ManagedTenant.Read.All
Merill's Note
For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the
ManagedTenant.Read.Allpermission.If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the
Export-MsIdAppConsentGrantReportcommand. See How To: Run a quick OAuth app audit of your tenant
| Category | Application | Delegated |
|---|---|---|
| Identifier | - | - |
| DisplayText | - | - |
| Description | - | - |
| AdminConsentRequired | Yes | No |
Graph Methods
→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)
| Methods |
|---|
Resources
Granting this permission allows the calling application to access (and/or update) the following information in your tenant.
Graph reference: auditEvent
| Property | Type | Description |
|---|---|---|
| activity | String | A string that uniquely represents the operation that occurred. Required. Read-only. |
| activityDateTime | DateTimeOffset | The time when the activity occurred. Required. Read-only. |
| activityId | String | The identifier of the activity request that made the audit event. Required. Read-only. |
| category | String | A category that represents a logical grouping of activities. Required. Read-only. |
| httpVerb | String | The HTTP verb that was used when making the API request. Required. Read-only. |
| id | String | The unique identifier of the audit event. Required. Read-only. |
| initiatedByAppId | String | The identifier of the app that was used to make the request. Required. Read-only. |
| initiatedByUpn | String | The UPN of the user who initiated the activity. Required. Read-only. |
| initiatedByUserId | String | The identifier of the user who initiated the activity. Required. Read-only. |
| ipAddress | String | The IP address of where the activity was initiated. This may be an IPv4 or IPv6 address. Required. Read-only. |
| requestBody | String | The raw HTTP request body. Some sensitive information may be removed. |
| requestUrl | String | The raw HTTP request URL. Required. Read-only. |
| tenantIds | String | The collection of Microsoft Entra tenant identifiers for the managed tenants that were affected by a change, and is formatted as a list of comma-separated values. Required. Read-only. |
| tenantNames | String | The collection of tenant names that were affected by a change, and is formatted as a list of comma-separated values. Required. Read-only. |