Updates from: 07/29/2021 03:12:01
Service Microsoft Docs article Related commit history on GitHub Change details
v1.0 Appmanagementpolicy Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/appManagementPolicy-delete.md
+
+ Title: "Delete appManagementPolicy"
+description: "Delete an application management policy."
+localization_priority: Normal
+++
+# Delete appManagementPolicy
+
+Namespace: microsoft.graph
++
+Delete an [appManagementPolicy](../resources/appManagementPolicy.md) object.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+| Permission type | Permissions (from least to most privileged) |
+| :- | : |
+| Delegated (work or school account) | Policy.ReadWrite.ApplicationConfiguration |
+| Delegated (personal Microsoft account) | Not supported. |
+| Application | Policy.ReadWrite.ApplicationConfiguration |
+
+## HTTP request
+
+<!-- { "blockType": "ignored" } -->
+
+```http
+DELETE /policies/appManagementPolicies/{id}
+```
+
+## Request headers
+
+| Name | Description |
+| : | :-- |
+| Authorization | Bearer {token}. Required. |
+| Content-Type | application/json. Required. |
+
+## Request body
+
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns `204 No Content` response code. It does not return anything in the response body.
+
+## Examples
+
+### Request
+
+The following is an example of the request.
+
+<!-- {
+ "blockType": "request",
+ "name": "delete_appManagementPolicy"
+}-->
+
+```msgraph-interactive
+DELETE https://graph.microsoft.com/beta/policies/appManagementPolicies/{id}
+```
+
+### Response
+
+The following is an example of the response.
+
+<!-- {
+ "blockType": "response",
+ "truncated": false
+} -->
+
+```http
+HTTP/1.1 204 No Content
+
+```
+
+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98
+2019-02-04 14:57:30 UTC -->
+<!-- {
+ "type": "#page.annotation",
+ "description": "delete appManagementPolicy",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": ""
+}-->
v1.0 Appmanagementpolicy Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/appManagementPolicy-get.md
+
+ Title: "Get appManagementPolicy"
+description: "Get an application management policy."
+localization_priority: Normal
+++
+# Get appManagementPolicy
+
+Namespace: microsoft.graph
++
+Read the properties of an [appManagementPolicy](../resources/appManagementPolicy.md) object.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+| Permission type | Permissions (from least to most privileged) |
+| :- | : |
+| Delegated (work or school account) | Policy.Read.All, Policy.ReadWrite.ApplicationConfiguration |
+| Delegated (personal Microsoft account) | Not supported. |
+| Application | Policy.Read.All, Policy.ReadWrite.ApplicationConfiguration |
+
+## HTTP request
+
+<!-- { "blockType": "ignored" } -->
+
+```http
+GET /policies/appManagementPolicies/{id}
+```
+
+## Request headers
+
+| Name | Description |
+| : | : |
+| Authorization | Bearer {token}. Required. |
+
+## Request body
+
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a single [appManagementPolicy](../resources/appManagementPolicy.md) object in the response body.
+
+## Examples
+
+### Request
+
+The following is an example of the request. From the response, the app management policy defines the following restrictions for application and service principal objects:
+
+- Blocks creating of new passwords after 2019-10-19 at 10:37 AM UTC time.
+- Limits password secrets for apps created after 2019-10-19 at 10:37 AM UTC time to less than 4 days, 12 hours, 30 minutes and 5 seconds.
+
+<!-- {
+ "blockType": "request",
+ "name": "get_appManagementPolicy"
+}-->
+
+```msgraph-interactive
+GET https://graph.microsoft.com/beta/policies/appManagementPolicies/{id}
+```
+
+### Response
+
+The following is an example of the response.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.appManagementPolicy"
+} -->
+
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/appManagementPolicies",
+ "value": [
+ {
+ "id": "db9d4b58-3488-4da4-9994-49773c454e33",
+ "displayName": "Custom app management policy",
+ "description": "Custom policy that enforces app management restrictions on specific applications and service principals.",
+ "isEnabled": false,
+ "restrictions": {
+ "passwordCredentials": [
+ {
+ "restrictionType": "passwordAddition",
+ "maxLifetime": null,
+ "restrictForAppsCreatedAfterDateTime": "2019-10-19T10:37:00Z"
+ },
+ {
+ "restrictionType": "passwordLifetime",
+ "maxLifetime": "P4DT12H30M5S",
+ "restrictForAppsCreatedAfterDateTime": "2017-10-19T10:37:00Z"
+ }
+ ]
+ }
+ }
+ ]
+}
+```
+
+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98
+2019-02-04 14:57:30 UTC -->
+<!-- {
+ "type": "#page.annotation",
+ "description": "get appManagementPolicy",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": ""
+}-->
v1.0 Appmanagementpolicy List Appliesto https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/appManagementPolicy-list-appliesTo.md
+
+ Title: "List appliesTo"
+description: "List resources assigned to an application management policy."
