ManagedTenants.ReadWrite.All

Allows the app to read and write all managed tenant information on behalf of the signed-in user.

Merill's Note

For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the ManagedTenants.ReadWrite.All permission.

If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the Export-MsIdAppConsentGrantReport command. See How To: Run a quick OAuth app audit of your tenant

Category	Application	Delegated
Identifier	-	b31fa710-c9b3-4d9e-8f5e-8036eecddab9
DisplayText	-	Read and write all managed tenant information
Description	-	Allows the app to read and write all managed tenant information on behalf of the signed-in user.
AdminConsentRequired	Yes	Yes

Graph Methods

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods
	DELETE /tenantRelationships/managedTenants/tenantTags/{tenantTagId}
	GET /tenantRelationships/managedTenants/auditEvents/{auditEventId}
	GET /tenantRelationships/managedTenants/managementActions
	GET /tenantRelationships/managedTenants/managementActions/{managementActionId}
	GET /tenantRelationships/managedTenants/managementActionTenantDeploymentStatuses
	GET /tenantRelationships/managedTenants/managementActionTenantDeploymentStatuses/{managementActionTenantDeploymentStatusId}
	GET /tenantRelationships/managedTenants/managementIntents
	GET /tenantRelationships/managedTenants/managementIntents/{managementIntentId}
	GET /tenantRelationships/managedTenants/managementTemplates
	GET /tenantRelationships/managedTenants/managementTemplates/{managementTemplateId}
	GET /tenantRelationships/managedTenants/myRoles
	GET /tenantRelationships/managedTenants/tenantGroups
	GET /tenantRelationships/managedTenants/tenantGroups/{tenantGroupId}
	GET /tenantRelationships/managedTenants/tenants
	GET /tenantRelationships/managedTenants/tenants/{tenantId}
	GET /tenantRelationships/managedTenants/tenantsCustomizedInformation
	GET /tenantRelationships/managedTenants/tenantsCustomizedInformation/{tenantCustomizedInformationId}
	GET /tenantRelationships/managedTenants/tenantsDetailedInformation
	GET /tenantRelationships/managedTenants/tenantsDetailedInformation/{tenantDetailedInformationId}
	GET /tenantRelationships/managedTenants/tenantTags
	GET /tenantRelationships/managedTenants/tenantTags/{tenantTagId}
	GET /tenantRelationships/managedTenants/tenantUsage
	PATCH /tenantRelationships/managedTenants/tenantsCustomizedInformation/{tenantCustomizedInformationId}
	PATCH /tenantRelationships/managedTenants/tenantTags/{tenantTagId}
	POST /tenantRelationships/managedTenants/managementActions/{managementActionId}/apply
	POST /tenantRelationships/managedTenants/managementActionTenantDeploymentStatuses/changeDeploymentStatus
	POST /tenantRelationships/managedTenants/tenantGroups/tenantSearch
	POST /tenantRelationships/managedTenants/tenants/{tenantId}/offboardTenant
	POST /tenantRelationships/managedTenants/tenants/{tenantId}/resetTenantOnboardingStatus
	POST /tenantRelationships/managedTenants/tenantTags
	POST /tenantRelationships/managedTenants/tenantTags/{tenantTagId}/assignTag
	POST /tenantRelationships/managedTenants/tenantTags/{tenantTagId}/unassignTag

→ Command supports delegated access (access on behalf of a user)
→ Command supports app-only access (access without a user)

	Commands
	Add-MgBetaTenantRelationshipManagedTenantManagementAction
	Get-MgBetaTenantRelationshipManagedTenant
	Get-MgBetaTenantRelationshipManagedTenantAuditEvent
	Get-MgBetaTenantRelationshipManagedTenantCustomizedInformation
	Get-MgBetaTenantRelationshipManagedTenantDetailedInformation
	Get-MgBetaTenantRelationshipManagedTenantGroup
	Get-MgBetaTenantRelationshipManagedTenantManagementAction
	Get-MgBetaTenantRelationshipManagedTenantManagementActionTenantDeploymentStatus
	Get-MgBetaTenantRelationshipManagedTenantManagementIntent
	Get-MgBetaTenantRelationshipManagedTenantManagementTemplate
	Get-MgBetaTenantRelationshipManagedTenantMyRole
	Get-MgBetaTenantRelationshipManagedTenantTag
	Invoke-MgBetaTagTenantRelationshipManagedTenantTagUnassign
	Invoke-MgBetaTenantRelationshipManagedTenantGroupSearch
	Invoke-MgBetaTenantRelationshipManagedTenantOffboard
	New-MgBetaTenantRelationshipManagedTenantTag
	Remove-MgBetaTenantRelationshipManagedTenantTag
	Rename-MgBetaTenantRelationshipManagedTenantManagementActionTenantDeploymentStatus
	Reset-MgBetaTenantRelationshipManagedTenantOnboardingStatus
	Set-MgBetaTenantRelationshipManagedTenantTag
	Update-MgBetaTenantRelationshipManagedTenantCustomizedInformation
	Update-MgBetaTenantRelationshipManagedTenantTag

Resources

Granting this permission allows the calling application to access (and/or update) the following information in your tenant.

