AgentIdentityBlueprintPrincipal.EnableDisable.All
Merill's Note
For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the
AgentIdentityBlueprintPrincipal.EnableDisable.Allpermission.If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the
Export-MsIdAppConsentGrantReportcommand. See How To: Run a quick OAuth app audit of your tenant
| Category | Application | Delegated |
|---|---|---|
| Identifier | - | - |
| DisplayText | - | - |
| Description | - | - |
| AdminConsentRequired | Yes | No |
Graph Methods
→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)
| Methods |
|---|
Resources
Granting this permission allows the calling application to access (and/or update) the following information in your tenant.
Graph reference: agentIdentityBlueprintPrincipal
| Property | Type | Description |
|---|---|---|
| accountEnabled | Boolean | true if the agent identity blueprint principal account is enabled; otherwise, false. If set to false, then no users are able to sign in to this app, even if they're assigned to it. Inherited from servicePrincipal. |
| appDescription | String | The description exposed by the associated agent identity blueprint. Inherited from servicePrincipal. |
| appDisplayName | String | The display name exposed by the associated agent identity blueprint. Maximum length is 256 characters. Inherited from servicePrincipal. |
| appId | String | The appId of the associated agent identity blueprint. Alternate key. Inherited from servicePrincipal. |
| appOwnerOrganizationId | Guid | Contains the tenant ID where the agent identity blueprint is registered. This is applicable only to agent identity blueprint principals backed by applications. Inherited from servicePrincipal. |
| appRoleAssignmentRequired | Boolean | Specifies whether users or other service principals need to be granted an app role assignment for this agent identity blueprint principal before users can sign in or apps can get tokens. The default value is false. Not nullable. Inherited from servicePrincipal. |
| appRoles | appRole collection | The roles exposed by the agent identity blueprint, which this agent identity blueprint principal represents. For more information, see the appRoles property definition on the application entity. Not nullable. Inherited from servicePrincipal. |
| createdByAppId | String | The appId (called Application (client) ID on the Microsoft Entra admin center) of the application that created this agent identity blueprint principal. Set internally by Microsoft Entra ID. Read-only. Inherited from servicePrincipal. |
| disabledByMicrosoftStatus | String | Specifies whether Microsoft has disabled the registered agent identity blueprint. Possible values are: null (default value), NotDisabled, and DisabledDueToViolationOfServicesAgreement (reasons may include suspicious, abusive, or malicious activity, or a violation of the Microsoft Services Agreement). Inherited from servicePrincipal. |
| displayName | String | The display name for the agent identity blueprint principal. Inherited from servicePrincipal. |
| id | String | The unique identifier for the agent identity blueprint principal. Inherited from entity. Key. Not nullable. Read-only. |
| info | informationalUrl | Basic profile information of the acquired application such as app's marketing, support, terms of service and privacy statement URLs. The terms of service and privacy statement are surfaced to users through the user consent experience. Inherited from servicePrincipal. |
| publishedPermissionScopes | permissionScope collection | The delegated permissions exposed by the application. For more information, see the oauth2PermissionScopes property on the agent identity blueprint entity's api property. Not nullable. Inherited from servicePrincipal. |
| publisherName | String | The name of the Microsoft Entra tenant that published the application. Inherited from servicePrincipal. |
| servicePrincipalNames | String collection | Contains the list of identifiersUris, copied over from the associated agent identity blueprint. More values can be added to hybrid agent identity blueprint. These values can be used to identify the permissions exposed by this app within Microsoft Entra ID. Not nullable. Property blocked on Agent Identity Blueprint Principal. Inherited from servicePrincipal. |
| servicePrincipalType | String | Identifies if the agent identity blueprint principal represents an application. This is set by Microsoft Entra ID internally. For an agent identity blueprint principal that represents an application this is set as Application. Inherited from servicePrincipal. |
| signInAudience | String | Specifies the Microsoft accounts that are supported for the current agent identity blueprint. Read-only. Supported values are: AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, and PersonalMicrosoftAccount. Inherited from servicePrincipal. |
| tags | String collection | Custom strings that can be used to categorize and identify the agent identity blueprint principal. Not nullable. The value is the union of strings set here and on the associated agent identity blueprint entity's tags property. Inherited from servicePrincipal. |
| verifiedPublisher | verifiedPublisher | Specifies the verified publisher of the application that's linked to this agent identity blueprint principal. Inherited from servicePrincipal. |