Table of Contents

Policy.ReadWrite.FedTokenValidation

Allows the application to read and update the organization's federated token validation policy on behalf of the signed-in user.

Merill's Note

For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the Policy.ReadWrite.FedTokenValidation permission.

If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the Export-MsIdAppConsentGrantReport command. See How To: Run a quick OAuth app audit of your tenant

Category Application Delegated
Identifier 90bbca0b-227c-4cdc-8083-1c6cfb95bac6 be1be369-4540-4ac9-8928-79de99f70d8f
DisplayText Read and write your organization's federated token validation policy Read and write your organization's federated token validation policy
Description Allows the application to read and update the organization's federated token validation policy without a signed-in user. Allows the application to read and update the organization's federated token validation policy on behalf of the signed-in user.
AdminConsentRequired Yes Yes

Graph Methods

Resources

Granting this permission allows the calling application to access (and/or update) the following information in your tenant.

Graph reference: federatedTokenValidationPolicy

Property Type Description
deletedDateTime DateTimeOffset Date and time when this object was deleted. Always null when the object wasn't deleted. Inherited from directoryObject.
ID String The unique identifier for the object. Key. Not nullable. Read-only. Inherited from directoryObject.
validatingDomains validatingDomains Verified Microsoft Entra ID domains that Microsoft Entra ID validates that the federated account's root domain matches with the mapped Microsoft Entra account's root domain.