assigned tokenLifetimePolicies
`Get-MgIdentityConditionalAccessNamedLocation` /identity/conditionalAccess/namedLocations List namedLocations
`Get-MgIdentityConditionalAccessNamedLocation` /identity/conditionalAccess/namedLocations/{id} Get countryNamedLocation
`Get-MgIdentityConditionalAccessNamedLocation` /identity/conditionalAccess/namedLocations/{id} Get ipNamedLocation
`Get-MgIdentityConditionalAccessNamedLocation` /identity/conditionalAccess/namedLocations/{id} Get namedLocation
`Get-MgIdentityConditionalAccessPolicy` /identity/conditionalAccess/policies List policies
`Get-MgIdentityConditionalAccessPolicy` /identity/conditionalAccess/policies/{id} Get conditionalAccessPolicy
`Get-MgIdentityConditionalAccessTemplate` /identity/conditionalAccess/templates List conditionalAccessTemplates
`Get-MgIdentityConditionalAccessTemplate` /identity/conditionalAccess/templates/{id} Get template
`Get-MgPolicyActivityBasedTimeoutPolicy` /policies/activityBasedTimeoutPolicies List activityBasedTimeoutPolicies
`Get-MgPolicyActivityBasedTimeoutPolicy` /policies/activityBasedTimeoutPolicies/{id} Get activityBasedTimeoutPolicy
`Get-MgPolicyAdminConsentRequestPolicy` /policies/adminConsentRequestPolicy Get adminConsentRequestPolicy
`Get-MgPolicyAppManagementPolicy` /policies/appManagementPolicies List appManagementPolicies
`Get-MgPolicyAppManagementPolicy` /policies/appManagementPolicies/{id} Get appManagementPolicy
`Get-MgPolicyAppManagementPolicyApplyTo` /policies/appManagementPolicies/{id}/appliesTo List appliesTo
`Get-MgPolicyAuthenticationFlowPolicy` /policies/authenticationFlowsPolicy Get authenticationFlowsPolicy
`Get-MgPolicyAuthenticationMethodPolicy` /policies/authenticationMethodsPolicy Get authenticationMethodsPolicy
`Get-MgPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration` /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/{id} Get externalAuthenticationMethodConfiguration
`Get-MgPolicyAuthenticationStrengthPolicy` /policies/authenticationStrengthPolicies List authenticationStrengthPolicies
`Get-MgPolicyAuthenticationStrengthPolicy` /policies/authenticationStrengthPolicies/{authenticationStrengthPolicyId} Get authenticationStrengthPolicy
`Get-MgPolicyAuthorizationPolicy` /policies/authorizationPolicy Get authorizationPolicy
`Get-MgPolicyClaimMappingPolicy` /policies/claimsMappingPolicies List claimsMappingPolicies
`Get-MgPolicyClaimMappingPolicy` /policies/claimsMappingPolicies/{id} Get claimsMappingPolicy
`Get-MgPolicyClaimMappingPolicyApplyTo` /policies/claimsMappingPolicies/{id}/appliesTo List appliesTo
`Get-MgPolicyCrossTenantAccessPolicy` /policies/crossTenantAccessPolicy Get crossTenantAccessPolicy
`Get-MgPolicyCrossTenantAccessPolicyDefault` /policies/crossTenantAccessPolicy/default Get crossTenantAccessPolicyConfigurationDefault
`Get-MgPolicyCrossTenantAccessPolicyPartner` /policies/crossTenantAccessPolicy/partners List partners
`Get-MgPolicyCrossTenantAccessPolicyPartner` /policies/crossTenantAccessPolicy/partners/{id} Get crossTenantAccessPolicyConfigurationPartner
`Get-MgPolicyCrossTenantAccessPolicyPartnerIdentitySynchronization` /policies/crossTenantAccessPolicy/partners/{id}/identitySynchronization Get crossTenantIdentitySyncPolicyPartner
`Get-MgPolicyCrossTenantAccessPolicyTemplateMultiTenantOrganizationIdentitySynchronization` /policies/crossTenantAccessPolicy/templates/multiTenantOrganizationIdentitySynchronization Get multiTenantOrganizationIdentitySyncPolicyTemplate
`Get-MgPolicyCrossTenantAccessPolicyTemplateMultiTenantOrganizationPartnerConfiguration` /policies/crossTenantAccessPolicy/templates/multiTenantOrganizationPartnerConfiguration Get multiTenantOrganizationPartnerConfigurationTemplate
`Get-MgPolicyDefaultAppManagementPolicy` /policies/defaultAppManagementPolicy Get tenantAppManagementPolicy
`Get-MgPolicyHomeRealmDiscoveryPolicy` /policies/homeRealmDiscoveryPolicies List homeRealmDiscoveryPolicies
`Get-MgPolicyHomeRealmDiscoveryPolicy` /policies/homeRealmDiscoveryPolicies/{id} Get homeRealmDiscoveryPolicy
`Get-MgPolicyHomeRealmDiscoveryPolicyApplyTo` /policies/homeRealmDiscoveryPolicies/{id}/appliesTo List appliesTo