+localization_priority: Normal
+++
+# List appliesTo
+
+Namespace: microsoft.graph
++
+List application and service principal objects assigned an [appManagementPolicy](../resources/appManagementPolicy.md) policy object.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+| Permission type | Permissions (from least to most privileged) |
+| :- | : |
+| Delegated (work or school account) | Policy.Read.All, Policy.ReadWrite.ApplicationConfiguration |
+| Delegated (personal Microsoft account) | Not supported. |
+| Application | Policy.Read.All, Policy.ReadWrite.ApplicationConfiguration |
+
+## HTTP request
+
+<!-- { "blockType": "ignored" } -->
+
+```http
+GET /policies/appManagementPolicies/{id}/appliesTo
+```
+
+## Optional query parameters
+This method supports the `$select`, `$filter`, and `$top` OData query parameters to help customize the response. You can apply `$filter` on properties of [application](../resources/application.md) or [servicePrincipal](../resources/serviceprincipal.md) objects that support `$filter`. For example, the following query retrieves the **appId** and **displayName** of applications or service principals that are assigned the policy.
+
+``` http
+
+https://graph.microsoft.com/beta/policies/appManagementPolicies/{id}/appliesTo?$select=appId,displayName
+```
+
+For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+
+| Name | Description |
+| : | : |
+| Authorization | Bearer {token}. Required. |
+
+## Request body
+
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [appManagementPolicy](../resources/appManagementPolicy.md) objects in the response body.
+
+## Example 1: Get applications and service principal objects applied to an app management policy
+
+### Request
+
+The following is an example of the request.
+
+<!-- {
+ "blockType": "request",
+ "name": "list_appManagementPolicyAppliesTo"
+}-->
+
+```http
+GET https://graph.microsoft.com/beta/policies/appManagementPolicies/{id}/appliesTo
+```
+
+### Response
+
+The following is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.appManagementPolicy"
+} -->
+
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#directoryObjects",
+ "value": [
+ {
+ "@odata.type": "#microsoft.graph.application",
+ "id": "0d77e011-2fc6-438f-8b93-decb4f926929",
+ "appId": "8f527de6-05c9-4032-bca9-b2b56ab2358a",
+ "displayName": "TestApp1",
+ "createdDateTime": "2018-01-24T05:55:37Z"
+ }
+ ]
+}
+```
+
+## Example 2: Get specific properties of applications and service principal objects applied to an app management policy using $select query option
+
+### Request
+
+The following is an example of the request.
+
+<!-- {
+ "blockType": "request",
+ "name": "list_appManagementPolicyAppliesTo_select"
+}-->
+
+```http
+GET https://graph.microsoft.com/beta/policies/appManagementPolicies/{id}/appliesTo?$select=id,appId,displayName,createdDateTime
+```
+
+### Response
+
+The following is an example of the response that returns `id`, `appId`, `displayName` and `createdDateTime` of applications and service principals where the policy is applied.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.appManagementPolicy"
+} -->
+
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#directoryObjects(id,appId,displayName,createdDateTime)",
+ "value": [
+ {
+ "@odata.type": "#microsoft.graph.application",
+ "id": "0d77e011-2fc6-438f-8b93-decb4f926929",
+ "appId": "8f527de6-05c9-4032-bca9-b2b56ab2358a",
+ "displayName": "TestApp1",
+ "createdDateTime": "2018-01-24T05:55:37Z"
+ },
+ {
+ "@odata.type": "#microsoft.graph.servicePrincipal",
+ "id": "0e1fa067-dcc1-4d85-9b4c-e69145dd3efb",
+ "appId": "255912cb-e31d-4dee-bee4-3fa5d774d6b9",
+ "displayName": "TestApp2",
+ "createdDateTime": "2018-01-24T05:55:37Z"
+ }
+ ]
+}
+```
++
+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98
+2019-02-04 14:57:30 UTC -->
+<!-- {
+ "type": "#page.annotation",
+ "description": "list resources for appManagementPolicies",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": ""
+}-->
v1.0 Appmanagementpolicy List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/appManagementPolicy-list.md
+
+ Title: "List appManagementPolicies"
+description: "Get a list of application management policies."
