AgentInstance.ReadWrite.ManagedBy
Allows the app to create, read, update, and delete agent instances that designate the calling app as their manager in your organization's Agent Registry without a signed-in user.
Merill's Note
For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the
AgentInstance.ReadWrite.ManagedBypermission.If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the
Export-MsIdAppConsentGrantReportcommand. See How To: Run a quick OAuth app audit of your tenant
| Category | Application | Delegated |
|---|---|---|
| Identifier | 782ab1bf-24f1-4c27-8bbc-2006d42792a6 | - |
| DisplayText | Read and write managed-by agent instances in Agent Registry | - |
| Description | Allows the app to create, read, update, and delete agent instances that designate the calling app as their manager in your organization's Agent Registry without a signed-in user. | - |
| AdminConsentRequired | - | - |
Graph Methods
→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)
| Methods |
|---|
Resources
Granting this permission allows the calling application to access (and/or update) the following information in your tenant.
Graph reference: agentCardManifest
| Property | Type | Description |
|---|---|---|
| capabilities | agentCapabilities | A declaration of optional capabilities supported by the agent. |
| createdBy | String | Object ID of the user or application that created the agent card manifest. Read-only. |
| createdDateTime | DateTimeOffset | When this agent card manifest was created. |
| defaultInputModes | String collection | Default set of supported input MIME types for all skills, which can be overridden on a per-skill basis. |
| defaultOutputModes | String collection | Default set of supported output MIME types for all skills, which can be overridden on a per-skill basis. |
| description | String | A human-readable description of the agent. |
| displayName | String | A human-readable display name of the agent. |
| documentationUrl | String | URL to agent's documentation. |
| iconUrl | String | URL to agent's icon image. |
| id | String | ID of the agent card manifest. Inherited from entity. Key. |
| lastModifiedDateTime | DateTimeOffset | When this agent card manifest was last modified. |
| managedBy | String | appId (referred to as Application (client) ID on the Microsoft Entra admin center) of the application managing this agent manifest. |
| originatingStore | String | Name of the store/system where agent originated. For example Copilot Studio. |
| ownerIds | String collection | List of object IDs for the owners of the agent card manifest. |
| protocolVersion | String | Protocol version supported by the agent. |
| provider | agentProvider | Information about the organization providing the agent. |
| security | securityRequirement collection | Security requirements - array of security scheme references. |
| securitySchemes | securitySchemes | Dictionary of security scheme definitions keyed by scheme name. |
| skills | agentSkill collection | Skills/capabilities that the agent can perform |
| supportsAuthenticatedExtendedCard | Boolean | Whether agent supports authenticated extended card retrieval |
| version | String | Version of the agent implementation |