ESC
Type to search...
Navigate Open ESC Close

Policy.ReadWrite.ApplicationConfiguration

Export JSON
Export CSV
Copy URL
Print
ApplicationDelegated Read/Write User Scope

Allows the app to read and write your organization's application configuration policies, without a signed-in user. This includes policies such as activityBasedTimeoutPolicy, claimsMappingPolicy, homeRealmDiscoveryPolicy, tokenIssuancePolicy and tokenLifetimePolicy.

Permission data: April 6, 2026 at 4:06 AM UTC
Delegated Access App-Only Access

Permission Details

Application Permission

Read and write your organization's application configuration policies

Allows the app to read and write your organization's application configuration policies, without a signed-in user. This includes policies such as activityBasedTimeoutPolicy, claimsMappingPolicy, homeRealmDiscoveryPolicy, tokenIssuancePolicy and tokenLifetimePolicy.

Permission ID: be74164b-cff1-491c-8741-e671cb536e13
Delegated Permission Admin consent required

Read and write your organization's application configuration policies

Allows the app to read and write your organization's application configuration policies on behalf of the signed-in user. This includes policies such as activityBasedTimeoutPolicy, claimsMappingPolicy, homeRealmDiscoveryPolicy, tokenIssuancePolicy and tokenLifetimePolicy.

User sees: Allows the app to read and write your organization's application configuration policies on your behalf. This includes policies such as activityBasedTimeoutPolicy, claimsMappingPolicy, homeRealmDiscoveryPolicy, tokenIssuancePolicy and tokenLifetimePolicy.
Permission ID: b27add92-efb2-4f16-84f5-8108ba77985c

Properties

Microsoft Graph v1.0 mapped-docs

Properties is shown from stable Microsoft Graph v1.0 metadata.

Property Type Description
id String Unique identifier of the policy. Inherited from entity.
activityBasedTimeoutPolicies activityBasedTimeoutPolicy collection The policy that controls the idle time out for web sessions for applications.
adminConsentRequestPolicy object The policy by which consent requests are created and managed for the entire tenant.
appManagementPolicies appManagementPolicy collection The policies that enforce app management restrictions for specific applications and service principals, overriding the defaultAppManagementPolicy.
authenticationFlowsPolicy object The policy configuration of the self-service sign-up experience of external users.
authenticationMethodsPolicy object The authentication methods and the users that are allowed to use them to sign in and perform multifactor authentication (MFA) in Microsoft Entra ID.
authenticationStrengthPolicies authenticationStrengthPolicy collection The authentication method combinations that are to be used in scenarios defined by Microsoft Entra Conditional Access.
authorizationPolicy object The policy that controls Microsoft Entra authorization settings.
claimsMappingPolicies claimsMappingPolicy collection The claim-mapping policies for WS-Fed, SAML, OAuth 2.0, and OpenID Connect protocols, for tokens issued to a specific application.
conditionalAccessPolicies conditionalAccessPolicy collection The custom rules that define an access scenario.
crossTenantAccessPolicy object The custom rules that define an access scenario when interacting with external Microsoft Entra tenants.
defaultAppManagementPolicy object The tenant-wide policy that enforces app management restrictions for all applications and service principals.
deviceRegistrationPolicy object
featureRolloutPolicies featureRolloutPolicy collection The feature rollout policy associated with a directory object.
homeRealmDiscoveryPolicies homeRealmDiscoveryPolicy collection The policy to control Microsoft Entra authentication behavior for federated users.

Showing 15 of 21 properties.

JSON Representation

Microsoft Graph v1.0 mapped-docs

JSON representation is shown from stable Microsoft Graph v1.0 metadata.

JSON representation 
{
  "@odata.type": "#microsoft.graph.policyRoot",
  "id": "String (identifier)"
}

Relationships

Microsoft Graph v1.0 mapped-docs

Relationships is shown from stable Microsoft Graph v1.0 metadata.

