ConfigurationMonitoring.ReadWrite.All

Allows the app to read and write all Configuration Monitoring entities on behalf of the signed-in user.

Merill's Note

For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the ConfigurationMonitoring.ReadWrite.All permission.

If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the Export-MsIdAppConsentGrantReport command. See How To: Run a quick OAuth app audit of your tenant

Category	Application	Delegated
Identifier	cfa85bfb-2ee8-4e13-8e7f-489e57a015a1	54505ce9-e719-41f7-a7cc-dbe114e1d811
DisplayText	Read and write all Configuration Monitoring entities	Read and write all Configuration Monitoring entities
Description	Allows the app to read and write all Configuration Monitoring entities, without a signed-in user.	Allows the app to read and write all Configuration Monitoring entities on behalf of the signed-in user.
AdminConsentRequired	Yes	Yes

Graph Methods

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods
	DELETE /admin/configurationManagement/configurationMonitors/{configurationMonitorId}
	DELETE /admin/configurationManagement/configurationSnapshotJobs/{configurationSnapshotJobId}
	GET /admin/configurationManagement/configurationDrifts
	GET /admin/configurationManagement/configurationDrifts/{configurationDriftId}
	GET /admin/configurationManagement/configurationMonitoringResults
	GET /admin/configurationManagement/configurationMonitoringResults/{configurationMonitoringResultId}
	GET /admin/configurationManagement/configurationMonitors
	GET /admin/configurationManagement/configurationMonitors/{configurationMonitorId}
	GET /admin/configurationManagement/configurationMonitors/{configurationMonitorId}/baseline
	GET /admin/configurationManagement/configurationSnapshotJobs
	GET /admin/configurationManagement/configurationSnapshotJobs/{configurationSnapshotJobId}
	PATCH /admin/configurationManagement/configurationMonitors/{configurationMonitorId}
	POST /admin/configurationManagement/configurationMonitors
	POST /admin/configurationManagement/configurationSnapshots/createSnapshot

Resources

Granting this permission allows the calling application to access (and/or update) the following information in your tenant.

Graph reference: configurationBaseline

Property	Type	Description
description	String	User-friendly description of the baseline given by the user.
displayName	String	User-friendly name given by the user to the baseline.
id	String	The unique identifier for the configurationBaseline object. Inherited from entity.
parameters	baselineParameter collection	Collection of parameters attached to the baseline.
resources	baselineResource collection	Collection of resources and their properties that are added to the baseline. At least one property of one resource must be present in the baseline.

Graph reference: configurationDrift

Property	Type	Description
baselineResourceDisplayName	String	Resource instance for which the drift is detected.
driftedProperties	driftedProperty collection	Properties within one or more resource instances in which drift is detected.
firstReportedDateTime	DateTimeOffset	The date and time at which drift is first detected. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.
id	String	Globally unique identifier (GUID) of the drift. System-generated. Inherited from entity.
monitorId	String	Globally unique identifier (GUID) of the monitor. System-generated.
resourceInstanceIdentifier	openComplexDictionaryType	An identifier that allows users to understand exactly where the drift is.
resourceType	String	Resource for which the drift is detected.
status	driftStatus	Status of the drift. The possible values are: `active`, `fixed`, `unknownFutureValue`.
tenantId	String	Globally unique identifier (GUID) of the tenant for which the monitor runs. Fetched automatically by the system.

Graph reference: configurationMonitor

Property	Type	Description
createdBy	identitySet	The user who created the monitor.
createdDateTime	DateTimeOffset	The date and time when the monitor was created. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.
description	String	User-friendly description of the monitor given by the user.
displayName	String	User-friendly name given by the user to the monitor.
id	String	Globally unique identifier (GUID) for the monitor. System-generated. Inherited from entity.
inactivationReason	String	The reason for the monitor's inactivation.
lastModifiedBy	identitySet	The user who last modified the monitor.
lastModifiedDateTime	DateTimeOffset	The date and time when the monitor was last modified. If no modifications are made to the monitor, it's the same as createdDateTime. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.
mode	monitorMode	Monitor mode in which the monitor runs. The possible values are: `monitorOnly`, `unknownFutureValue`. The default value is `monitorOnly`.
monitorRunFrequencyInHours	Int32	Frequency at which the monitor runs. The default frequency is six hours. Regardless of when you create or update a monitor, it gets triggered within the next 6 hours. Currently, monitors are picked up at fixed times: 6 AM, 12 PM, 6 PM, and 12 AM (all in GMT). For example, if you create a monitor at 9 AM, it gets triggered around 12 PM. If you update a monitor at 4 PM, it gets triggered around 6 PM.
parameters	openComplexDictionaryType	Key-value pairs that contain parameter values which might be used in the baseline.
status	monitorStatus	Status of the monitor The possible values are: `active`, `unknownFutureValue`. The default value is `active`.
tenantId	String	Globally unique identifier (GUID) of the tenant for which the monitor runs. Fetched automatically by the system.

Graph reference: configurationMonitoringResult

Property	Type	Description
driftsCount	Int32	Number of drifts observed during a monitor run.
errorDetails	errorDetail collection	All the error details that prevent the monitor from running successfully. The error details are a contained entity.
id	String	Globally unique identifier (GUID) of the monitor run. System-generated. Inherited from entity.
monitorId	String	Globally unique identifier (GUID) of the monitor. System-generated.
runCompletionDateTime	DateTimeOffset	Date and time at which the monitor run completed. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.
runInitiationDateTime	DateTimeOffset	Date and time at which the monitor run initiated. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.
runStatus	monitorRunStatus	Status of the monitor run. The possible values are: `successful`, `partiallySuccessful`, `failed`, `unknownFutureValue`.
tenantId	String	Globally unique identifier (GUID) of the tenant for which the monitor runs. Fetched automatically by the system.

Graph reference: configurationSnapshotJob

Property	Type	Description
completedDateTime	DateTimeOffset	The date and time when the snapshot job was completed. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.
createdBy	identitySet	The user who triggered the snapshot.
createdDateTime	DateTimeOffset	The date and time when the snapshot job was created. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.
description	String	User-friendly description of the snapshot given by the user.
displayName	String	User-friendly name provided by the user during snapshot creation.
errorDetails	String collection	Details of errors related to the reasons why the snapshot can't complete.
id	String	Globally unique identifier (GUID) of the snapshot job. Inherited from entity.
resourceLocation	String	The URL at which the snapshot file resides.
resources	String collection	The names of all resources included in the request body by the user who created the snapshot. Fetched by the system.
status	snapshotJobStatus	Status of the snapshot. The possible values are: `notStarted`, `running`, `succeeded`, `failed`, `unknownFutureValue`, `partiallySuccessful`. Use the `Prefer: include-unknown-enum-members` request header to get the following value in this evolvable enum: `partiallySuccessful`.
tenantId	String	Globally unique identifier (GUID) of the tenant for which the snapshot is created.

Table of Contents

ConfigurationMonitoring.ReadWrite.All

Graph Methods

Resources