NetworkAccess.Read.All
Allows the app to read all network access information on behalf of the signed-in user.
Merill's Note
For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the
NetworkAccess.Read.Allpermission.If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the
Export-MsIdAppConsentGrantReportcommand. See How To: Run a quick OAuth app audit of your tenant
| Category | Application | Delegated |
|---|---|---|
| Identifier | e30060de-caa5-4331-99d3-6ac6c966a9a4 | 2f7013e0-ab4e-447f-a5e1-5d419950692d |
| DisplayText | Read all network access information | Read all network access information |
| Description | Allows the app to read all network access information and configuration settings without a signed-in user. | Allows the app to read all network access information on behalf of the signed-in user. |
| AdminConsentRequired | Yes | Yes |
Graph Methods
→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)
| Methods |
|---|
→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)
| Methods | |
|---|---|
→ Command supports delegated access (access on behalf of a user)
→ Command supports app-only access (access without a user)
| Commands |
|---|
→ Command supports delegated access (access on behalf of a user)
→ Command supports app-only access (access without a user)
| Commands | |
|---|---|
Resources
Granting this permission allows the calling application to access (and/or update) the following information in your tenant.
- networkaccess-branchconnectivityconfiguration
- networkaccess-branchsite
- conditionalAccessSettings
- crossTenantAccessSettings
- deviceLink
- enrichedAuditLogs
- filteringPolicy
- filteringProfile
- filteringRule
- forwardingPolicy
- forwardingPolicyLink
- forwardingProfile
- forwardingRule
- fqdnFilteringRule
- m365ForwardingRule
- policyRule
- privateAccessForwardingRule
- remoteNetwork
- remoteNetworkConnectivityConfiguration
- webCategoryFilteringRule
Graph reference: networkaccess-branchconnectivityconfiguration
| Property | Type | Description |
|---|---|---|
| branchId | String | Unique identifier or a specific reference assigned to a branchSite. Key. |
| branchName | String | Display name assigned to a branchSite. |
| links | microsoft.graph.networkaccess.connectivityConfigurationLink collection | List of connectivity configurations for deviceLink objects. |
Graph reference: networkaccess-branchsite
| Property | Type | Description |
|---|---|---|
| bandwidthCapacity | Int64 | Determines the maximum allowed Mbps (megabits per second) bandwidth from a branch site. The possible values are:250,500,750,1000. |
| connectivityState | microsoft.graph.networkaccess.connectivityState | Determines the branch site status. The possible values are: pending, connected, inactive, error. |
| id | String | Identifier for the branch. Inherited from microsoft.graph.entity. |
| lastModifiedDateTime | DateTimeOffset | last modified time. |
| name | String | Name. |
| region | microsoft.graph.networkaccess.region | Specify the region closest to your remote network. The possible value are: eastUS, eastUS2, westUS, westUS2, westUS3, centralUS, northCentralUS, southCentralUS, northEurope, westEurope, franceCentral, germanyWestCentral, switzerlandNorth, ukSouth, canadaEast, canadaCentral, southAfricaWest, southAfricaNorth, uaeNorth, australiaEast, westCentralUS, centralIndia, southEastAsia, swedenCentral, southIndia, australiaSouthEast, koreaCentral, koreaSouth, polandCentral, brazilSouth, japanEast, japanWest, koreaSouth, italyNorth, franceSouth, israelCentral, unknownFutureValue. |
| version | String | The branch version. |
| country (deprecated) | String | The branch site is created in the specified country. **D |
Graph reference: conditionalAccessSettings
| Property | Type | Description |
|---|---|---|
| id | String | Identifier. Inherited from microsoft.graph.entity. |
| signalingStatus | microsoft.graph.networkaccess.status | When SignalingStatus is enabled, the Conditional Access policy includes zero trust network access information. The possible values are: enabled, disabled. |
Graph reference: crossTenantAccessSettings
| Property | Type | Description |
|---|---|---|
| id | String | Identifier. Inherited from microsoft.graph.entity. |
| networkPacketTaggingStatus | microsoft.graph.networkaccess.status | Determines if a header with the user tenant ID is inserted into the network traffic. .The possible values are: enabled, disabled. |