Relationship Type Description
activityBasedTimeoutPolicies activityBasedTimeoutPolicy collection The policy that controls the idle time out for web sessions for applications.
adminConsentRequestPolicy adminConsentRequestPolicy The policy by which consent requests are created and managed for the entire tenant.
appManagementPolicies appManagementPolicy collection The policies that enforce app management restrictions for specific applications and service principals, overriding the defaultAppManagementPolicy.
authenticationFlowsPolicy authenticationFlowsPolicy The policy configuration of the self-service sign-up experience of external users.
authenticationMethodsPolicy authenticationMethodsPolicy The authentication methods and the users that are allowed to use them to sign in and perform multifactor authentication (MFA) in Microsoft Entra ID.
authenticationStrengthPolicies authenticationStrengthPolicy collection The authentication method combinations that are to be used in scenarios defined by Microsoft Entra Conditional Access.
authorizationPolicy authorizationPolicy collection The policy that controls Microsoft Entra authorization settings.
claimsMappingPolicies claimsMappingPolicy collection The claim-mapping policies for WS-Fed, SAML, OAuth 2.0, and OpenID Connect protocols, for tokens issued to a specific application.
conditionalAccessPolicies conditionalAccessPolicy The custom rules that define an access scenario.
crossTenantAccessPolicy crossTenantAccessPolicy The custom rules that define an access scenario when interacting with external Microsoft Entra tenants.
defaultAppManagementPolicy tenantAppManagementPolicy The tenant-wide policy that enforces app management restrictions for all applications and service principals.
featureRolloutPolicies featureRolloutPolicy collection The feature rollout policy associated with a directory object.
homeRealmDiscoveryPolicies homeRealmDiscoveryPolicy collection The policy to control Microsoft Entra authentication behavior for federated users.
identitySecurityDefaultsEnforcementPolicy identitySecurityDefaultsEnforcementPolicy The policy that represents the security defaults that protect against common attacks.
permissionGrantPolicies permissionGrantPolicy collection The policy that specifies the conditions under which consent can be granted.
roleManagementPolicies unifiedRoleManagementPolicy collection Specifies the various policies associated with scopes and roles.
roleManagementPolicyAssignments unifiedRoleManagementPolicyAssignment collection The assignment of a role management policy to a role definition object.
tokenIssuancePolicies tokenIssuancePolicy collection The policy that specifies the characteristics of SAML tokens issued by Microsoft Entra ID.
tokenLifetimePolicies tokenLifetimePolicy collection The policy that controls the lifetime of a JWT access token, an ID token, or a SAML 1.1/2.0 token issued by Microsoft Entra ID.
b2bManagementPolicies b2bManagementPolicy collection The policy to manage Microsoft Entra B2B features in Microsoft Entra External ID for workforce tenants.
mobileAppManagementPolicies mobileAppManagementPolicy collection The policy that defines autoenrollment configuration for a mobility management (MDM or MAM) application.
mobileDeviceManagementPolicies mobileDeviceManagementPolicy collection Related mobileDeviceManagementPolicies data exposed by this resource.
onPremAuthenticationPolicies onPremAuthenticationPolicy collection The policy that controls how authentication requests from on-premises environments are managed.
permissionGrantPreApprovalPolicies permissionGrantPreApprovalPolicy collection Policies that specify the conditions under which consent can be granted to a specific application.
servicePrincipalCreationPolicies servicePrincipalCreationPolicy collection Related servicePrincipalCreationPolicies data exposed by this resource.

