SharePointTenantSettings.ReadWrite.All
Export JSON
Export CSV
Copy URL
Print
ApplicationDelegated
Read/Write
All Resources
Allows the application to read and change the tenant-level settings of SharePoint and OneDrive, without a signed-in user.
Permission data: April 6, 2026 at 4:06 AM UTC
Delegated Access
App-Only Access
Permission Details
Application Permission
Read and change SharePoint and OneDrive tenant settings
Allows the application to read and change the tenant-level settings of SharePoint and OneDrive, without a signed-in user.
Permission ID:
19b94e34-907c-4f43-bde9-38b1909ed408
Delegated Permission
Admin consent required
Read and change SharePoint and OneDrive tenant settings
Allows the application to read and change the tenant-level settings of SharePoint and OneDrive on behalf of the signed-in user.
User sees: Allows the application to read and change the tenant-level settings of SharePoint and OneDrive on your behalf.
Permission ID:
aa07f155-3612-49b8-a147-6c590df35536
Properties
Microsoft Graph v1.0
endpoint-derived-docs
Properties is shown from stable Microsoft Graph v1.0 metadata.
| Property | Type | Description |
|---|---|---|
edge |
object |
A container for Microsoft Edge resources. Read-only. |
exchange |
object |
A container for the Exchange admin functionality. Read-only. |
microsoft365Apps |
object |
A container for the Microsoft 365 apps admin functionality. |
people |
object |
Represents a setting to control people-related admin settings in the tenant. |
reportSettings |
object |
A container for administrative resources to manage reports. |
serviceAnnouncement |
object |
A container for service communications resources. Read-only. |
sharepoint |
object |
|
teams |
object |
A container for Teams administration functionalities, such as Teams telephone number management functionalities, user Teams configurations, and policy assignments. |
JSON Representation
Microsoft Graph v1.0
endpoint-derived-docs
JSON representation is shown from stable Microsoft Graph v1.0 metadata.
JSON representation
{
"@odata.type": "#microsoft.graph.admin"
}Relationships
Microsoft Graph v1.0
endpoint-derived-docs
Relationships is shown from stable Microsoft Graph v1.0 metadata.
| Relationship | Type | Description |
|---|---|---|
configurationManagement |
configurationManagement |
A container for Tenant Configuration Management (TCM) resources. Read-only. |
edge |
edge |
A container for Microsoft Edge resources. Read-only. |
exchange |
exchangeAdmin |
A container for the Exchange admin functionality. Read-only. |
microsoft365Apps |
adminMicrosoft365Apps |
A container for the Microsoft 365 apps admin functionality. |
people |
peopleAdminSettings |
Represents a setting to control people-related admin settings in the tenant. |
reportSettings |
adminReportSettings |
A container for administrative resources to manage reports. |
serviceAnnouncement |
serviceAnnouncement |
A container for service communications resources. Read-only. |
sharepointSettings |
sharepointSettings |
A container for administrative resources to manage tenant-level settings for SharePoint and OneDrive. |
teams |
teamsAdministration.teamsAdminRoot |
A container for Teams administration functionalities, such as Teams telephone number management functionalities, user Teams configurations, and policy assignments. |
Graph Methods
Delegated access
App-only access
Exact Microsoft Learn match
Microsoft Graph v1.0 endpoints are mapped directly from refreshed Microsoft Learn permissions tables.
| Methods |
|---|
GET
/admin/sharepoint/settings
|
PATCH
/admin/sharepoint/settings
|
Exact Microsoft Learn match
Microsoft Graph beta endpoints are mapped directly from refreshed Microsoft Learn permissions tables.
| Methods |
|---|
GET
/admin/sharepoint/settings
|
PATCH
/admin/sharepoint/settings
|
Exact Microsoft Learn PowerShell match
Microsoft Graph PowerShell v1.0 commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.
| Commands |
|---|
Get-MgAdminSharepointSetting
/admin/sharepoint/settings
Get sharepointSettings
|
Update-MgAdminSharepointSetting
/admin/sharepoint/settings
Update sharepointSettings
|
Exact Microsoft Learn PowerShell match
Microsoft Graph PowerShell beta commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.
| Commands |
|---|
Get-MgBetaAdminSharepointSetting
/admin/sharepoint/settings
Get sharepointSettings
|
Update-MgBetaAdminSharepointSetting
/admin/sharepoint/settings
Update sharepointSettings
|
Code Examples
C# / .NET SDK
Update sharepointSettings
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new SharepointSettings
{
DeletedUserPersonalSiteRetentionPeriodInDays = 365,
ExcludedFileExtensionsForSyncApp = new List<string>
{
".mp3",
},
ImageTaggingOption = ImageTaggingChoice.Enhanced,
IsLegacyAuthProtocolsEnabled = true,
IsSitesStorageLimitAutomatic = false,
IsSyncButtonHiddenOnPersonalSite = false,
IsUnmanagedSyncAppForTenantRestricted = false,
PersonalSiteDefaultStorageLimitInMB = 120000L,
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Admin.Sharepoint.Settings.PatchAsync(requestBody);
JavaScript
Update sharepointSettings
const options = {
authProvider,
};
const client = Client.init(options);
const sharepointSettings = {
deletedUserPersonalSiteRetentionPeriodInDays: 365,
excludedFileExtensionsForSyncApp: ['.mp3'],
imageTaggingOption: 'enhanced',
isLegacyAuthProtocolsEnabled: true,
isSitesStorageLimitAutomatic: false,
isSyncButtonHiddenOnPersonalSite: false,
isUnmanagedSyncAppForTenantRestricted: false,
personalSiteDefaultStorageLimitInMB: 120000
};
await client.api('/admin/sharepoint/settings')
.update(sharepointSettings);
PowerShell
Update sharepointSettings
Import-Module Microsoft.Graph.Sites
$params = @{
deletedUserPersonalSiteRetentionPeriodInDays = 365
excludedFileExtensionsForSyncApp = @(
".mp3"
)
imageTaggingOption = "enhanced"
isLegacyAuthProtocolsEnabled = $true
isSitesStorageLimitAutomatic = $false
isSyncButtonHiddenOnPersonalSite = $false
isUnmanagedSyncAppForTenantRestricted = $false
personalSiteDefaultStorageLimitInMB = 120000
}
Update-MgAdminSharepointSetting -BodyParameter $params
Python
Update sharepointSettings
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.sharepoint_settings import SharepointSettings
from msgraph.generated.models.image_tagging_choice import ImageTaggingChoice
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = SharepointSettings(
deleted_user_personal_site_retention_period_in_days = 365,
excluded_file_extensions_for_sync_app = [
".mp3",
],
image_tagging_option = ImageTaggingChoice.Enhanced,
is_legacy_auth_protocols_enabled = True,
is_sites_storage_limit_automatic = False,
is_sync_button_hidden_on_personal_site = False,
is_unmanaged_sync_app_for_tenant_restricted = False,
personal_site_default_storage_limit_in_m_b = 120000,
)
result = await graph_client.admin.sharepoint.settings.patch(request_body)App Registration
1
Navigate to Azure Portal
Go to App registrations in Microsoft Entra admin center
2
Add API Permission
Select your app → API permissions → Add a permission → Microsoft Graph
3
Select Permission Type
Choose Application permissions or delegated permissions and search for SharePointTenantSettings.ReadWrite.All
4
Grant Admin Consent
Application permissions always require admin consent.