`Get-MgPolicyIdentitySecurityDefaultEnforcementPolicy` /policies/identitySecurityDefaultsEnforcementPolicy Get identitySecurityDefaultsEnforcementPolicy
`Get-MgPolicyTokenIssuancePolicy` /policies/tokenIssuancePolicies List tokenIssuancePolicy
`Get-MgPolicyTokenIssuancePolicy` /policies/tokenIssuancePolicies/{id} Get tokenIssuancePolicy
`Get-MgPolicyTokenIssuancePolicyApplyTo` /policies/tokenIssuancePolicies/{id}/appliesTo List appliesTo
`Get-MgPolicyTokenLifetimePolicy` /policies/tokenLifetimePolicies List tokenLifetimePolicies
`Get-MgPolicyTokenLifetimePolicy` /policies/tokenLifetimePolicies/{id} Get tokenLifetimePolicy
`Get-MgPolicyTokenLifetimePolicyApplyTo` /policies/tokenLifetimePolicies/{id}/appliesTo List appliesTo
`Get-MgServicePrincipalClaimMappingPolicy` /servicePrincipals/{id}/claimsMappingPolicies List assigned claimsMappingPolicies
`Get-MgServicePrincipalHomeRealmDiscoveryPolicy` /servicePrincipals/{id}/homeRealmDiscoveryPolicies List assigned homeRealmDiscoveryPolicies
`Get-MgServicePrincipalTokenLifetimePolicy` /servicePrincipals/{id}/tokenLifetimePolicies List assigned tokenLifetimePolicies
`Invoke-MgUsagePolicyAuthenticationStrengthPolicy` /policies/authenticationStrengthPolicies/{authenticationStrengthPolicyId}/usage authenticationStrengthPolicy: usage
`New-MgApplicationTokenIssuancePolicyByRef` /applications/{id}/tokenIssuancePolicies/$ref Assign tokenIssuancePolicy
`New-MgApplicationTokenLifetimePolicyByRef` /applications/{id}/tokenLifetimePolicies/$ref Assign tokenLifetimePolicy
`New-MgIdentityConditionalAccessNamedLocation` /identity/conditionalAccess/namedLocations Create namedLocation
`New-MgIdentityConditionalAccessPolicy` /identity/conditionalAccess/policies Create conditionalAccessPolicy
`New-MgServicePrincipalClaimMappingPolicyByRef` /servicePrincipals/{id}/claimsMappingPolicies/$ref Assign claimsMappingPolicy
`New-MgServicePrincipalHomeRealmDiscoveryPolicyByRef` /servicePrincipals/{id}/homeRealmDiscoveryPolicies/$ref Assign homeRealmDiscoveryPolicy
`New-MgServicePrincipalTokenLifetimePolicyByRef` /servicePrincipals/{id}/tokenLifetimePolicies/$ref Assign tokenLifetimePolicy
`Remove-MgApplicationTokenIssuancePolicyTokenIssuancePolicyByRef` /applications/{id}/tokenIssuancePolicies/{id}/$ref Remove tokenIssuancePolicy
`Remove-MgApplicationTokenLifetimePolicyTokenLifetimePolicyByRef` /applications/{applicationObjectId}/tokenLifetimePolicies/{tokenLifetimePolicyId}/$ref Remove tokenLifetimePolicy
`Remove-MgIdentityConditionalAccessNamedLocation` /identity/conditionalAccess/namedLocations/{id} Delete countryNamedLocation
`Remove-MgIdentityConditionalAccessNamedLocation` /identity/conditionalAccess/namedLocations/{id} Delete ipNamedLocation
`Remove-MgIdentityConditionalAccessNamedLocation` /identity/conditionalAccess/namedLocations/{id} Delete namedLocation
`Remove-MgIdentityConditionalAccessPolicy` /identity/conditionalAccess/policies/{id} Delete conditionalAccessPolicy
`Remove-MgServicePrincipalClaimMappingPolicyClaimMappingPolicyByRef` /servicePrincipals/{id}/claimsMappingPolicies/{id}/$ref Remove claimsMappingPolicy
`Remove-MgServicePrincipalHomeRealmDiscoveryPolicyHomeRealmDiscoveryPolicyByRef` /servicePrincipals/{id}/homeRealmDiscoveryPolicies/{id}/$ref Remove homeRealmDiscoveryPolicy
`Remove-MgServicePrincipalTokenLifetimePolicyTokenLifetimePolicyByRef` /servicePrincipals/{servicePrincipalObjectId}/tokenLifetimePolicies/{tokenLifetimePolicyId}/$ref Remove tokenLifetimePolicies
`Test-MgIdentityConditionalAccess` /identity/conditionalAccess/evaluate What If evaluation
`Update-MgIdentityConditionalAccessNamedLocation` /identity/conditionalAccess/namedLocations/{id} Update countryNamedlocation
`Update-MgIdentityConditionalAccessNamedLocation` /identity/conditionalAccess/namedLocations/{id} Update ipnamedlocation
`Update-MgIdentityConditionalAccessPolicy` /identity/conditionalAccess/policies/{id} Update conditionalaccesspolicy
`Update-MgPolicyIdentitySecurityDefaultEnforcementPolicy` /policies/identitySecurityDefaultsEnforcementPolicy Update identitySecurityDefaultsEnforcementPolicy

Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell beta commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

Commands
`Get-MgBetaApplicationTokenIssuancePolicy` /applications/{id}/tokenIssuancePolicies List assigned tokenIssuancePolicies
`Get-MgBetaApplicationTokenLifetimePolicy` /applications/{id}/tokenLifetimePolicies List assigned tokenLifetimePolicies
`Get-MgBetaDirectoryAuthenticationMethodDeviceHardwareOathDevice` /directory/authenticationMethodDevices/hardwareOathDevices List hardwareOathDevices
`Get-MgBetaDirectoryAuthenticationMethodDeviceHardwareOathDevice` /directory/authenticationMethodDevices/hardwareOathDevices/{hardwareOathTokenAuthenticationMethodDeviceId} Get hardwareOathTokenAuthenticationMethodDevice
`Get-MgBetaIdentityConditionalAccessDeletedItemNamedLocation` /policies/deletedItems/crossTenantPartners List policyDeletableItem objects
`Get-MgBetaIdentityConditionalAccessDeletedItemNamedLocation` /policies/deletedItems/crossTenantPartners/{id} Get policyDeletableItem
`Get-MgBetaIdentityConditionalAccessDeletedItemPolicy` /policies/deletedItems/crossTenantPartners List policyDeletableItem objects
`Get-MgBetaIdentityConditionalAccessDeletedItemPolicy` /policies/deletedItems/crossTenantPartners/{id} Get policyDeletableItem
`Get-MgBetaIdentityConditionalAccessNamedLocation` /identity/conditionalAccess/namedLocations List namedLocations
`Get-MgBetaIdentityConditionalAccessNamedLocation` /identity/conditionalAccess/namedLocations/{id} Get compliantNetworkNamedLocation
`Get-MgBetaIdentityConditionalAccessNamedLocation` /identity/conditionalAccess/namedLocations/{id} Get countryNamedLocation
`Get-MgBetaIdentityConditionalAccessNamedLocation` /identity/conditionalAccess/namedLocations/{id} Get ipNamedLocation
`Get-MgBetaIdentityConditionalAccessNamedLocation` /identity/conditionalAccess/namedLocations/{id} Get namedLocation
`Get-MgBetaIdentityConditionalAccessPolicy` /identity/conditionalAccess/policies List policies
`Get-MgBetaIdentityConditionalAccessPolicy` /identity/conditionalAccess/policies/{id} Get conditionalAccessPolicy
`Get-MgBetaIdentityConditionalAccessTemplate` /identity/conditionalAccess/templates List conditionalAccessTemplates
`Get-MgBetaIdentityConditionalAccessTemplate` /identity/conditionalAccess/templates/{id} Get template
`Get-MgBetaIdentityContinuouAccessEvaluationPolicy` /identity/continuousAccessEvaluationPolicy Get continuousAccessEvaluationPolicy
`Get-MgBetaIdentityGovernanceAccessReviewPolicy` /policies/accessReviewPolicy Get accessReviewPolicy
`Get-MgBetaPolicyAccessReviewPolicy` /policies/accessReviewPolicy Get accessReviewPolicy
`Get-MgBetaPolicyActivityBasedTimeoutPolicy` /policies/activityBasedTimeoutPolicies List activityBasedTimeoutPolicies
`Get-MgBetaPolicyActivityBasedTimeoutPolicy` /policies/activityBasedTimeoutPolicies/{id} Get activityBasedTimeoutPolicy
`Get-MgBetaPolicyAdminConsentRequestPolicy` /policies/adminConsentRequestPolicy Get adminConsentRequestPolicy
`Get-MgBetaPolicyAppManagementPolicy` /policies/appManagementPolicies List appManagementPolicies
`Get-MgBetaPolicyAppManagementPolicy` /policies/appManagementPolicies/{id} Get appManagementPolicy
`Get-MgBetaPolicyAppManagementPolicyApplyTo` /policies/appManagementPolicies/{id}/appliesTo List appliesTo