+localization_priority: Normal
+++
+# List appManagementPolicies
+
+Namespace: microsoft.graph
++
+Retrieve a list of [appManagementPolicy](../resources/appManagementPolicy.md) objects.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+| Permission type | Permissions (from least to most privileged) |
+| :- | : |
+| Delegated (work or school account) | Policy.Read.All, Policy.ReadWrite.ApplicationConfiguration |
+| Delegated (personal Microsoft account) | Not supported. |
+| Application | Policy.Read.All, Policy.ReadWrite.ApplicationConfiguration |
+
+## Optional query parameters
+
+This method supports the `$select`, `$filter`, and `$top` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## HTTP request
+
+<!-- { "blockType": "ignored" } -->
+
+```http
+GET /policies/appManagementPolicies
+```
+
+## Request headers
+
+| Name | Description |
+| : | : |
+| Authorization | Bearer {token}. Required. |
+
+## Request body
+
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [appManagementPolicy](../resources/appManagementPolicy.md) object in the response body.
+
+## Examples
+
+### Request
+
+The following is an example of the request.
+
+<!-- {
+ "blockType": "request",
+ "name": "list_appManagementPolicies"
+}-->
+
+```msgraph-interactive
+GET https://graph.microsoft.com/beta/policies/appManagementPolicies
+```
+
+### Response
+
+The following is an example of the response.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.appManagementPolicy"
+} -->
+
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/appManagementPolicies",
+ "value": [
+ {
+ "id": "db9d4b58-3488-4da4-9994-49773c454e33",
+ "displayName": "Custom app management policy",
+ "description": "Custom policy that enforces app management restrictions on specific applications and service principals.",
+ "isEnabled": false,
+ "restrictions": {
+ "passwordCredentials": [
+ {
+ "restrictionType": "passwordAddition",
+ "maxLifetime": null,
+ "restrictForAppsCreatedAfterDateTime": "2019-10-19T10:37:00Z"
+ },
+ {
+ "restrictionType": "passwordLifetime",
+ "maxLifetime": "P4DT12H30M5S",
+ "restrictForAppsCreatedAfterDateTime": "2017-10-19T10:37:00Z"
+ }
+ ]
+ }
+ }
+ ]
+}
+```
+
+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98
+2019-02-04 14:57:30 UTC -->
+<!-- {
+ "type": "#page.annotation",
+ "description": "get appManagementPolicies",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": ""
+}-->
v1.0 Appmanagementpolicy Post Appliesto https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/appManagementPolicy-post-appliesto.md
+
+ Title: "Assign appliesTo"
+description: "Assign a policy to application or service principal object."
+localization_priority: Normal
+++
+# Assign appliesTo
+
+Namespace: microsoft.graph
++
+Assign an [appManagementPolicy](../resources/appManagementPolicy.md) policy object to an application or service principal object. The application or service principal adopts this policy over the tenant-wide [tenantAppManagementPolicy](../resources/tenantappmanagementpolicy.md) setting. Only one policy object can be assigned to an application or service principal.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+| Permission type | Permissions (from least to most privileged) |
+| :- | : |
+| Delegated (work or school account) | Policy.ReadWrite.ApplicationConfiguration |
+| Delegated (personal Microsoft account) | Not supported. |
+| Application | Policy.ReadWrite.ApplicationConfiguration |
+
+## HTTP request
+
+<!-- { "blockType": "ignored" } -->
+
+```http
+POST /applications/{id}/appManagementPolicies/$ref
+```
+
+## Request headers
+
+| Name | Description |
+| : | : |
+| Authorization | Bearer {token}. Required. |
+
+## Request body
+
+In the request body, provide a reference to a single policy object from the [appManagementPolicies](../resources/appmanagementpolicy.md) collection.
+
+## Response
+
+If successful, this method returns `204 No Content` response code. It does not return anything in the response body.
+
+## Examples
+
+### Request
+
+The following is an example of the request to assign an appManagementPolicy to an application.
