Policy.Read.OnPremAuthenticationPolicy

Merill's Note

For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the Policy.Read.OnPremAuthenticationPolicy permission.

If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the Export-MsIdAppConsentGrantReport command. See How To: Run a quick OAuth app audit of your tenant

Category	Application	Delegated
Identifier	-	-
DisplayText	-	-
Description	-	-
AdminConsentRequired	Yes	No

Graph Methods

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods
	GET /policies/onPremAuthenticationPolicies
	GET /policies/onPremAuthenticationPolicies/{onPremAuthenticationPolicyId}
	GET /policies/onPremAuthenticationPolicies/{onPremAuthenticationPolicyId}/appliesTo

Resources

Granting this permission allows the calling application to access (and/or update) the following information in your tenant.

directoryObject
onPremAuthenticationPolicy

Graph reference: directoryObject

Property	Type	Description
deletedDateTime	DateTimeOffset	Date and time when this object was deleted. Always `null` when the object hasn't been deleted.
id	String	The unique identifier for the object. For example, `12345678-9abc-def0-1234-56789abcde`. The value of the **i

Graph reference: onPremAuthenticationPolicy

Property	Type	Description
deletedDateTime	DateTimeOffset	Date and time when this object was deleted. Always `null` when the object isn't deleted. Inherited from directoryObject. Optional.
definition	String collection	A string collection containing a JSON string that defines the rules and settings for this policy. See below for more details about the JSON schema for this property. Required. Inherited from stsPolicy.
description	String	Description for this policy. Required. Inherited from policyBase.
displayName	String	Display name for this policy. Required. Inherited from policyBase.
id	String	Unique identifier for this policy. Read-only. Inherited from entity.
isOrganizationDefault	Boolean	If set to true, this instance of the policy will be considered the default for the organization. There can be many policies for the same policy type, but only one can be activated as the organization default. Optional, default value is false. Inherited from stsPolicy.

Table of Contents

Policy.Read.OnPremAuthenticationPolicy

Graph Methods

Resources