Synchronization.ReadWrite.All
Allows the app to configure the Azure AD synchronization service, on behalf of the signed-in user.
Merill's Note
For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the
Synchronization.ReadWrite.Allpermission.If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the
Export-MsIdAppConsentGrantReportcommand. See How To: Run a quick OAuth app audit of your tenant
| Category | Application | Delegated |
|---|---|---|
| Identifier | 9b50c33d-700f-43b1-b2eb-87e89b703581 | 7bb27fa3-ea8f-4d67-a916-87715b6188bd |
| DisplayText | Read and write all Azure AD synchronization data. | Read and write all Azure AD synchronization data |
| Description | Allows the application to configure the Azure AD synchronization service, without a signed-in user. | Allows the app to configure the Azure AD synchronization service, on behalf of the signed-in user. |
| AdminConsentRequired | Yes | Yes |
Graph Methods
→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)
| Methods | |
|---|---|
Resources
Granting this permission allows the calling application to access (and/or update) the following information in your tenant.
- attributeDefinition
- attributeMappingFunctionSchema
- attributeMappingSource
- expressionInputObject
- filter
- filterOperatorSchema
- parseExpressionResponse
- synchronizationJob
- synchronizationJobApplicationParameters
- synchronizationJobRestartCriteria
- synchronizationSchema
- synchronizationSecretKeyStringValuePair
- synchronizationTemplate
Graph reference: attributeDefinition
| Property | Type | Description |
|---|---|---|
| anchor | Boolean | true if the attribute should be used as the anchor for the object. Anchor attributes must have a unique value identifying an object, and must be immutable. Default is false. One, and only one, of the object's attributes must be designated as the anchor to support synchronization. |
| caseExact | Boolean | true if value of this attribute should be treated as case-sensitive. This setting affects how the synchronization engine detects changes for the attribute. |
| defaultValue | String | The default value of the attribute. |
| flowNullValues | Boolean | 'true' to allow null values for attributes. |
| metadata | attributeDefinitionMetadataEntry collection | Metadata for the given object. |
| multivalued | Boolean | true if an attribute can have multiple values. Default is false. |
| mutability | mutability | An attribute's mutability. Possible values are: ReadWrite, ReadOnly, Immutable, WriteOnly. Default is ReadWrite. |
| name | String | Name of the attribute. Must be unique within the object definition. Not nullable. |
| required | Boolean | true if attribute is required. Object can not be created if any of the required attributes are missing. If during synchronization, the required attribute has no value, the default value will be used. If default the value was not set, synchronization will record an error. |
| referencedObjects | referencedObject collection | For attributes with reference type, lists referenced objects (for example, the manager attribute would list User as the referenced object). |
| type | attributeType | Attribute value type. Possible values are: String, Integer, Reference, Binary, Boolean,DateTime. Default is String. |