`Get-MgBetaPolicyAuthenticationFlowPolicy` /policies/authenticationFlowsPolicy Get authenticationFlowsPolicy
`Get-MgBetaPolicyAuthenticationMethodPolicy` /policies/authenticationMethodsPolicy Get authenticationMethodsPolicy
`Get-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration` /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/{id} Get externalAuthenticationMethodConfiguration
`Get-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration` /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/VerifiableCredentials List verifiableCredentialsAuthenticationMethodConfiguration objects
`Get-MgBetaPolicyAuthenticationStrengthPolicy` /policies/authenticationStrengthPolicies List authenticationStrengthPolicies
`Get-MgBetaPolicyAuthenticationStrengthPolicy` /policies/authenticationStrengthPolicies/{authenticationStrengthPolicyId} Get authenticationStrengthPolicy
`Get-MgBetaPolicyAuthenticationStrengthPolicy` /policies/authenticationStrengthPolicies/findByMethodMode(authenticationMethodModes={authenticationMethodMode}) authenticationStrengthPolicy: findByMethodMode (deprecated)
`Get-MgBetaPolicyAuthorizationPolicy` /policies/authorizationPolicy Get authorizationPolicy
`Get-MgBetaPolicyB2CAuthenticationMethodPolicy` /policies/b2cAuthenticationMethodsPolicy Get b2cAuthenticationMethodsPolicy
`Get-MgBetaPolicyClaimMappingPolicy` /policies/claimsMappingPolicies List claimsMappingPolicies
`Get-MgBetaPolicyClaimMappingPolicy` /policies/claimsMappingPolicies/{id} Get claimsMappingPolicy
`Get-MgBetaPolicyClaimMappingPolicyApplyTo` /policies/claimsMappingPolicies/{id}/appliesTo List appliesTo
`Get-MgBetaPolicyCrossTenantAccessPolicy` /policies/crossTenantAccessPolicy Get crossTenantAccessPolicy
`Get-MgBetaPolicyCrossTenantAccessPolicyDefault` /policies/crossTenantAccessPolicy/default Get crossTenantAccessPolicyConfigurationDefault
`Get-MgBetaPolicyCrossTenantAccessPolicyPartner` /policies/crossTenantAccessPolicy/partners List partners
`Get-MgBetaPolicyCrossTenantAccessPolicyPartner` /policies/crossTenantAccessPolicy/partners/{id} Get crossTenantAccessPolicyConfigurationPartner
`Get-MgBetaPolicyCrossTenantAccessPolicyPartnerIdentitySynchronization` /policies/crossTenantAccessPolicy/partners/{id}/identitySynchronization Get crossTenantIdentitySyncPolicyPartner
`Get-MgBetaPolicyCrossTenantAccessPolicyTemplateMultiTenantOrganizationIdentitySynchronization` /policies/crossTenantAccessPolicy/templates/multiTenantOrganizationIdentitySynchronization Get multiTenantOrganizationIdentitySyncPolicyTemplate
`Get-MgBetaPolicyCrossTenantAccessPolicyTemplateMultiTenantOrganizationPartnerConfiguration` /policies/crossTenantAccessPolicy/templates/multiTenantOrganizationPartnerConfiguration Get multiTenantOrganizationPartnerConfigurationTemplate
`Get-MgBetaPolicyDefaultAppManagementPolicy` /policies/defaultAppManagementPolicy Get tenantAppManagementPolicy
`Get-MgBetaPolicyDeletedItemCrossTenantPartner` /policies/deletedItems/crossTenantPartners List policyDeletableItem objects
`Get-MgBetaPolicyDeletedItemCrossTenantPartner` /policies/deletedItems/crossTenantPartners/{id} Get policyDeletableItem
`Get-MgBetaPolicyDeletedItemCrossTenantSyncPolicyPartner` /policies/deletedItems/crossTenantPartners List policyDeletableItem objects
