TenantGovernance-PolicyTemplate.ReadWrite.All

Allows the application to list, read, create, update, and delete Tenant Governance policy templates on behalf of the signed-in user.

Merill's Note

For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the TenantGovernance-PolicyTemplate.ReadWrite.All permission.

If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the Export-MsIdAppConsentGrantReport command. See How To: Run a quick OAuth app audit of your tenant

Category	Application	Delegated
Identifier	-	7cd0bd21-45fe-4c8e-a549-3c95bd27d185
DisplayText	-	Read and write Tenant Governance policy templates
Description	-	Allows the application to list, read, create, update, and delete Tenant Governance policy templates on behalf of the signed-in user.
AdminConsentRequired	Yes	Yes

Graph Methods

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods
	DELETE /directory/tenantGovernance/governancePolicyTemplates/{governancePolicyTemplateId}
	GET /directory/tenantGovernance/governancePolicyTemplates
	GET /directory/tenantGovernance/governancePolicyTemplates/{governancePolicyTemplateId}
	GET /directory/tenantGovernance/governancePolicyTemplates/default
	PATCH /directory/tenantGovernance/governancePolicyTemplates/{governancePolicyTemplateId}
	PATCH /directory/tenantGovernance/governancePolicyTemplates/default
	POST /directory/tenantGovernance/governancePolicyTemplates

Resources

Granting this permission allows the calling application to access (and/or update) the following information in your tenant.

Graph reference: delegatedAdministrationRoleAssignment

Property	Type	Description
roleTemplates	microsoft.graph.tenantGovernanceServices.roleTemplate collection	A collection of role templates that define the roles to be assigned to the group in the governed tenant.

Graph reference: governancePolicyTemplate

Property	Type	Description
createdDateTime	DateTimeOffset	The date and time when the template was created. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. Supports `$filter` (`lt`, `le`, `gt`, `ge`, `eq`, `ne`) and `$orderBy`.
delegatedAdministrationRoleAssignments	microsoft.graph.tenantGovernanceServices.delegatedAdministrationRoleAssignment collection	A collection of delegated administration role assignments to be applied in the governed tenant when the governance relationship is established.
description	String	A description of the policy template. Supports `$filter` (`eq`, `ne`) and `$orderBy`.
displayName	String	The display name of the policy template. Supports `$filter` (`eq`, `ne`) and `$orderBy`.
governedTenantCanTerminate	Boolean	Not implemented.
id	String	The unique identifier for the policy template. Is `default` for the default template. Inherited from entity. Supports `$filter` (`eq`, `ne`) and `$orderBy`.
lastModifiedDateTime	DateTimeOffset	The date and time when the template was last modified. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. Supports `$filter` (`lt`, `le`, `gt`, `ge`, `eq`, `ne`) and `$orderBy`.
multiTenantApplicationsToProvision	microsoft.graph.tenantGovernanceServices.multiTenantApplicationsToProvision collection	A collection of multi-tenant applications to be provisioned in the governed tenant when the governance relationship is established.
version	String	The version of the policy template. Version count increased by 1 when updated. Supports `$filter` (`lt`, `le`, `gt`, `ge`, `eq`, `ne`) and `$orderBy`.

Graph reference: multiTenantApplicationsToProvision

Property	Type	Description
appId	String	The appId (client ID) of the multi-tenant application.
displayName	String	The display name of the application.
objectId	String	The object ID of the service principal in the governing tenant.
requiredResourceAccesses	microsoft.graph.tenantGovernanceServices.requiredResourceAccess collection	The collection of resource accesses (permissions) required by the application.

Table of Contents

TenantGovernance-PolicyTemplate.ReadWrite.All

Graph Methods

Resources