Policy.ReadWrite.AuthenticationFlows

Permission Details

Application Permission

Read and write authentication flow policies

Allows the app to read and write all authentication flow policies for the tenant, without a signed-in user.

Permission ID: 25f85f3c-f66c-4205-8cd5-de92dd7f0cec

Delegated Permission

Read and write authentication flow policies

Allows the app to read and write the authentication flow policies, on behalf of the signed-in user.

Permission ID: edb72de9-4252-4d03-a925-451deef99db7

Properties

Microsoft Graph v1.0 mapped-docs

Properties is shown from stable Microsoft Graph v1.0 metadata.

Property	Type	Description
`id`	`String`	Unique identifier of the policy. Inherited from entity.
`activityBasedTimeoutPolicies`	`activityBasedTimeoutPolicy collection`	The policy that controls the idle time out for web sessions for applications.
`adminConsentRequestPolicy`	`object`	The policy by which consent requests are created and managed for the entire tenant.
`appManagementPolicies`	`appManagementPolicy collection`	The policies that enforce app management restrictions for specific applications and service principals, overriding the defaultAppManagementPolicy.
`authenticationFlowsPolicy`	`object`	The policy configuration of the self-service sign-up experience of external users.
`authenticationMethodsPolicy`	`object`	The authentication methods and the users that are allowed to use them to sign in and perform multifactor authentication (MFA) in Microsoft Entra ID.
`authenticationStrengthPolicies`	`authenticationStrengthPolicy collection`	The authentication method combinations that are to be used in scenarios defined by Microsoft Entra Conditional Access.
`authorizationPolicy`	`object`	The policy that controls Microsoft Entra authorization settings.
`claimsMappingPolicies`	`claimsMappingPolicy collection`	The claim-mapping policies for WS-Fed, SAML, OAuth 2.0, and OpenID Connect protocols, for tokens issued to a specific application.
`conditionalAccessPolicies`	`conditionalAccessPolicy collection`	The custom rules that define an access scenario.
`crossTenantAccessPolicy`	`object`	The custom rules that define an access scenario when interacting with external Microsoft Entra tenants.
`defaultAppManagementPolicy`	`object`	The tenant-wide policy that enforces app management restrictions for all applications and service principals.
`deviceRegistrationPolicy`	`object`
`featureRolloutPolicies`	`featureRolloutPolicy collection`	The feature rollout policy associated with a directory object.
`homeRealmDiscoveryPolicies`	`homeRealmDiscoveryPolicy collection`	The policy to control Microsoft Entra authentication behavior for federated users.

Showing 15 of 21 properties.

JSON Representation

Microsoft Graph v1.0 mapped-docs

JSON representation is shown from stable Microsoft Graph v1.0 metadata.

JSON representation

{
  "@odata.type": "#microsoft.graph.policyRoot",
  "id": "String (identifier)"
}

Relationships

Microsoft Graph v1.0 mapped-docs

Relationships is shown from stable Microsoft Graph v1.0 metadata.

Relationship	Type	Description
`activityBasedTimeoutPolicies`	`activityBasedTimeoutPolicy collection`	The policy that controls the idle time out for web sessions for applications.
`adminConsentRequestPolicy`	`adminConsentRequestPolicy`	The policy by which consent requests are created and managed for the entire tenant.
`appManagementPolicies`	`appManagementPolicy collection`	The policies that enforce app management restrictions for specific applications and service principals, overriding the defaultAppManagementPolicy.
`authenticationFlowsPolicy`	`authenticationFlowsPolicy`	The policy configuration of the self-service sign-up experience of external users.
`authenticationMethodsPolicy`	`authenticationMethodsPolicy`	The authentication methods and the users that are allowed to use them to sign in and perform multifactor authentication (MFA) in Microsoft Entra ID.
`authenticationStrengthPolicies`	`authenticationStrengthPolicy collection`	The authentication method combinations that are to be used in scenarios defined by Microsoft Entra Conditional Access.
`authorizationPolicy`	`authorizationPolicy collection`	The policy that controls Microsoft Entra authorization settings.
`claimsMappingPolicies`	`claimsMappingPolicy collection`	The claim-mapping policies for WS-Fed, SAML, OAuth 2.0, and OpenID Connect protocols, for tokens issued to a specific application.
`conditionalAccessPolicies`	`conditionalAccessPolicy`	The custom rules that define an access scenario.
`crossTenantAccessPolicy`	`crossTenantAccessPolicy`	The custom rules that define an access scenario when interacting with external Microsoft Entra tenants.
`defaultAppManagementPolicy`	`tenantAppManagementPolicy`	The tenant-wide policy that enforces app management restrictions for all applications and service principals.
`featureRolloutPolicies`	`featureRolloutPolicy collection`	The feature rollout policy associated with a directory object.
`homeRealmDiscoveryPolicies`	`homeRealmDiscoveryPolicy collection`	The policy to control Microsoft Entra authentication behavior for federated users.
`identitySecurityDefaultsEnforcementPolicy`	`identitySecurityDefaultsEnforcementPolicy`	The policy that represents the security defaults that protect against common attacks.
`permissionGrantPolicies`	`permissionGrantPolicy collection`	The policy that specifies the conditions under which consent can be granted.
`roleManagementPolicies`	`unifiedRoleManagementPolicy collection`	Specifies the various policies associated with scopes and roles.
`roleManagementPolicyAssignments`	`unifiedRoleManagementPolicyAssignment collection`	The assignment of a role management policy to a role definition object.
`tokenIssuancePolicies`	`tokenIssuancePolicy collection`	The policy that specifies the characteristics of SAML tokens issued by Microsoft Entra ID.
`tokenLifetimePolicies`	`tokenLifetimePolicy collection`	The policy that controls the lifetime of a JWT access token, an ID token, or a SAML 1.1/2.0 token issued by Microsoft Entra ID.
`b2bManagementPolicies`	`b2bManagementPolicy collection`	The policy to manage Microsoft Entra B2B features in Microsoft Entra External ID for workforce tenants.
`mobileAppManagementPolicies`	`mobileAppManagementPolicy collection`	The policy that defines autoenrollment configuration for a mobility management (MDM or MAM) application.
`mobileDeviceManagementPolicies`	`mobileDeviceManagementPolicy collection`	Related mobileDeviceManagementPolicies data exposed by this resource.
`onPremAuthenticationPolicies`	`onPremAuthenticationPolicy collection`	The policy that controls how authentication requests from on-premises environments are managed.
`permissionGrantPreApprovalPolicies`	`permissionGrantPreApprovalPolicy collection`	Policies that specify the conditions under which consent can be granted to a specific application.
`servicePrincipalCreationPolicies`	`servicePrincipalCreationPolicy collection`	Related servicePrincipalCreationPolicies data exposed by this resource.