+
+<!-- {
+ "blockType": "request",
+ "name": "assign_appliesTo"
+}-->
+
+```msgraph-interactive
+POST https://graph.microsoft.com/beta/applications/{id}/appManagementPolicies/$ref
+
+{
+ "@odata.id":"https://graph.microsoft.com/beta/policies/appManagementPolicies/{id}"
+}
+```
+
+### Response
+
+The following is an example of the response.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true
+} -->
+
+```http
+HTTP/1.1 204 No Content
+```
+
+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98
+2019-02-04 14:57:30 UTC -->
+<!-- {
+ "type": "#page.annotation",
+ "description": "list resources for appManagementPolicies",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": ""
+}-->
v1.0 Appmanagementpolicy Post https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/appManagementPolicy-post.md
+
+ Title: "Create appManagementPolicy"
+description: "Create an application management policy."
+localization_priority: Normal
+++
+# Create appManagementPolicy
+
+Namespace: microsoft.graph
++
+Create an [appManagementPolicy](../resources/appManagementPolicy.md) object.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+| Permission type | Permissions (from least to most privileged) |
+| :- | : |
+| Delegated (work or school account) | Policy.ReadWrite.ApplicationConfiguration |
+| Delegated (personal Microsoft account) | Not supported. |
+| Application | Policy.ReadWrite.ApplicationConfiguration |
+
+## HTTP request
+
+<!-- { "blockType": "ignored" } -->
+
+```http
+POST /policies/appManagementPolicies
+```
+
+## Request headers
+
+| Name | Description |
+| : | :-- |
+| Authorization | Bearer {token}. Required. |
+| Content-Type | application/json. Required. |
+
+## Request body
+
+In the request body, provide a JSON representation of an [appManagementPolicy](../resources/appManagementPolicy.md).
+
+## Response
+
+If successful, this method returns a `201 Created` response code with the new [appManagementPolicy ](../resources/appmanagementpolicy.md) object in the response payload.
+
+## Examples
+
+### Request
+
+The following is an example of the request. This request created an app management policy with the following settings:
+
+- Enables the policy.
+- Blocks creating of new passwords for apps and service principals after 2019-10-19 at 10:37 AM UTC time.
+- Limits password secrets for apps and service principals created after 2019-10-19 at 10:37 AM UTC time to less than XX days.
+
+<!-- {
+ "blockType": "request",
+ "name": "create_appManagementPolicy"
+}-->
+
+```http
+POST https://graph.microsoft.com/beta/policies/appManagementPolicies
+
+{
+ "displayName": "Credential management policy",
+ "description": "Cred policy sample",
+ "isEnabled": true,
+ "restrictions": {
+ "passwordCredentials": [
+ {
+ "restrictionType": "passwordAddition",
+ "maxLifetime": null,
+ "restrictForAppsCreatedAfterDateTime": "2019-10-19T10:37:00Z"
+ },
+ {
+ "restrictionType": "passwordLifetime",
+ "maxLifetime": "P4DT12H30M5S",
+ "restrictForAppsCreatedAfterDateTime": "2018-10-19T10:37:00Z"
+ }
+ ]
+ }
+}
+
+```
+
+### Response
+
+The following is an example of the response.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.appManagementPolicy"
+} -->
+
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/appManagementPolicies/$entity",
+ "id": "a4ab1ed9-46bb-4bef-88d4-86fd6398dd5d",
+ "displayName": "credential management policy",
+ "description": "Lorem ipsum",
+ "isEnabled": true,
+ "restrictions": {
+ "passwordCredentials": [
+ {
+ "restrictionType": "passwordAddition",
+ "maxLifetime": null,
+ "restrictForAppsCreatedAfterDateTime": "2019-10-19T10:37:00Z"
+ },
+ {
+ "restrictionType": "passwordLifetime",
+ "maxLifetime": "P4DT12H30M5S",
+ "restrictForAppsCreatedAfterDateTime": "2018-10-19T10:37:00Z"
+ }
+ ]
+ }
+}
+```
+
+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98
+2019-02-04 14:57:30 UTC -->
+<!-- {
+ "type": "#page.annotation",
+ "description": "create appManagementPolicies",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": ""
+}-->
v1.0 Appmanagementpolicy Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/appManagementPolicy-update.md
+
+ Title: "Update appManagementPolicy"
+description: "Update an application management policy."