Graph reference: deviceLink
| Property | Type | Description |
|---|---|---|
| bgpConfiguration | microsoft.graph.networkaccess.bgpConfiguration | The border gateway protocol specifies the Border Gateway Protocol (BGP) IP address and ASN for directing traffic from a link to the edge. |
| bandwidthCapacityInMbps | Int64 | Determines the maximum allowed Mbps (megabits per second) bandwidth from a device link. The possible values are:250,500,750,1000. |
| deviceVendor | microsoft.graph.networkaccess.deviceVendor | Specifies the manufacturer of the deviceLink. The possible values are: barracudaNetworks, checkPoint, ciscoMeraki, citrix, fortinet, hpeAruba, netFoundry, nuage, openSystems, paloAltoNetworks, riverbedTechnology, silverPeak, vmWareSdWan, versa, other. |
| id | String | Identifier. Inherited from microsoft.graph.entity. |
| ipAddress | String | The public IP address of your CPE (customer premise equipment) device. |
| lastModifiedDateTime | DateTimeOffset | last modified time. |
| name | String | Name. |
| tunnelConfiguration | microsoft.graph.networkaccess.tunnelConfiguration | The connectivity settings, including the protocol, IPSec policy, and preshared key, are specified for establishing connectivity. |
| version | String | Version. |
Graph reference: enrichedAuditLogs
| Property | Type | Description |
|---|---|---|
| exchange | microsoft.graph.networkaccess.enrichedAuditLogsSettings | Exchange Online enriched audit logs settings. |
| id | String | Id Inherited from microsoft.graph.entity. |
| sharepoint | microsoft.graph.networkaccess.enrichedAuditLogsSettings | SharePoint Online enriched audit logs settings. |
| teams | microsoft.graph.networkaccess.enrichedAuditLogsSettings | Teams enriched audit logs settings. |
Graph reference: filteringPolicy
| Property | Type | Description |
|---|---|---|
| createdDateTime | DateTimeOffset | The date and time when the filtering Policy was originally created. |
| description | String | A description of the filtering policy. Inherited from microsoft.graph.networkaccess.policy. |
| id | String | The identifier for the filtering policy. Inherited from microsoft.graph.entity. |
| lastModifiedDateTime | DateTimeOffset | The date and time when a particular profile was last modified or updated. |
| name | String | The display name for the filtering policy. Inherited from microsoft.graph.networkaccess.policy. |
Graph reference: filteringProfile
| Property | Type | Description |
|---|---|---|
| createdDateTime | DateTimeOffset | The date and time when the filteringProfile was created. |
| description | String | A description of the filtering profile. Inherited from microsoft.graph.networkaccess.profile. |
| id | String | The distinct identifier that is assigned to a specific profile. Inherited from microsoft.graph.entity. |
| lastModifiedDateTime | DateTimeOffset | The date and time when a particular profile was last modified or updated. Inherited from microsoft.graph.networkaccess.profile. |
| name | String | The name of the profile. Inherited from microsoft.graph.networkaccess.profile. |
| priority | Int64 | The priority used to order the profile for processing within a list. |
| state | microsoft.graph.networkaccess.status | The profile state. Inherited from microsoft.graph.networkaccess.profile. The possible values are: enabled, disabled. |
Graph reference: filteringRule
| Property | Type | Description |
|---|---|---|
| destinations | microsoft.graph.networkaccess.ruleDestination collection | Possible destinations and types of destinations accessed by the user in accordance with the network filtering policy, such as IP addresses and FQDNs/URLs. |
| id | String | A unique ID for the rule. Inherited from microsoft.graph.networkaccess.policyRule. |
| name | String | The display name of the rule. Inherited from microsoft.graph.networkaccess.policyRule. |
| ruleType | microsoft.graph.networkaccess.networkDestinationType | The rule types that specify the basis for filtering. The possible values are: url, fqdn, ipAddress, ipRange, ipSubnet, and webCategory. |
Graph reference: forwardingPolicy
| Property | Type | Description |
|---|---|---|
| description | String | Forwarding policy description. Inherited from microsoft.graph.networkaccess.policy. |
