Domain.ReadWrite.All
Allows the app to read and write all domain properties on behalf of the signed-in user. Also allows the app to add, verify and remove domains.
Merill's Note
For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the
Domain.ReadWrite.All
permission.If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the
Export-MsIdAppConsentGrantReport
command. See How To: Run a quick OAuth app audit of your tenant
Category | Application | Delegated |
---|---|---|
Identifier | 7e05723c-0bb0-42da-be95-ae9f08a6e53c | 0b5d694c-a244-4bde-86e6-eb5cd07730fe |
DisplayText | Read and write domains | Read and write domains |
Description | Allows the app to read and write all domain properties without a signed in user. Also allows the app to add, verify and remove domains. | Allows the app to read and write all domain properties on behalf of the signed-in user. Also allows the app to add, verify and remove domains. |
AdminConsentRequired | Yes | Yes |
Graph Methods
→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)
Methods | |
---|---|
Resources
Granting this permission allows the calling application to access (and/or update) the following information in your tenant.
- directoryObject
- domain
- domainDnsRecord
- externalDomainName
- internalDomainFederation
- samlOrWsFedExternalDomainFederation
- samlOrWsFedProvider
- signingCertificateUpdateStatus
Graph reference: directoryObject
Property | Type | Description |
---|---|---|
deletedDateTime | DateTimeOffset | Date and time when this object was deleted. Always null when the object hasn't been deleted. |
id | String | The unique identifier for the object. For example, 12345678-9abc-def0-1234-56789abcde . The value of the **i |