Graph Methods

Delegated access App-only access
Exact Microsoft Learn match

Microsoft Graph v1.0 endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

Methods
GET /applications(appId='{appId}')/tokenIssuancePolicies
GET /applications(appId='{appId}')/tokenLifetimePolicies
GET /applications/{id}/tokenIssuancePolicies
GET /applications/{id}/tokenLifetimePolicies
GET /policies/activityBasedTimeoutPolicies
GET /policies/activityBasedTimeoutPolicies/{id}
GET /policies/appManagementPolicies
GET /policies/appManagementPolicies/{id}
GET /policies/appManagementPolicies/{id}/appliesTo
GET /policies/claimsMappingPolicies
GET /policies/claimsMappingPolicies/{id}
GET /policies/claimsMappingPolicies/{id}/appliesTo
GET /policies/defaultAppManagementPolicy
GET /policies/homeRealmDiscoveryPolicies
GET /policies/homeRealmDiscoveryPolicies/{id}
GET /policies/homeRealmDiscoveryPolicies/{id}/appliesTo
GET /policies/tokenIssuancePolicies
GET /policies/tokenIssuancePolicies/{id}
GET /policies/tokenIssuancePolicies/{id}/appliesTo
GET /policies/tokenLifetimePolicies
GET /policies/tokenLifetimePolicies/{id}
GET /policies/tokenLifetimePolicies/{id}/appliesTo
GET /servicePrincipals(appId='{appId}')/claimsMappingPolicies
GET /servicePrincipals(appId='{appId}')/homeRealmDiscoveryPolicies
GET /servicePrincipals(appId='{appId}')/tokenLifetimePolicies
GET /servicePrincipals/{id}/claimsMappingPolicies
GET /servicePrincipals/{id}/homeRealmDiscoveryPolicies
GET /servicePrincipals/{id}/tokenLifetimePolicies
POST /applications(appId='{appId}')/tokenIssuancePolicies/$ref
POST /applications(appId='{appId}')/tokenLifetimePolicies/$ref
POST /applications/{id}/appManagementPolicies/$ref
POST /applications/{id}/tokenIssuancePolicies/$ref
POST /applications/{id}/tokenLifetimePolicies/$ref
POST /policies/activityBasedTimeoutPolicies
POST /policies/appManagementPolicies
POST /policies/claimsMappingPolicies
POST /policies/homeRealmDiscoveryPolicies
POST /policies/tokenIssuancePolicies
POST /policies/tokenLifetimePolicies
POST /servicePrincipals(appId='{appId}')/claimsMappingPolicies/$ref
POST /servicePrincipals(appId='{appId}')/homeRealmDiscoveryPolicies/$ref
POST /servicePrincipals(appId='{appId}')/tokenLifetimePolicies/$ref
POST /servicePrincipals/{id}/claimsMappingPolicies/$ref
POST /servicePrincipals/{id}/homeRealmDiscoveryPolicies/$ref
POST /servicePrincipals/{id}/tokenLifetimePolicies/$ref
PATCH /policies/activityBasedTimeoutPolicies/{id}
PATCH /policies/appManagementPolicies/{id}
PATCH /policies/claimsMappingPolicies/{id}
PATCH /policies/defaultAppManagementPolicy
PATCH /policies/homeRealmDiscoveryPolicies/{id}
PATCH /policies/tokenIssuancePolicies/{id}
PATCH /policies/tokenLifetimePolicies/{id}
DELETE /applications(appId='{appId}')/tokenIssuancePolicies/{id}/$ref
DELETE /applications(appId='{appId}')/tokenLifetimePolicies/{tokenLifetimePolicyId}/$ref
DELETE /applications/{applicationObjectId}/appManagementPolicies/{appManagementPolicyId}/$ref
DELETE /applications/{applicationObjectId}/tokenLifetimePolicies/{tokenLifetimePolicyId}/$ref
DELETE /applications/{id}/tokenIssuancePolicies/{id}/$ref
DELETE /policies/activityBasedTimeoutPolicies/{id}
DELETE /policies/appManagementPolicies/{id}
DELETE /policies/claimsMappingPolicies/{id}
DELETE /policies/homeRealmDiscoveryPolicies/{id}
DELETE /policies/tokenIssuancePolicies/{id}
DELETE /policies/tokenLifetimePolicies/{id}
DELETE /servicePrincipals(appId='{appId}')/claimsMappingPolicies/{id}/$ref
DELETE /servicePrincipals(appId='{appId}')/homeRealmDiscoveryPolicies/{id}/$ref
DELETE /servicePrincipals(appId='{appId}')/tokenLifetimePolicies/{tokenLifetimePolicyId}/$ref
DELETE /servicePrincipals/{id}/claimsMappingPolicies/{id}/$ref
DELETE /servicePrincipals/{id}/homeRealmDiscoveryPolicies/{id}/$ref
DELETE /servicePrincipals/{servicePrincipalObjectId}/appManagementPolicies/{appManagementPolicyId}/$ref
DELETE /servicePrincipals/{servicePrincipalObjectId}/tokenLifetimePolicies/{tokenLifetimePolicyId}/$ref
Exact Microsoft Learn match