`Get-MgBetaPolicyDeletedItemCrossTenantSyncPolicyPartner` /policies/deletedItems/crossTenantPartners/{id} Get policyDeletableItem
`Get-MgBetaPolicyDeviceRegistrationPolicy` /policies/deviceRegistrationPolicy Get deviceRegistrationPolicy
`Get-MgBetaPolicyExternalIdentityPolicy` /policies/externalIdentitiesPolicy Get externalIdentitiesPolicy
`Get-MgBetaPolicyHomeRealmDiscoveryPolicy` /policies/homeRealmDiscoveryPolicies List homeRealmDiscoveryPolicies
`Get-MgBetaPolicyHomeRealmDiscoveryPolicy` /policies/homeRealmDiscoveryPolicies/{id} Get homeRealmDiscoveryPolicy
`Get-MgBetaPolicyHomeRealmDiscoveryPolicyApplyTo` /policies/homeRealmDiscoveryPolicies/{id}/appliesTo List appliesTo
`Get-MgBetaPolicyIdentitySecurityDefaultEnforcementPolicy` /policies/identitySecurityDefaultsEnforcementPolicy Get identitySecurityDefaultsEnforcementPolicy
`Get-MgBetaPolicyMobileAppManagementPolicy` /policies/mobileAppManagementPolicies List mobileAppManagementPolicies
`Get-MgBetaPolicyMobileAppManagementPolicy` /policies/mobileAppManagementPolicies/{id} Get mobileAppManagementPolicy
`Get-MgBetaPolicyMobileAppManagementPolicyIncludedGroup` /policies/mobileAppManagementPolicies/{id}/includedGroups List includedGroups
`Get-MgBetaPolicyMobileDeviceManagementPolicy` /policies/mobileDeviceManagementPolicies List mobileDeviceManagementPolicies
`Get-MgBetaPolicyMobileDeviceManagementPolicy` /policies/mobileDeviceManagementPolicies/{id} Get mobileDeviceManagementPolicy
`Get-MgBetaPolicyMobileDeviceManagementPolicyIncludedGroup` /policies/mobileDeviceManagementPolicies/{id}/includedGroups List includedGroups
`Get-MgBetaPolicyTokenIssuancePolicy` /policies/tokenIssuancePolicies List tokenIssuancePolicy
`Get-MgBetaPolicyTokenIssuancePolicy` /policies/tokenIssuancePolicies/{id} Get tokenIssuancePolicy
`Get-MgBetaPolicyTokenIssuancePolicyApplyTo` /policies/tokenIssuancePolicies/{id}/appliesTo List appliesTo
`Get-MgBetaPolicyTokenLifetimePolicy` /policies/tokenLifetimePolicies List tokenLifetimePolicies
`Get-MgBetaPolicyTokenLifetimePolicy` /policies/tokenLifetimePolicies/{id} Get tokenLifetimePolicy
`Get-MgBetaPolicyTokenLifetimePolicyApplyTo` /policies/tokenLifetimePolicies/{id}/appliesTo List appliesTo
`Get-MgBetaServicePrincipalClaimMappingPolicy` /servicePrincipals/{id}/claimsMappingPolicies List assigned claimsMappingPolicies
`Get-MgBetaServicePrincipalHomeRealmDiscoveryPolicy` /servicePrincipals/{id}/homeRealmDiscoveryPolicies List assigned homeRealmDiscoveryPolicies
`Get-MgBetaServicePrincipalTokenLifetimePolicy` /servicePrincipals/{id}/tokenLifetimePolicies List assigned tokenLifetimePolicies
`Get-MgBetaTenantRelationshipManagedTenantConditionalAccessPolicyCoverage` /tenantRelationships/managedTenants/conditionalAccessPolicyCoverages List conditionalAccessPolicyCoverages
`Get-MgBetaTenantRelationshipManagedTenantConditionalAccessPolicyCoverage` /tenantRelationships/managedTenants/conditionalAccessPolicyCoverages/{conditionalAccessPolicyCoverageId} Get conditionalAccessPolicyCoverage
`Get-MgBetaTrustFrameworkPolicy` /trustFramework/policies/ List trustFrameworkPolicies
`Get-MgBetaUserAuthenticationRequirement` /users/{id \| userPrincipalName}/authentication/signInPreferences Get authentication states