Graph Methods

Delegated access App-only access

Exact Microsoft Learn match

Microsoft Graph v1.0 endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

Methods
GET `/policies/authenticationFlowsPolicy`
PATCH `/policies/authenticationFlowsPolicy`

Exact Microsoft Learn match

Microsoft Graph beta endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

Methods
GET `/policies/authenticationFlowsPolicy`
PATCH `/policies/authenticationFlowsPolicy`

Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell v1.0 commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

Commands
`Get-MgPolicyAuthenticationFlowPolicy` /policies/authenticationFlowsPolicy Get authenticationFlowsPolicy
`Update-MgPolicyAuthenticationFlowPolicy` /policies/authenticationFlowsPolicy Update authenticationFlowsPolicy

Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell beta commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

Commands
`Get-MgBetaPolicyAuthenticationFlowPolicy` /policies/authenticationFlowsPolicy Get authenticationFlowsPolicy
`Update-MgBetaPolicyAuthenticationFlowPolicy` /policies/authenticationFlowsPolicy Update authenticationFlowsPolicy

Code Examples

C# / .NET SDK

Update authenticationFlowsPolicy

View official example on Microsoft Learn

// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Models;

var requestBody = new AuthenticationFlowsPolicy
{
	SelfServiceSignUp = new SelfServiceSignUpAuthenticationFlowConfiguration
	{
		IsEnabled = true,
	},
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Policies.AuthenticationFlowsPolicy.PatchAsync(requestBody);

JavaScript

Update authenticationFlowsPolicy

View official example on Microsoft Learn

const options = {
	authProvider,
};

const client = Client.init(options);

const authenticationFlowsPolicy = {
  selfServiceSignUp: {
    isEnabled: true
  }
};

await client.api('/policies/authenticationFlowsPolicy')
	.update(authenticationFlowsPolicy);

PowerShell

Update authenticationFlowsPolicy

View official example on Microsoft Learn

Import-Module Microsoft.Graph.Identity.SignIns

$params = @{
	selfServiceSignUp = @{
		isEnabled = $true
	}
}

Update-MgPolicyAuthenticationFlowPolicy -BodyParameter $params

Python

Update authenticationFlowsPolicy

View official example on Microsoft Learn

# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.authentication_flows_policy import AuthenticationFlowsPolicy
from msgraph.generated.models.self_service_sign_up_authentication_flow_configuration import SelfServiceSignUpAuthenticationFlowConfiguration
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = AuthenticationFlowsPolicy(
	self_service_sign_up = SelfServiceSignUpAuthenticationFlowConfiguration(
		is_enabled = True,
	),
)

result = await graph_client.policies.authentication_flows_policy.patch(request_body)

App Registration

1

Navigate to Azure Portal

Go to App registrations in Microsoft Entra admin center

2

Add API Permission

Select your app → API permissions → Add a permission → Microsoft Graph

3

Select Permission Type

Choose Application permissions or delegated permissions and search for Policy.ReadWrite.AuthenticationFlows

4

Grant Admin Consent

Application permissions always require admin consent.