Microsoft Graph beta endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

Methods
GET /applications(appId='{appId}')/tokenIssuancePolicies
GET /applications(appId='{appId}')/tokenLifetimePolicies
GET /applications/{id}/tokenIssuancePolicies
GET /applications/{id}/tokenLifetimePolicies
GET /identity/events/onSignupStart
GET /identity/events/onSignupStart/{id}
GET /policies/activityBasedTimeoutPolicies
GET /policies/activityBasedTimeoutPolicies/{id}
GET /policies/appManagementPolicies
GET /policies/appManagementPolicies/{id}
GET /policies/appManagementPolicies/{id}/appliesTo
GET /policies/claimsMappingPolicies
GET /policies/claimsMappingPolicies/{id}
GET /policies/claimsMappingPolicies/{id}/appliesTo
GET /policies/defaultAppManagementPolicy
GET /policies/homeRealmDiscoveryPolicies
GET /policies/homeRealmDiscoveryPolicies/{id}
GET /policies/homeRealmDiscoveryPolicies/{id}/appliesTo
GET /policies/tokenIssuancePolicies
GET /policies/tokenIssuancePolicies/{id}
GET /policies/tokenIssuancePolicies/{id}/appliesTo
GET /policies/tokenLifetimePolicies
GET /policies/tokenLifetimePolicies/{id}
GET /policies/tokenLifetimePolicies/{id}/appliesTo
GET /servicePrincipals(appId='{appId}')/tokenLifetimePolicies
GET /servicePrincipals/{id}/claimsMappingPolicies
GET /servicePrincipals/{id}/homeRealmDiscoveryPolicies
GET /servicePrincipals/{id}/tokenLifetimePolicies
GET /servicePrincipals/{servicePrincipalsId}/claimsPolicy
POST /applications(appId='{appId}')/tokenIssuancePolicies/$ref
POST /applications(appId='{appId}')/tokenLifetimePolicies/$ref
POST /applications/{id}/appManagementPolicies/$ref
POST /applications/{id}/tokenIssuancePolicies/$ref
POST /applications/{id}/tokenLifetimePolicies/$ref
POST /identity/events/onSignupStart
POST /policies/activityBasedTimeoutPolicies
POST /policies/appManagementPolicies
POST /policies/claimsMappingPolicies
POST /policies/homeRealmDiscoveryPolicies
POST /policies/tokenIssuancePolicies
POST /policies/tokenLifetimePolicies
POST /servicePrincipals(appId='{appId}')/claimsMappingPolicies/$ref
POST /servicePrincipals(appId='{appId}')/homeRealmDiscoveryPolicies/$ref
POST /servicePrincipals(appId='{appId}')/tokenLifetimePolicies/$ref
POST /servicePrincipals/{id}/claimsMappingPolicies/$ref
POST /servicePrincipals/{id}/homeRealmDiscoveryPolicies/$ref
POST /servicePrincipals/{id}/tokenLifetimePolicies/$ref
PATCH /identity/events/onSignupStart/{id}
PATCH /policies/activityBasedTimeoutPolicies/{id}
PATCH /policies/appManagementPolicies/{id}
PATCH /policies/claimsMappingPolicies/{id}
PATCH /policies/defaultAppManagementPolicy
PATCH /policies/homeRealmDiscoveryPolicies/{id}
PATCH /policies/tokenIssuancePolicies/{id}
PATCH /policies/tokenLifetimePolicies/{id}
PATCH /servicePrincipals/{servicePrincipalsId}/claimsPolicy
PUT /identity/events/onSignupStart/{id}
PUT /servicePrincipals/{servicePrincipalsId}/claimsPolicy
DELETE /applications(appId='{appId}')/tokenLifetimePolicies/{tokenLifetimePolicyId}/$ref
DELETE /applications/{applicationObjectId}/appManagementPolicies/{appManagementPolicyId}/$ref
DELETE /applications/{applicationObjectId}/tokenLifetimePolicies/{tokenLifetimePolicyId}/$ref
DELETE /applications/{id}/tokenIssuancePolicies/{id}/$ref
DELETE /identity/events/onSignupStart/{id}
DELETE /policies/activityBasedTimeoutPolicies/{id}
DELETE /policies/appManagementPolicies/{id}
DELETE /policies/claimsMappingPolicies/{id}
DELETE /policies/homeRealmDiscoveryPolicies/{id}
DELETE /policies/tokenIssuancePolicies/{id}
DELETE /policies/tokenLifetimePolicies/{id}
DELETE /servicePrincipals(appId='{appId}')/claimsMappingPolicies/{id}/$ref
DELETE /servicePrincipals(appId='{appId}')/homeRealmDiscoveryPolicies/{policyId}/$ref
DELETE /servicePrincipals(appId='{appId}')/tokenLifetimePolicies/{tokenLifetimePolicyId}/$ref
DELETE /servicePrincipals/{id}/claimsMappingPolicies/{id}/$ref
DELETE /servicePrincipals/{id}/homeRealmDiscoveryPolicies/{policyId}/$ref
DELETE /servicePrincipals/{servicePrincipalObjectId}/appManagementPolicies/{appManagementPolicyId}/$ref
DELETE /servicePrincipals/{servicePrincipalObjectId}/tokenLifetimePolicies/{tokenLifetimePolicyId}/$ref
Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell v1.0 commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

