Merill's Note
For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the EventListener.ReadWrite.All permission.
If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the Export-MsIdAppConsentGrantReport command. See How To: Run a quick OAuth app audit of your tenant
Granting this permission allows the calling application to access (and/or update) the following information in your tenant.
Graph reference: authenticationConditionApplication
| Property |
Type |
Description |
| appId |
String |
The identifier for an application corresponding to a condition which will trigger an authenticationEventListener. |
Graph reference: authenticationConditions
| Property |
Type |
Description |
| applications |
authenticationConditionsApplications |
Applications which trigger a custom authentication extension. |
Graph reference: authenticationEventListener
| Property |
Type |
Description |
| conditions |
authenticationConditions |
The conditions on which this authenticationEventListener should trigger. |
| id |
String |
Identifier for this authenticationEventListener. Inherited from entity. |
| authenticationEventsFlowId |
String |
Indicates the authenticationEventListener is associated with an authenticationEventsFlow. Read-only. |
Graph reference: authenticationEventsFlow
| Property |
Type |
Description |
| id |
String |
The unique identifier for the entity. Read-only. Inherited from entity. Autogenerated. |
| displayName |
String |
Required. The display name for the events policy. |
| description |
String |
The description of the events policy. |
| conditions |
authenticationConditions |
The conditions representing the context of the authentication request that's used to decide whether the events policy is invoked.
Supports $filter (eq). See support for filtering on user flows for syntax information. |
Graph reference: customAuthenticationExtension
| Property |
Type |
Description |
| authenticationConfiguration |
customExtensionAuthenticationConfiguration |
The authentication configuration for the customAuthenticationExtension. Inherited from customCalloutExtension. |
| clientConfiguration |
customExtensionClientConfiguration |
The connection settings for the customAuthenticationExtension. Inherited from customCalloutExtension. |
| description |
String |
The description of the customAuthenticationExtension. Inherited from customCalloutExtension. |
| displayName |
String |
The display name for the customAuthenticationExtension. Inherited from customCalloutExtension. |
| endpointConfiguration |
customExtensionEndpointConfiguration |
The HTTP endpoint that this custom extension calls. Inherited from customCalloutExtension. |
| id |
String |
Identifier for the customAuthenticationExtension. Inherited from entity. |
Graph reference: identityProviderBase
| Property |
Type |
Description |
| displayName |
String |
The display name of the identity provider. |
| id |
String |
The identifier of the identity provider. |
Graph reference: identityUserFlowAttribute
| Property |
Type |
Description |
| dataType |
identityUserFlowAttributeDataType |
The data type of the user flow attribute. Can't be modified after the custom user flow attribute is created. The supported values for dataType are: string , boolean , int64 , stringCollection , dateTime, unknownFutureValue.
Supports $filter (eq, ne). |
| displayName |
String |
The display name of the user flow attribute.
Supports $filter (eq, ne). |
| description |
String |
The description of the user flow attribute that's shown to the user at the time of sign up. |
| id |
String |
The identifier of the user flow attribute. Read-only.
Supports $filter (eq, ne). |
| userFlowAttributeType |
identityUserFlowAttributeType |
The type of the user flow attribute. Read-only. Depending on the type of attribute, the values for this property are builtIn, custom, required, unknownFutureValue.