+localization_priority: Normal
+++
+# Update appManagementPolicy
+
+Namespace: microsoft.graph
++
+Update an [appManagementPolicy](../resources/appManagementPolicy.md) object.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+| Permission type | Permissions (from least to most privileged) |
+| :- | : |
+| Delegated (work or school account) | Policy.ReadWrite.ApplicationConfiguration |
+| Delegated (personal Microsoft account) | Not supported. |
+| Application | Policy.ReadWrite.ApplicationConfiguration |
+
+## HTTP request
+
+<!-- { "blockType": "ignored" } -->
+
+```http
+PATCH /policies/appManagementPolicies/{id}
+```
+
+## Request headers
+
+| Name | Description |
+| : | :-- |
+| Authorization | Bearer {token}. Required. |
+| Content-Type | application/json. Required. |
+
+## Request body
+
+In the request body, supply the values for relevant fields from the [appManagementPolicy](../resources/appManagementPolicy.md) that should be updated.
+Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values.
+For best performance, don't include existing values that haven't changed.
+
+| Property | Type | Description |
+|:|:-|:--|
+| displayName | String | The display name of the policy. Inherited from [policyBase](../resources/policybase.md). |
+| description | String | The description of the policy. Inherited from [policyBase](../resources/policybase.md). |
+| isEnabled | Boolean | Denotes whether the policy is enabled. |
+| restrictions | [appManagementConfiguration](../resources/appManagementConfiguration.md) | Restrictions that apply to an application or service principal object. |
+
+## Response
+
+If successful, this method returns a `204 No Content` response code.
+
+## Examples
+
+### Request
+
+The following is an example of the request.
+
+<!-- {
+ "blockType": "request",
+ "name": "update_appManagementPolicy"
+}-->
+
+```msgraph-interactive
+PATCH https://graph.microsoft.com/beta/policies/appManagementPolicies/{id}
+
+{
+ "isEnabled": false
+}
+
+```
+
+### Response
+
+The following is an example of the response.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true
+} -->
+
+```http
+HTTP/1.1 204 No Content
+
+```
+
+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98
+2019-02-04 14:57:30 UTC -->
+<!-- {
+ "type": "#page.annotation",
+ "description": "update appManagementPolicies",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": ""
+}-->
v1.0 Tenantappmanagementpolicy Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/tenantAppManagementPolicy-get.md
+
+ Title: "Get tenantAppManagementPolicy"
+description: "Read the default tenant policy that applies to applications and service principals objects."
+localization_priority: Normal
+++
+# Get tenantAppManagementPolicy
+
+Namespace: microsoft.graph
++
+Read the properties of a [tenantAppManagementPolicy](../resources/tenantAppManagementPolicy.md) object.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+| Permission type | Permissions (from least to most privileged) |
+| :- | : |
+| Delegated (work or school account) | Policy.Read.All, Policy.ReadWrite.ApplicationConfiguration |
+| Delegated (personal Microsoft account) | Not supported. |
+| Application | Policy.Read.All, Policy.ReadWrite.ApplicationConfiguration |
+
+## HTTP request
+
+<!-- { "blockType": "ignored" } -->
+
+```http
+GET /policies/tenantAppManagementPolicy
+```
+
+## Request headers
+
+| Name | Description |
+| : | : |
+| Authorization | Bearer {token}. Required. |
+
+## Request body
+
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and the requested [tenantAppManagementPolicy](../resources/tenantAppManagementPolicy.md) object in the response body.
+
+## Examples
+
+### Request
+
+The following is an example of the request.
+
+<!-- {
+ "blockType": "request",
+ "name": "get_tenantAppManagementPolicy"
+}-->
+
+```msgraph-interactive
+GET https://graph.microsoft.com/beta/policies/tenantAppManagementPolicy
+```
+
+### Response
+
+The following is an example of the response that shows the default tenant app management policy.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.tenantAppManagementPolicy"
+} -->
+
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/tenantAppManagementPolicy/$entity",
+ "@odata.id": "https://graph.microsoft.com/v2/927c6607-8060-4f4a-a5f8-34964ac78d70/defaultAppManagementPolicy/00000000-0000-0000-0000-000000000000",
+ "id": "00000000-0000-0000-0000-000000000000",
+ "displayName": "Default app management tenant policy",
+ "description": "Default tenant policy that enforces app management restrictions on applications and service principals. To apply policy to targeted resources, create a new policy under appManagementPolicies collection.",
+ "isEnabled": false,
+ "applicationRestrictions": {
+ "passwordCredentials": []
+ },
+ "servicePrincipalRestrictions": {
+ "passwordCredentials": []
+ }
+}
+```
+
+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98
+2019-02-04 14:57:30 UTC -->
+<!-- {
+ "type": "#page.annotation",
+ "description": "Get tenantAppManagementPolicy",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": ""
+}-->
v1.0 Tenantappmanagementpolicy Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/tenantAppManagementPolicy-update.md
+
+ Title: "Update tenantAppManagementPolicy"
+description: "Update the default tenant policy that applies to applications and service principals objects."