| id | String | Identifier for the forwarding policy. Inherited from microsoft.graph.entity. |
| name | String | Forwarding policy name. Inherited from microsoft.graph.networkaccess.policy. |
| trafficForwardingType | microsoft.graph.networkaccess.trafficForwardingType | Traffic type for forwarding policy. The possible values are: m365, internet, private. |
| version | String | Forwarding policy version. Inherited from microsoft.graph.networkaccess.policy. |
Graph reference: forwardingPolicyLink
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier. Inherited from microsoft.graph.entity. |
| state | microsoft.graph.networkaccess.status | Link Status. Inherited from microsoft.graph.networkaccess.policyLink. The possible values are: enabled, disabled. |
| version | String | Version number. Inherited from microsoft.graph.networkaccess.policyLink. |
Graph reference: forwardingProfile
| Property | Type | Description |
|---|---|---|
| associations | microsoft.graph.networkaccess.association collection | Specifies the users, groups, devices, and remote networks whose traffic is associated with the given traffic forwarding profile. |
| description | String | Profile description. Inherited from microsoft.graph.networkaccess.profile. |
| id | String | Identifier for the profile. Inherited from microsoft.graph.entity. |
| lastModifiedDateTime | DateTimeOffset | Profile last modified time. Inherited from microsoft.graph.networkaccess.profile. |
| name | String | Profile name. Inherited from microsoft.graph.networkaccess.profile. |
| priority | Int32 | Profile priority. |
| state | microsoft.graph.networkaccess.status | Determines whether the profile is active or inactive. Inherited from microsoft.graph.networkaccess.profile. The possible values are: enabled, disabled. |
| trafficForwardingType | microsoft.graph.networkaccess.trafficForwardingType | Profile traffic type. The possible values are: m365, internet, private. |
| version | String | Version. |
Graph reference: forwardingRule
| Property | Type | Description |
|---|---|---|
| action | microsoft.graph.networkaccess.forwardingRuleAction | The action to apply to traffic. The possible values are: bypass, forward, unknownFutureValue. |
| destinations | microsoft.graph.networkaccess.ruleDestination collection | Destinations maintain a list of potential destinations and destination types that the user may access within the context of a network filtering policy. This includes IP addresses and fully qualified domain names (FQDNs)/URLs. |
| id | String | Identifier. Inherited from microsoft.graph.entity. |
| name | String | Name. Inherited from microsoft.graph.networkaccess.policyRule. |
| ruleType | microsoft.graph.networkaccess.networkDestinationType | The network destination type used by a URL filtering policy is defined, which can include types such as IP (Internet Protocol) or FQDN (Fully Qualified Domain Name). The possible values are: url, fqdn, ipAddress, ipRange, ipSubnet. |
Graph reference: fqdnFilteringRule
| Property | Type | Description |
|---|---|---|
| destinations | microsoft.graph.networkaccess.ruleDestination collection | The list of potential destinations and destination types that the user may access, including FQDNs and web categories, within the context of a network filtering policy. Inherited from microsoft.graph.networkaccess.filteringRule. |
| id | String | The unique identifier for the fqdnFilteringRule. Inherited from microsoft.graph.networkaccess.filteringRule. |
| name | String | Display name. Inherited from microsoft.graph.networkaccess.filteringRule. |
| ruleType | microsoft.graph.networkaccess.networkDestinationType | The network destination type used by a filtering rule. Supports a subset of the values for **n |
Graph reference: m365ForwardingRule
| Property | Type | Description |
|---|---|---|
| action | microsoft.graph.networkaccess.forwardingRuleAction | The action applies to traffic. The possible values are: bypass, forward. |
| category | microsoft.graph.networkaccess.forwardingCategory | Defines the category of Office 365 traffic used by a forwarding rule for Microsoft 365 traffic (for example, optimized traffic). The possible values are: default, optimized, allow. |