Commands
Get-MgApplicationTokenIssuancePolicy /applications/{id}/tokenIssuancePolicies
List assigned tokenIssuancePolicies
Get-MgApplicationTokenLifetimePolicy /applications/{id}/tokenLifetimePolicies
List assigned tokenLifetimePolicies
Get-MgPolicyActivityBasedTimeoutPolicy /policies/activityBasedTimeoutPolicies
List activityBasedTimeoutPolicies
Get-MgPolicyActivityBasedTimeoutPolicy /policies/activityBasedTimeoutPolicies/{id}
Get activityBasedTimeoutPolicy
Get-MgPolicyAppManagementPolicy /policies/appManagementPolicies
List appManagementPolicies
Get-MgPolicyAppManagementPolicy /policies/appManagementPolicies/{id}
Get appManagementPolicy
Get-MgPolicyAppManagementPolicyApplyTo /policies/appManagementPolicies/{id}/appliesTo
List appliesTo
Get-MgPolicyClaimMappingPolicy /policies/claimsMappingPolicies
List claimsMappingPolicies
Get-MgPolicyClaimMappingPolicy /policies/claimsMappingPolicies/{id}
Get claimsMappingPolicy
Get-MgPolicyClaimMappingPolicyApplyTo /policies/claimsMappingPolicies/{id}/appliesTo
List appliesTo
Get-MgPolicyDefaultAppManagementPolicy /policies/defaultAppManagementPolicy
Get tenantAppManagementPolicy
Get-MgPolicyHomeRealmDiscoveryPolicy /policies/homeRealmDiscoveryPolicies
List homeRealmDiscoveryPolicies
Get-MgPolicyHomeRealmDiscoveryPolicy /policies/homeRealmDiscoveryPolicies/{id}
Get homeRealmDiscoveryPolicy
Get-MgPolicyHomeRealmDiscoveryPolicyApplyTo /policies/homeRealmDiscoveryPolicies/{id}/appliesTo
List appliesTo
Get-MgPolicyTokenIssuancePolicy /policies/tokenIssuancePolicies
List tokenIssuancePolicy
Get-MgPolicyTokenIssuancePolicy /policies/tokenIssuancePolicies/{id}
Get tokenIssuancePolicy
Get-MgPolicyTokenIssuancePolicyApplyTo /policies/tokenIssuancePolicies/{id}/appliesTo
List appliesTo
Get-MgPolicyTokenLifetimePolicy /policies/tokenLifetimePolicies
List tokenLifetimePolicies
Get-MgPolicyTokenLifetimePolicy /policies/tokenLifetimePolicies/{id}
Get tokenLifetimePolicy
Get-MgPolicyTokenLifetimePolicyApplyTo /policies/tokenLifetimePolicies/{id}/appliesTo
List appliesTo
Get-MgServicePrincipalClaimMappingPolicy /servicePrincipals/{id}/claimsMappingPolicies
List assigned claimsMappingPolicies
Get-MgServicePrincipalHomeRealmDiscoveryPolicy /servicePrincipals/{id}/homeRealmDiscoveryPolicies
List assigned homeRealmDiscoveryPolicies
Get-MgServicePrincipalTokenLifetimePolicy /servicePrincipals/{id}/tokenLifetimePolicies
List assigned tokenLifetimePolicies
New-MgApplicationAppManagementPolicyByRef /applications/{id}/appManagementPolicies/$ref
Assign appliesTo
New-MgApplicationTokenIssuancePolicyByRef /applications/{id}/tokenIssuancePolicies/$ref
Assign tokenIssuancePolicy
New-MgApplicationTokenLifetimePolicyByRef /applications/{id}/tokenLifetimePolicies/$ref
Assign tokenLifetimePolicy
New-MgPolicyActivityBasedTimeoutPolicy /policies/activityBasedTimeoutPolicies
Create activityBasedTimeoutPolicy
New-MgPolicyAppManagementPolicy /policies/appManagementPolicies
Create appManagementPolicy
New-MgPolicyClaimMappingPolicy /policies/claimsMappingPolicies
Create claimsMappingPolicy
New-MgPolicyHomeRealmDiscoveryPolicy /policies/homeRealmDiscoveryPolicies
Create homeRealmDiscoveryPolicy
New-MgPolicyTokenIssuancePolicy /policies/tokenIssuancePolicies
Create tokenIssuancePolicy
New-MgPolicyTokenLifetimePolicy /policies/tokenLifetimePolicies
Create tokenLifetimePolicy
New-MgServicePrincipalClaimMappingPolicyByRef /servicePrincipals/{id}/claimsMappingPolicies/$ref
Assign claimsMappingPolicy
New-MgServicePrincipalHomeRealmDiscoveryPolicyByRef /servicePrincipals/{id}/homeRealmDiscoveryPolicies/$ref
Assign homeRealmDiscoveryPolicy
New-MgServicePrincipalTokenLifetimePolicyByRef /servicePrincipals/{id}/tokenLifetimePolicies/$ref
Assign tokenLifetimePolicy
Remove-MgApplicationAppManagementPolicyAppManagementPolicyByRef /applications/{applicationObjectId}/appManagementPolicies/{appManagementPolicyId}/$ref
Remove appliesTo
Remove-MgApplicationTokenIssuancePolicyTokenIssuancePolicyByRef /applications/{id}/tokenIssuancePolicies/{id}/$ref
Remove tokenIssuancePolicy
Remove-MgApplicationTokenLifetimePolicyTokenLifetimePolicyByRef /applications/{applicationObjectId}/tokenLifetimePolicies/{tokenLifetimePolicyId}/$ref
Remove tokenLifetimePolicy
Remove-MgPolicyActivityBasedTimeoutPolicy /policies/activityBasedTimeoutPolicies/{id}
Delete activityBasedTimeoutPolicy
Remove-MgPolicyAppManagementPolicy /policies/appManagementPolicies/{id}
Delete appManagementPolicy
Remove-MgPolicyClaimMappingPolicy /policies/claimsMappingPolicies/{id}
Delete claimsMappingPolicy
Remove-MgPolicyHomeRealmDiscoveryPolicy /policies/homeRealmDiscoveryPolicies/{id}
Delete homeRealmDiscoveryPolicy
Remove-MgPolicyTokenIssuancePolicy /policies/tokenIssuancePolicies/{id}
Delete tokenIssuancePolicy
Remove-MgPolicyTokenLifetimePolicy /policies/tokenLifetimePolicies/{id}
Delete tokenLifetimePolicy
Remove-MgServicePrincipalClaimMappingPolicyClaimMappingPolicyByRef /servicePrincipals/{id}/claimsMappingPolicies/{id}/$ref
Remove claimsMappingPolicy
Remove-MgServicePrincipalHomeRealmDiscoveryPolicyHomeRealmDiscoveryPolicyByRef /servicePrincipals/{id}/homeRealmDiscoveryPolicies/{id}/$ref
Remove homeRealmDiscoveryPolicy
Remove-MgServicePrincipalTokenLifetimePolicyTokenLifetimePolicyByRef /servicePrincipals/{servicePrincipalObjectId}/tokenLifetimePolicies/{tokenLifetimePolicyId}/$ref
Remove tokenLifetimePolicies
Update-MgPolicyActivityBasedTimeoutPolicy /policies/activityBasedTimeoutPolicies/{id}
Update activitybasedtimeoutpolicy
Update-MgPolicyAppManagementPolicy /policies/appManagementPolicies/{id}
Update appManagementPolicy
Update-MgPolicyClaimMappingPolicy /policies/claimsMappingPolicies/{id}
Update claimsmappingpolicy
Update-MgPolicyDefaultAppManagementPolicy /policies/defaultAppManagementPolicy
Update tenantAppManagementPolicy
Update-MgPolicyHomeRealmDiscoveryPolicy /policies/homeRealmDiscoveryPolicies/{id}
Update homerealmdiscoverypolicy
Update-MgPolicyTokenIssuancePolicy /policies/tokenIssuancePolicies/{id}
Update tokenIssuancePolicy
Update-MgPolicyTokenLifetimePolicy /policies/tokenLifetimePolicies/{id}
Update tokenlifetimepolicy
Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell beta commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