`Get-MgBetaUserAuthenticationSignInPreference` /users/{id \| userPrincipalName}/authentication/signInPreferences Get authentication states
`Invoke-MgBetaUsagePolicyAuthenticationStrengthPolicy` /policies/authenticationStrengthPolicies/{authenticationStrengthPolicyId}/usage authenticationStrengthPolicy: usage
`New-MgBetaApplicationTokenIssuancePolicyByRef` /applications/{id}/tokenIssuancePolicies/$ref Assign tokenIssuancePolicy
`New-MgBetaApplicationTokenLifetimePolicyByRef` /applications/{id}/tokenLifetimePolicies/$ref Assign tokenLifetimePolicy
`New-MgBetaIdentityConditionalAccessNamedLocation` /identity/conditionalAccess/namedLocations Create namedLocation
`New-MgBetaIdentityConditionalAccessPolicy` /identity/conditionalAccess/policies Create conditionalAccessPolicy
`New-MgBetaServicePrincipalClaimMappingPolicyByRef` /servicePrincipals/{id}/claimsMappingPolicies/$ref Assign claimsMappingPolicy
`New-MgBetaServicePrincipalHomeRealmDiscoveryPolicyByRef` /servicePrincipals/{id}/homeRealmDiscoveryPolicies/$ref Assign homeRealmDiscoveryPolicy
`New-MgBetaServicePrincipalTokenLifetimePolicyByRef` /servicePrincipals/{id}/tokenLifetimePolicies/$ref Assign tokenLifetimePolicy
`Remove-MgBetaApplicationTokenIssuancePolicyTokenIssuancePolicyByRef` /applications/{id}/tokenIssuancePolicies/{id}/$ref Remove tokenIssuancePolicy
`Remove-MgBetaApplicationTokenLifetimePolicyTokenLifetimePolicyByRef` /applications/{applicationObjectId}/tokenLifetimePolicies/{tokenLifetimePolicyId}/$ref Remove tokenLifetimePolicy
`Remove-MgBetaIdentityConditionalAccessNamedLocation` /identity/conditionalAccess/namedLocations/{id} Delete countryNamedLocation
`Remove-MgBetaIdentityConditionalAccessNamedLocation` /identity/conditionalAccess/namedLocations/{id} Delete ipNamedLocation
`Remove-MgBetaIdentityConditionalAccessNamedLocation` /identity/conditionalAccess/namedLocations/{id} Delete namedLocation
`Remove-MgBetaIdentityConditionalAccessPolicy` /identity/conditionalAccess/policies/{id} Delete conditionalAccessPolicy
`Remove-MgBetaServicePrincipalClaimMappingPolicyClaimMappingPolicyByRef` /servicePrincipals/{id}/claimsMappingPolicies/{id}/$ref Remove claimsMappingPolicy
`Remove-MgBetaServicePrincipalHomeRealmDiscoveryPolicyHomeRealmDiscoveryPolicyByRef` /servicePrincipals/{id}/homeRealmDiscoveryPolicies/{policyId}/$ref Remove homeRealmDiscoveryPolicy
`Remove-MgBetaServicePrincipalTokenLifetimePolicyTokenLifetimePolicyByRef` /servicePrincipals/{servicePrincipalObjectId}/tokenLifetimePolicies/{tokenLifetimePolicyId}/$ref Remove tokenLifetimePolicies
`Test-MgBetaIdentityConditionalAccess` /identity/conditionalAccess/evaluate What If evaluation
`Update-MgBetaIdentityConditionalAccessNamedLocation` /identity/conditionalAccess/namedLocations/{id} Update countryNamedlocation
`Update-MgBetaIdentityConditionalAccessNamedLocation` /identity/conditionalAccess/namedLocations/{id} Update ipnamedlocation
`Update-MgBetaIdentityConditionalAccessPolicy` /identity/conditionalAccess/policies/{id} Update conditionalAccessPolicy
`Update-MgBetaIdentityContinuouAccessEvaluationPolicy` /identity/continuousAccessEvaluationPolicy Update continuousAccessEvaluationPolicy
`Update-MgBetaPolicyIdentitySecurityDefaultEnforcementPolicy` /policies/identitySecurityDefaultsEnforcementPolicy Update identitySecurityDefaultsEnforcementPolicy

