Table of Contents

Policy.ReadWrite.CrossTenantAccess

Allows the app to read and write your organization's cross tenant access policies on behalf of the signed-in user.

Merill's Note

For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the Policy.ReadWrite.CrossTenantAccess permission.

If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the Export-MsIdAppConsentGrantReport command. See How To: Run a quick OAuth app audit of your tenant

Category Application Delegated
Identifier 338163d7-f101-4c92-94ba-ca46fe52447c 014b43d0-6ed4-4fc6-84dc-4b6f7bae7d85
DisplayText Read and write your organization's cross tenant access policies Read and write your organization's cross tenant access policies
Description Allows the app to read and write your organization's cross tenant access policies without a signed-in user. Allows the app to read and write your organization's cross tenant access policies on behalf of the signed-in user.
AdminConsentRequired Yes Yes

Graph Methods

API supports delegated access (access on behalf of a user)
API supports app-only access (access without a user)

Methods

Resources

Granting this permission allows the calling application to access (and/or update) the following information in your tenant.

Graph reference: crossTenantAccessPolicy

Property Type Description
displayName String The display name of the cross-tenant access policy. Inherited from policyBase.
allowedCloudEndpoints String collection Used to specify which Microsoft clouds an organization would like to collaborate with. By default, this value is empty. Supported values for this field are: microsoftonline.com, microsoftonline.us, and partner.microsoftonline.cn.