+localization_priority: Normal
+++
+# Update tenantAppManagementPolicy
+
+Namespace: microsoft.graph
++
+Update the properties of a [tenantAppManagementPolicy](../resources/tenantAppManagementPolicy.md) object.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+| Permission type | Permissions (from least to most privileged) |
+| :- | : |
+| Delegated (work or school account) | Policy.ReadWrite.ApplicationConfiguration |
+| Delegated (personal Microsoft account) | Not supported. |
+| Application | Policy.ReadWrite.ApplicationConfiguration |
+
+## HTTP request
+
+<!-- { "blockType": "ignored" } -->
+
+```http
+PATCH /policies/tenantAppManagementPolicy
+```
+
+## Request headers
+
+| Name | Description |
+| : | :-- |
+| Authorization | Bearer {token}. Required. |
+| Content-Type | application/json. Required. |
+
+## Request body
+
+In the request body, supply the values for relevant fields from the [tenantAppManagementPolicy](../resources/tenantAppManagementPolicy.md) that should be updated. Existing properties that are not included in the request body will maintain their previous values. For best performance, do not include unchanged values in the request payload.
+
+| Property | Type | Description |
+|:|:-|:-|
+| displayName | String | The display name of the default policy. Inherited from [policyBase](../resources/policybase.md). |
+| description | String | The description of the default policy. Inherited from [policyBase](../resources/policybase.md). |
+| isEnabled | Boolean | Denotes if the policy is enabled. Default value is false. |
+| applicationRestrictions | [appManagementConfiguration](../resources/appManagementConfiguration.md) | Restrictions that apply as default to all application objects in the tenant. |
+| servicePrincipalRestrictions | [appManagementConfiguration](../resources/appManagementConfiguration.md) | Restrictions that apply as default to all service principal objects in the tenant. |
+
+## Response
+
+If successful, this method returns a `204 No Content` response code. It does not return anything in the response body.
+
+## Examples
+
+### Request
+
+The following is an example of the request.
++
+<!-- {
+ "blockType": "request",
+ "name": "update_tenantAppManagementPolicy"
+}-->
+
+```msgraph-interactive
+PATCH https://graph.microsoft.com/beta/policies/tenantAppManagementPolicy
+Content-Type: application/json
+
+{
+ "isEnabled": true,
+ "applicationRestrictions": {
+ "passwordCredentials": [
+ {
+ "restrictionType": "passwordAddition",
+ "maxLifetime": null,
+ "restrictForAppsCreatedAfterDateTime": "2021-04-01T10:37:00Z"
+ },
+ {
+ "restrictionType": "passwordLifetime",
+ "maxLifetime": "P4DT12H30M5S",
+ "restrictForAppsCreatedAfterDateTime": "2019-01-01T10:37:00Z"
+ }
+ ]
+ }
+}
+```
+
+### Response
+
+The following is an example of the response.
+
+<!-- {
+ "blockType": "response",
+ "truncated": false
+} -->
+
+```http
+HTTP/1.1 204 No Content
+```
+
+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98
+2019-02-04 14:57:30 UTC -->
+<!-- {
+ "type": "#page.annotation",
+ "description": "Update tenantAppManagementPolicy",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": ""
+}-->
v1.0 Appmanagementconfiguration https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/appManagementConfiguration.md
+
+ Title: "appManagementConfiguration resource type"
+description: "App management configuration object that contains properties which can be configured to enable various restrictions for applications and service principals."
+
+localization_priority: Normal
++
+# appManagementConfiguration resource type
+
+Namespace: microsoft.graph
++
+App management configuration object that contains properties which can be configured to enable various restrictions for applications and service principals.