Supports $filter (eq, ne). |
Graph reference: onAttributeCollectionListener
| Property |
Type |
Description |
| id |
String |
Required. Inherited from entity. |
| conditions |
authenticationConditions |
Required. Inherited from authenticationEventListener. |
| authenticationEventsFlowId |
String |
Inherited from authenticationEventListener. |
| handler |
onAttributeCollectionHandler |
Required. Configuration for what to invoke if the event resolves to this listener. |
Graph reference: onAttributeCollectionStartCustomExtension
| Property |
Type |
Description |
| authenticationConfiguration |
customExtensionAuthenticationConfiguration |
Configuration for securing the API call. For example, using OAuth client credentials flow. Inherited from customCalloutExtension. |
| clientConfiguration |
customExtensionClientConfiguration |
HTTP connection settings that define how long Microsoft Entra ID can wait for a connection, how many times you can retry a timed-out connection and the exception scenarios when retries are allowed. Inherited from customCalloutExtension. |
| description |
String |
Description for the onAttributeCollectionStartCustomExtension object. Inherited from customCalloutExtension. |
| displayName |
String |
Display name for the onAttributeCollectionStartCustomExtension object. Inherited from customCalloutExtension. |
| endpointConfiguration |
customExtensionEndpointConfiguration |
The type and details for configuring the endpoint to call the app's workflow. Inherited from customCalloutExtension. |
| id |
String |
Identifier for the onAttributeCollectionStartCustomExtension object. Inherited from entity. Inherited from entity. |
Graph reference: onAttributeCollectionStartListener
| Property |
Type |
Description |
| authenticationEventsFlowId |
String |
The identifier of the authenticationEventsFlow object. Inherited from authenticationEventListener. |
| conditions |
authenticationConditions |
The conditions on which this authenticationEventListener should trigger. Inherited from authenticationEventListener. |
| handler |
onAttributeCollectionStartHandler |
Configuration for what to invoke if the event resolves to this listener. |
| id |
String |
Identifier for this authenticationEventListener. Inherited from entity. |
| priority |
Int32 |
The priority of this handler. Between 0 (lower priority) and 1000 (higher priority). Inherited from authenticationEventListener. |
Graph reference: onAttributeCollectionSubmitCustomExtension
| Property |
Type |
Description |
| authenticationConfiguration |
customExtensionAuthenticationConfiguration |
Configuration for securing the API call. For example, using OAuth client credentials flow. Inherited from customCalloutExtension. |
| clientConfiguration |
customExtensionClientConfiguration |
HTTP connection settings that define how long Microsoft Entra ID can wait for a connection, how many times you can retry a timed-out connection and the exception scenarios when retries are allowed. Inherited from customCalloutExtension. |
| description |
String |
Description for the onAttributeCollectionSubmitCustomExtension object. Inherited from customCalloutExtension. |
| displayName |
String |
Display name for the onAttributeCollectionSubmitCustomExtension object. Inherited from customCalloutExtension. |
| endpointConfiguration |
customExtensionEndpointConfiguration |
The type and details for configuring the endpoint to call the app's workflow. Inherited from customCalloutExtension. |
| id |
String |
Identifier for the onAttributeCollectionSubmitCustomExtension object. Inherited from entity. Inherited from entity. |
Graph reference: onAttributeCollectionSubmitListener
| Property |
Type |
Description |
| authenticationEventsFlowId |
String |
The identifier of the authenticationEventsFlow object. Inherited from authenticationEventListener. |
| conditions |
authenticationConditions |
The conditions on which this authenticationEventListener should trigger. Inherited from authenticationEventListener. |
| handler |
onAttributeCollectionSubmitHandler |
Configuration for what to invoke if the event resolves to this listener. |
| id |
String |
Identifier for this authenticationEventListener. Inherited from entity. |
| priority |
Int32 |
The priority of this listener. Between 0 (lower priority) and 1000 (higher priority). Inherited from authenticationEventListener. |
Graph reference: onAuthenticationMethodLoadStartListener
| Property |
Type |
Description |
| id |
String |
Required. Inherited from entity. |
| conditions |
authenticationConditions |
Required. Inherited from authenticationEventListener. |
| authenticationEventsFlowId |
String |
Inherited from authenticationEventListener. |
| handler |
onAuthenticationMethodLoadStartHandler |
Required. Configuration for what to invoke if the event resolves to this listener. This property lets us define potential handler configurations per-event. |
Graph reference: onInteractiveAuthFlowStartListener
| Property |
Type |
Description |
| id |
String |
Required. Inherited from entity. |
| conditions |
authenticationConditions |
Required. Inherited from authenticationEventListener. |
| authenticationEventsFlowId |
String |
Inherited from authenticationEventListener. |
| handler |
onInteractiveAuthFlowStartHandler |
Required. Configuration for what to invoke if the event resolves to this listener. This lets us define potential handler configurations per-event. |
Graph reference: onTokenIssuanceStartListener
| Property |
Type |
Description |
| conditions |
authenticationConditions |
The conditions on which onTokenIssuanceStartListener should trigger. Inherited from authenticationEventListener. |
| handler |
onTokenIssuanceStartHandler |
The handler to invoke when conditions are met for this onTokenIssuanceStartListener. |
| id |
String |
Identifier for the onTokenIssuanceStartListener. Inherited from entity. |
Graph reference: onUserCreateStartListener
| Property |
Type |
Description |
| id |
String |
Required. Inherited from entity. |
| conditions |
authenticationConditions |
Required. Inherited from authenticationEventListener. |
| authenticationEventsFlowId |
String |
Inherited from authenticationEventListener. |
| handler |
onUserCreateStartHandler |
Required. Configuration for what to invoke if the event resolves to this listener. This lets us define potential handler configurations per-event. |