Commands
Get-MgBetaApplicationTokenIssuancePolicy /applications/{id}/tokenIssuancePolicies
List assigned tokenIssuancePolicies
Get-MgBetaApplicationTokenLifetimePolicy /applications/{id}/tokenLifetimePolicies
List assigned tokenLifetimePolicies
Get-MgBetaPolicyActivityBasedTimeoutPolicy /policies/activityBasedTimeoutPolicies
List activityBasedTimeoutPolicies
Get-MgBetaPolicyActivityBasedTimeoutPolicy /policies/activityBasedTimeoutPolicies/{id}
Get activityBasedTimeoutPolicy
Get-MgBetaPolicyAppManagementPolicy /policies/appManagementPolicies
List appManagementPolicies
Get-MgBetaPolicyAppManagementPolicy /policies/appManagementPolicies/{id}
Get appManagementPolicy
Get-MgBetaPolicyAppManagementPolicyApplyTo /policies/appManagementPolicies/{id}/appliesTo
List appliesTo
Get-MgBetaPolicyClaimMappingPolicy /policies/claimsMappingPolicies
List claimsMappingPolicies
Get-MgBetaPolicyClaimMappingPolicy /policies/claimsMappingPolicies/{id}
Get claimsMappingPolicy
Get-MgBetaPolicyClaimMappingPolicyApplyTo /policies/claimsMappingPolicies/{id}/appliesTo
List appliesTo
Get-MgBetaPolicyDefaultAppManagementPolicy /policies/defaultAppManagementPolicy
Get tenantAppManagementPolicy
Get-MgBetaPolicyHomeRealmDiscoveryPolicy /policies/homeRealmDiscoveryPolicies
List homeRealmDiscoveryPolicies
Get-MgBetaPolicyHomeRealmDiscoveryPolicy /policies/homeRealmDiscoveryPolicies/{id}
Get homeRealmDiscoveryPolicy
Get-MgBetaPolicyHomeRealmDiscoveryPolicyApplyTo /policies/homeRealmDiscoveryPolicies/{id}/appliesTo
List appliesTo
Get-MgBetaPolicyTokenIssuancePolicy /policies/tokenIssuancePolicies
List tokenIssuancePolicy
Get-MgBetaPolicyTokenIssuancePolicy /policies/tokenIssuancePolicies/{id}
Get tokenIssuancePolicy
Get-MgBetaPolicyTokenIssuancePolicyApplyTo /policies/tokenIssuancePolicies/{id}/appliesTo
List appliesTo
Get-MgBetaPolicyTokenLifetimePolicy /policies/tokenLifetimePolicies
List tokenLifetimePolicies
Get-MgBetaPolicyTokenLifetimePolicy /policies/tokenLifetimePolicies/{id}
Get tokenLifetimePolicy
Get-MgBetaPolicyTokenLifetimePolicyApplyTo /policies/tokenLifetimePolicies/{id}/appliesTo
List appliesTo
Get-MgBetaServicePrincipalClaimMappingPolicy /servicePrincipals/{id}/claimsMappingPolicies
List assigned claimsMappingPolicies
Get-MgBetaServicePrincipalClaimPolicy /servicePrincipals/{servicePrincipalsId}/claimsPolicy
Get customClaimsPolicy
Get-MgBetaServicePrincipalHomeRealmDiscoveryPolicy /servicePrincipals/{id}/homeRealmDiscoveryPolicies
List assigned homeRealmDiscoveryPolicies
Get-MgBetaServicePrincipalTokenLifetimePolicy /servicePrincipals/{id}/tokenLifetimePolicies
List assigned tokenLifetimePolicies
New-MgBetaApplicationAppManagementPolicyByRef /applications/{id}/appManagementPolicies/$ref
Assign appliesTo
New-MgBetaApplicationTokenIssuancePolicyByRef /applications/{id}/tokenIssuancePolicies/$ref
Assign tokenIssuancePolicy
New-MgBetaApplicationTokenLifetimePolicyByRef /applications/{id}/tokenLifetimePolicies/$ref
Assign tokenLifetimePolicy
New-MgBetaPolicyActivityBasedTimeoutPolicy /policies/activityBasedTimeoutPolicies
Create activityBasedTimeoutPolicy
New-MgBetaPolicyAppManagementPolicy /policies/appManagementPolicies
Create appManagementPolicy
New-MgBetaPolicyClaimMappingPolicy /policies/claimsMappingPolicies
Create claimsMappingPolicy
New-MgBetaPolicyHomeRealmDiscoveryPolicy /policies/homeRealmDiscoveryPolicies