| destinations | microsoft.graph.networkaccess.ruleDestination collection | destinations à Maintains the list of potential destinations and destination types that the user could be accessing in the context of a forwarding policy, including IPs and FQDNs/URLs Inherited from microsoft.graph.networkaccess.forwardingRule. |
| ID | String | Identifier. Inherited from microsoft.graph.entity. |
| name | String | Name. Inherited from microsoft.graph.networkaccess.policyRule. |
| ports | String collection | The port(s) used by a forwarding rule for Microsoft 365 traffic are specified to determine the specific network port(s) through which the Microsoft 365 traffic is directed and forwarded. |
| protocol | microsoft.graph.networkaccess.networkingProtocol | Defines the networking protocol type used by a forwarding rule for Microsoft 365 traffic. The possible values are: ip, icmp, igmp, ggp, ipv4, tcp, pup, udp, idp, ipv6, ipv6RoutingHeader, ipv6FragmentHeader, ipSecEncapsulatingSecurityPayload, ipSecAuthenticationHeader, icmpV6, ipv6NoNextHeader, ipv6DestinationOptions, nd, raw, ipx, spx, spxII |
| ruleType | microsoft.graph.networkaccess.networkDestinationType | Destination Type. Inherited from microsoft.graph.networkaccess.forwardingRule. The possible values are: url, fqdn, ipAddress, ipRange, ipSubnet, webCategory. |
Graph reference: policyRule
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier for the rule. Inherited from microsoft.graph.entity. |
| name | String | Name. |
Graph reference: privateAccessForwardingRule
| Property | Type | Description |
|---|---|---|
| action | microsoft.graph.networkaccess.forwardingRuleAction | The action applies to traffic. The possible values are: bypass, forward. |
| destinations | microsoft.graph.networkaccess.ruleDestination collection | maintains the list of potential destinations and destination types that the user could be accessing in the context of a forwarding policy, including IPs and FQDNs/URLs Inherited from microsoft.graph.networkaccess.forwardingRule. |
| id | String | Identifier. Inherited from microsoft.graph.entity. |
| name | String | Name. Inherited from microsoft.graph.networkaccess.policyRule. |
| ruleType | microsoft.graph.networkaccess.networkDestinationType | Destination Type. Inherited from microsoft.graph.networkaccess.forwardingRule. The possible values are: url, fqdn, ipAddress, ipRange, ipSubnet |
Graph reference: remoteNetwork
| Property | Type | Description |
|---|---|---|
| id | String | Identifier for the remote network. Inherited from microsoft.graph.entity. |
| lastModifiedDateTime | DateTimeOffset | last modified time. |
| name | String | Name. |
| region | microsoft.graph.networkaccess.region | Specify the region closest to your remote network. The possible value are: eastUS, eastUS2, westUS, westUS2, westUS3, centralUS, northCentralUS, southCentralUS, northEurope, westEurope, franceCentral, germanyWestCentral, switzerlandNorth, ukSouth, canadaEast, canadaCentral, southAfricaWest, southAfricaNorth, uaeNorth, australiaEast, westCentralUS, centralIndia, southEastAsia, swedenCentral, southIndia, australiaSouthEast, koreaCentral, koreaSouth, polandCentral, brazilSouth, japanEast, japanWest, koreaSouth, italyNorth, franceSouth, israelCentral, unknownFutureValue. |
| version | String | Remote network version. |
Graph reference: remoteNetworkConnectivityConfiguration
| Property | Type | Description |
|---|---|---|
| remoteNetworkId | String | Unique identifier or a specific reference assigned to a branchSite. Key. |
| remoteNetworkName | String | Display name assigned to a branchSite. |
Graph reference: webCategoryFilteringRule
| Property | Type | Description |
|---|---|---|
| destinations | microsoft.graph.networkaccess.ruleDestination collection | The list of potential destinations and destination types that the user may access, including fully qualified domain names (FQDNs) and web categories, within the context of a network filtering policy. Inherited from microsoft.graph.networkaccess.filteringRule. |
| id | String | The unique identifier for the webCategoryFilteringRule. Inherited from microsoft.graph.networkaccess.filteringRule. |
| name | String | Display name. Inherited from microsoft.graph.networkaccess.filteringRule. |
| ruleType | microsoft.graph.networkaccess.networkDestinationType | The network destination type used by a filtering rule. Supports a subset of the values for **n |