Graph reference: auditEvent

Property	Type	Description
activity	String	A string that uniquely represents the operation that occurred. Required. Read-only.
activityDateTime	DateTimeOffset	The time when the activity occurred. Required. Read-only.
activityId	String	The identifier of the activity request that made the audit event. Required. Read-only.
category	String	A category that represents a logical grouping of activities. Required. Read-only.
httpVerb	String	The HTTP verb that was used when making the API request. Required. Read-only.
id	String	The unique identifier of the audit event. Required. Read-only.
initiatedByAppId	String	The identifier of the app that was used to make the request. Required. Read-only.
initiatedByUpn	String	The UPN of the user who initiated the activity. Required. Read-only.
initiatedByUserId	String	The identifier of the user who initiated the activity. Required. Read-only.
ipAddress	String	The IP address of where the activity was initiated. This may be an IPv4 or IPv6 address. Required. Read-only.
requestBody	String	The raw HTTP request body. Some sensitive information may be removed.
requestUrl	String	The raw HTTP request URL. Required. Read-only.
tenantIds	String	The collection of Microsoft Entra tenant identifiers for the managed tenants that were affected by a change, and is formatted as a list of comma-separated values. Required. Read-only.
tenantNames	String	The collection of tenant names that were affected by a change, and is formatted as a list of comma-separated values. Required. Read-only.

Graph reference: managementAction

Property	Type	Description
category	managementCategory	The category for the management action. Possible values are: `custom`, `devices`, `identity`, `unknownFutureValue`. Optional. Read-only.
description	String	The description for the management action. Optional. Read-only.
displayName	String	The display name for the management action. Optional. Read-only.
id	String	The unique identifier for the management action. Required. Read-only.
referenceTemplateId	String	The reference for the management template used to generate the management action. Required. Read-only.
workloadActions	microsoft.graph.managedTenants.workloadAction collection	The collection of workload actions associated with the management action. Required. Read-only.

Graph reference: managementActionDeploymentStatus

Property	Type	Description
managementActionId	String	The identifier for the management action. Required. Read-only.
managementTemplateId	String	The management template identifier that was used to generate the management action. Required. Read-only.
status	managementActionStatus	The status of the management action. Possible values are: `toAddress`, `completed`, `error`, `timeOut`, `inProgress`, `planned`, `resolvedBy3rdParty`, `resolvedThroughAlternateMitigation`, `riskAccepted`, `unknownFutureValue`. Required.
workloadActionDeploymentStatuses	microsoft.graph.managedTenants.workloadActionDeploymentStatus collection	The collection of workload action deployment statues for the given management action. Optional.

Graph reference: managementActionTenantDeploymentStatus

Property	Type	Description
id	String	The unique identifier for the tenant level deployment status. Required. Read-only.
statuses	microsoft.graph.managedTenants.managementActionDeploymentStatus collection	The collection of deployment status for each instance of a management action. Optional.
tenantGroupId	String	The identifier for the tenant group that is associated with the management action. Required. Read-only.
tenantId	String	The Microsoft Entra tenant identifier for the managed tenant. Required. Read-only.

Graph reference: managementIntent

Property	Type	Description
displayName	String	The display name for the management intent. Optional. Read-only.
id	String	The unique identifier for the management intent. Required. Read-only.
isGlobal	Boolean	A flag indicating whether the management intent is global. Required. Read-only.
managementTemplates	microsoft.graph.managedTenants.managementTemplateDetailedInfo collection	The collection of management templates associated with the management intent. Optional. Read-only.

Graph reference: managementTemplate

Property	Type	Description
category	managementCategory	The management category for the management template. Possible values are: `custom`, `devices`, `identity`, `unknownFutureValue`. Required. Read-only.
description	String	The description for the management template. Optional. Read-only.
displayName	String	The display name for the management template. Required. Read-only.
id	String	The unique identifier for the management template. Required. Read-only.
parameters	microsoft.graph.managedTenants.templateParameter collection	The collection of parameters used by the management template. Optional. Read-only.
workloadActions	microsoft.graph.managedTenants.workloadAction collection	The collection of workload actions associated with the management template. Optional. Read-only.

Graph reference: myRole

Property	Type	Description
assignments	microsoft.graph.managedTenants.roleAssignment collection	A collection of role assignments for the managed tenant.
tenantId	String	The Microsoft Entra tenant identifier for the managed tenant. Optional. Read-only.

Graph reference: tenant

Property	Type	Description
contract	microsoft.graph.managedTenants.tenantContract	The relationship details for the tenant with the managing entity.
createdDateTime	DateTimeOffset	The date and time the tenant was created in the multi-tenant management platform. Optional. Read-only.
displayName	String	The display name for the tenant. Required. Read-only.
id	String	The Microsoft Entra tenant identifier for the tenant. Required. Read-only.
lastUpdatedDateTime	DateTimeOffset	The date and time the tenant was last updated within the multi-tenant management platform. Optional. Read-only.
tenantId	String	The Microsoft Entra tenant identifier for the managed tenant. Optional. Read-only.
tenantStatusInformation	microsoft.graph.managedTenants.tenantStatusInformation	The onboarding status information for the tenant. Optional. Read-only.