Create homeRealmDiscoveryPolicy
New-MgBetaPolicyTokenIssuancePolicy /policies/tokenIssuancePolicies
Create tokenIssuancePolicy
New-MgBetaPolicyTokenLifetimePolicy /policies/tokenLifetimePolicies
Create tokenLifetimePolicy
New-MgBetaServicePrincipalClaimMappingPolicyByRef /servicePrincipals/{id}/claimsMappingPolicies/$ref
Assign claimsMappingPolicy
New-MgBetaServicePrincipalHomeRealmDiscoveryPolicyByRef /servicePrincipals/{id}/homeRealmDiscoveryPolicies/$ref
Assign homeRealmDiscoveryPolicy
New-MgBetaServicePrincipalTokenLifetimePolicyByRef /servicePrincipals/{id}/tokenLifetimePolicies/$ref
Assign tokenLifetimePolicy
Remove-MgBetaApplicationAppManagementPolicyAppManagementPolicyByRef /applications/{applicationObjectId}/appManagementPolicies/{appManagementPolicyId}/$ref
Remove appliesTo
Remove-MgBetaApplicationTokenIssuancePolicyTokenIssuancePolicyByRef /applications/{id}/tokenIssuancePolicies/{id}/$ref
Remove tokenIssuancePolicy
Remove-MgBetaApplicationTokenLifetimePolicyTokenLifetimePolicyByRef /applications/{applicationObjectId}/tokenLifetimePolicies/{tokenLifetimePolicyId}/$ref
Remove tokenLifetimePolicy
Remove-MgBetaPolicyActivityBasedTimeoutPolicy /policies/activityBasedTimeoutPolicies/{id}
Delete activityBasedTimeoutPolicy
Remove-MgBetaPolicyAppManagementPolicy /policies/appManagementPolicies/{id}
Delete appManagementPolicy
Remove-MgBetaPolicyClaimMappingPolicy /policies/claimsMappingPolicies/{id}
Delete claimsMappingPolicy
Remove-MgBetaPolicyHomeRealmDiscoveryPolicy /policies/homeRealmDiscoveryPolicies/{id}
Delete homeRealmDiscoveryPolicy
Remove-MgBetaPolicyTokenIssuancePolicy /policies/tokenIssuancePolicies/{id}
Delete tokenIssuancePolicy
Remove-MgBetaPolicyTokenLifetimePolicy /policies/tokenLifetimePolicies/{id}
Delete tokenLifetimePolicy
Remove-MgBetaServicePrincipalClaimMappingPolicyClaimMappingPolicyByRef /servicePrincipals/{id}/claimsMappingPolicies/{id}/$ref
Remove claimsMappingPolicy
Remove-MgBetaServicePrincipalHomeRealmDiscoveryPolicyHomeRealmDiscoveryPolicyByRef /servicePrincipals/{id}/homeRealmDiscoveryPolicies/{policyId}/$ref
Remove homeRealmDiscoveryPolicy
Remove-MgBetaServicePrincipalTokenLifetimePolicyTokenLifetimePolicyByRef /servicePrincipals/{servicePrincipalObjectId}/tokenLifetimePolicies/{tokenLifetimePolicyId}/$ref
Remove tokenLifetimePolicies
Set-MgBetaServicePrincipalClaimPolicy /servicePrincipals/{servicePrincipalsId}/claimsPolicy
Create or replace claimsPolicy
Update-MgBetaPolicyActivityBasedTimeoutPolicy /policies/activityBasedTimeoutPolicies/{id}
Update activitybasedtimeoutpolicy
Update-MgBetaPolicyAppManagementPolicy /policies/appManagementPolicies/{id}
Update appManagementPolicy
Update-MgBetaPolicyClaimMappingPolicy /policies/claimsMappingPolicies/{id}
Update claimsmappingpolicy
Update-MgBetaPolicyDefaultAppManagementPolicy /policies/defaultAppManagementPolicy
Update tenantAppManagementPolicy
Update-MgBetaPolicyHomeRealmDiscoveryPolicy /policies/homeRealmDiscoveryPolicies/{id}
Update homerealmdiscoverypolicy
Update-MgBetaPolicyTokenIssuancePolicy /policies/tokenIssuancePolicies/{id}
Update tokenIssuancePolicy
Update-MgBetaPolicyTokenLifetimePolicy /policies/tokenLifetimePolicies/{id}
Update tokenlifetimepolicy
Update-MgBetaServicePrincipalClaimPolicy /servicePrincipals/{servicePrincipalsId}/claimsPolicy
Update customClaimsPolicy