Code Examples

C# / .NET SDK

Assign claimsMappingPolicy

View official example on Microsoft Learn

// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Models;

var requestBody = new ReferenceCreate
{
	OdataId = "https://graph.microsoft.com/v1.0/policies/claimsMappingPolicies/cd3d9b57-0aee-4f25-8ee3-ac74ef5986a9",
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
await graphClient.ServicePrincipals["{servicePrincipal-id}"].ClaimsMappingPolicies.Ref.PostAsync(requestBody);

JavaScript

Assign claimsMappingPolicy

View official example on Microsoft Learn

const options = {
	authProvider,
};

const client = Client.init(options);

const claimsMappingPolicy = {
  '@odata.id':'https://graph.microsoft.com/v1.0/policies/claimsMappingPolicies/cd3d9b57-0aee-4f25-8ee3-ac74ef5986a9'
};

await client.api('/servicePrincipals/{id}/claimsMappingPolicies/$ref')
	.post(claimsMappingPolicy);

PowerShell

Assign claimsMappingPolicy

View official example on Microsoft Learn

Import-Module Microsoft.Graph.Applications

$params = @{
	"@odata.id" = "https://graph.microsoft.com/v1.0/policies/claimsMappingPolicies/cd3d9b57-0aee-4f25-8ee3-ac74ef5986a9"
}

New-MgServicePrincipalClaimMappingPolicyByRef -ServicePrincipalId $servicePrincipalId -BodyParameter $params

Python

Assign claimsMappingPolicy

View official example on Microsoft Learn

# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.reference_create import ReferenceCreate
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = ReferenceCreate(
	odata_id = "https://graph.microsoft.com/v1.0/policies/claimsMappingPolicies/cd3d9b57-0aee-4f25-8ee3-ac74ef5986a9",
)

await graph_client.service_principals.by_service_principal_id('servicePrincipal-id').claims_mapping_policies.ref.post(request_body)

App Registration

Navigate to Azure Portal

Go to App registrations in Microsoft Entra admin center

Add API Permission

Select your app → API permissions → Add a permission → Microsoft Graph

Select Permission Type

Choose Application permissions or delegated permissions and search for Policy.Read.All

Grant Admin Consent

Application permissions always require admin consent.