Graph reference: tenantContactInformation

Property	Type	Description
email	String	The email address for the contact. Optional
name	String	The name for the contact. Required.
notes	String	The notes associated with the contact. Optional
phone	String	The phone number for the contact. Optional.
title	String	The title for the contact. Required.

Graph reference: tenantCustomizedInformation

Property	Type	Description
contacts	microsoft.graph.managedTenants.tenantContactInformation collection	The collection of contacts for the managed tenant. Optional.
displayName	String	The display name for the managed tenant. Required. Read-only.
id	String	The Microsoft Entra tenant identifier for the managed tenant. Required. Read-only.
tenantId	String	The Microsoft Entra tenant identifier for the managed tenant. Optional. Read-only.
website	String	The website for the managed tenant. Required.
businessRelationship	String	Describes the relationship between the Managed Services Provider and the managed tenant; for example, Managed, Co-managed, Licensing. The maximum length is 250 characters. Optional.
complianceRequirements	String collection	Contains the compliance requirements for the customer tenant; for example, HIPPA, NIST, CMMC. The maximum length is 250 characters per compliance requirement. Optional.
managedServicesPlans	String collection	This is the Managed Services Plans for the customer tenant that the Managed Services Provider manages. The maximum length is 250 characters per managed service plan. Optional.
note	String	A field for the Managed Services Provider technician to input custom text to share notes between technicians within the Managed Service Providers. The maximum length is 5000 characters. Optional.
noteLastModifiedDateTime	DateTimeOffset	The date on which the note field of this entity was last modified. Optional.
partnerRelationshipManagerUserIds	String collection	The list of Entra user IDs for users in the Managed Services Provider that manage the relationship with the managed tenant. Optional.

Graph reference: tenantDetailedInformation

Property	Type	Description
city	String	The city where the managed tenant is located. Optional. Read-only.
countryCode	String	The code for the country where the managed tenant is located. Optional. Read-only.
countryName	String	The name for the country where the managed tenant is located. Optional. Read-only.
defaultDomainName	String	The default domain name for the managed tenant. Optional. Read-only.
displayName	String	The display name for the managed tenant.
id	String	The unique identifier for this entity. Required. Read-only.
industryName	String	The business industry associated with the managed tenant. Optional. Read-only.
region	String	The region where the managed tenant is located. Optional. Read-only.
segmentName	String	The business segment associated with the managed tenant. Optional. Read-only.
tenantId	String	The Microsoft Entra tenant identifier for the managed tenant.
verticalName	String	The vertical associated with the managed tenant. Optional. Read-only.

Graph reference: tenantGroup

Property	Type	Description
allTenantsIncluded	Boolean	A flag indicating whether all managed tenant are included in the tenant group. Required. Read-only.
displayName	String	The display name for the tenant group. Optional. Read-only.
id	String	The unique identifier for the tenant group. Required. Read-only.
managementActions	microsoft.graph.managedTenants.managementActionInfo collection	The collection of management action associated with the tenant group. Optional. Read-only.
managementIntents	microsoft.graph.managedTenants.managementIntentInfo collection	The collection of management intents associated with the tenant group. Optional. Read-only.
tenantIds	String collection	The collection of managed tenant identifiers include in the tenant group. Optional. Read-only.

Property	Type	Description
tenantId	String	The Microsoft Entra tenant identifier for the managed tenant. Optional.

Graph reference: tenantTag

Property	Type	Description
createdByUserId	String	The identifier for the account that created the tenant tag. Required. Read-only.
createdDateTime	DateTimeOffset	The date and time when the tenant tag was created. Required. Read-only.
deletedDateTime	DateTimeOffset	The date and time when the tenant tag was deleted. Required. Read-only.
description	String	The description for the tenant tag. Optional. Read-only.
displayName	String	The display name for the tenant tag. Required. Read-only.
id	String	The unique identifier for the tenant tag. Required. Read-only.
lastActionByUserId	String	The identifier for the account that lasted on the tenant tag. Optional. Read-only.
lastActionDateTime	DateTimeOffset	The date and time the last action was performed against the tenant tag. Optional. Read-only.
tenants	microsoft.graph.managedTenants.tenantInfo collection	The collection of managed tenants associated with the tenant tag. Optional.

Graph reference: tenantUsage

Property	Type	Description
id	String	The unique identifier for the tenant. Required. Read-only.
reportDateTime	DateTimeOffset	The day the report was generated for the previous month. Required. Read-only.
serviceUsages	microsoft.graph.managedTenants.serviceUsage collection	The number of monthly active users for each service in the tenant. Example services: `Excel`, `Exchange`, `Intune`, `Outlook`, `Teams`, `Word`. Required. Read-only.
tenantId	String	The Microsoft Entra tenant identifier for the managed tenant. Read-only.
totalActiveUsers	Int32	The total number of unique, active users. Required. Read-only.

Table of Contents

ManagedTenants.ReadWrite.All

Graph Methods

Resources