Code Examples

C# / .NET SDK
Assign appliesTo
View official example on Microsoft Learn
// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Models;

var requestBody = new ReferenceCreate
{
	OdataId = "https://graph.microsoft.com/v1.0/policies/appManagementPolicies/{id}",
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
await graphClient.Applications["{application-id}"].AppManagementPolicies.Ref.PostAsync(requestBody);
JavaScript
Assign appliesTo
View official example on Microsoft Learn
const options = {
	authProvider,
};

const client = Client.init(options);

const appManagementPolicy = {
 '@odata.id':'https://graph.microsoft.com/v1.0/policies/appManagementPolicies/{id}'
};

await client.api('/applications/{id}/appManagementPolicies/$ref')
	.post(appManagementPolicy);
PowerShell
Assign appliesTo
View official example on Microsoft Learn
Import-Module Microsoft.Graph.Applications

$params = @{
	"@odata.id" = "https://graph.microsoft.com/v1.0/policies/appManagementPolicies/{id}"
}

New-MgApplicationAppManagementPolicyByRef -ApplicationId $applicationId -BodyParameter $params
Python
Assign appliesTo
View official example on Microsoft Learn
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.reference_create import ReferenceCreate
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = ReferenceCreate(
	odata_id = "https://graph.microsoft.com/v1.0/policies/appManagementPolicies/{id}",
)

await graph_client.applications.by_application_id('application-id').app_management_policies.ref.post(request_body)

App Registration

1

Navigate to Azure Portal

Go to App registrations in Microsoft Entra admin center

2

Add API Permission

Select your app → API permissions → Add a permission → Microsoft Graph

3

Select Permission Type

Choose Application permissions or delegated permissions and search for Policy.ReadWrite.ApplicationConfiguration

4

Grant Admin Consent

Application permissions always require admin consent.