+
+## Properties
+
+| Property | Type | Description |
+| : | :-- | : |
+| passwordCredentials | [passwordCredentialConfiguration](passwordCredentialConfiguration.md) collection | Collection of password restrictions settings to be applied to an application or service principal |
+
+## Relationships
+
+None.
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.appManagementConfiguration"
+}
+-->
+
+```json
+{
+ "@odata.type": "#microsoft.graph.appManagementConfiguration",
+ "passwordCredentials": [
+ {
+ "@odata.type": "microsoft.graph.passwordCredentialConfiguration"
+ }
+ ]
+}
+```
v1.0 Appmanagementpolicy https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/appManagementPolicy.md
+
+ Title: "appManagementPolicy resource type"
+description: "An application auth method policy for enforcing app management restrictions on specific application or service principals."
+
+localization_priority: Normal
++
+# appManagementPolicy resource type
+
+Namespace: microsoft.graph
++
+Enforce restrictions on app management operations for specific applications and service principals. If this resource is not configured for an application or service principal, the restrictions default to the settings in the [tenantAppManagementPolicy](tenantappmanagementpolicy.md) object.
+
+## Methods
+
+| Method | Return type | Description |
+| :- | :- | : |
+| [List](../api/appManagementPolicy-list.md) | [appManagementPolicy](../resources/appManagementPolicy.md) | Returns a list of app management policies created for applications and service principals along with their properties. |
+| [Create](../api/appManagementPolicy-post.md) | [appManagementPolicy](../resources/appManagementPolicy.md) | Creates an app management policy that can be assigned to an application or service principal object. |
+| [Get](../api/appManagementPolicy-get.md) | [appManagementPolicy](../resources/appManagementPolicy.md) | Gets a single app management policy object. |
+| [Update](../api/appManagementPolicy-update.md) | None | Updates an app management policy. |
+| [Delete](../api/appManagementPolicy-delete.md) | None | Deletes an app management policy from the collection of policies in appManagementPolicies. |
+| [List appliesTo](../api/appManagementPolicy-list-appliesTo.md)| [appManagementPolicy](../resources/appManagementPolicy.md)|Returns a list of applications and service principals to which the policy is applied. |
+| [Assign appliesTo](../api/appManagementPolicy-post-appliesTo.md)| None |Returns a list of applications and service principals to which the policy is applied. |
+
+## Properties
+
+| Property | Type | Description |
+| :-- | :- | : |
+| id | String | The policy identifier. |
+| displayName | String | The display name of the policy. Inherited from [policyBase](policybase.md). |
+| description | String | The description of the policy. Inherited from [policyBase](policybase.md). |
+| isEnabled | Boolean | Denotes whether the policy is enabled. |
+| restrictions | [appManagementConfiguration](appManagementConfiguration.md) | Restrictions that apply to an application or service principal object. |
+
+## Relationships
+
+| Relationship | Type | Description |
+| :-- | : | :- |
+| appliesTo | [directoryObject](directoryobject.md) | Collection of application and service principals to which a policy is applied. |
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.appManagementPolicy",
+ "baseType": "microsoft.graph.policyBase",
+ "openType": false
+}
+-->
+
+```json
+[
+ {
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/appManagementPolicies",
+ "id": "string (identifier)",
+ "description": "string",
+ "displayName": "string",
+ "isEnabled": true,
+ "restrictions": {
+ "@odata.type": "microsoft.graph.appManagementConfiguration"
+ }
+ }
+]
+```
v1.0 Application https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/application.md
This resource supports using [delta query](/graph/delta-query-overview) to track
| Relationship | Type | Description | |:|:--|:-|
+|appManagementPolicies|[appManagementPolicy](../resources/appManagementPolicy.md) collection| The appManagementPolicy applied to this application.|
|calls |[call](call.md) collection |Read-only. Nullable.| |connectorGroup|[connectorGroup](connectorgroup.md)| The connectorGroup the application is using with Azure AD Application Proxy. Nullable.| |createdOnBehalfOf|[directoryObject](directoryobject.md)| Read-only.|
v1.0 Applicationauthmethodpolicy https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/applicationAuthMethodPolicy.md
+
+ Title: "Azure AD application authentication methods API overview"
+description: "Application authentication methods allow apps to acquire tokens to access data in Azure AD."
+localization_priority: Normal
+++
+# Azure AD application authentication methods API overview | Public preview
+
+Namespace: microsoft.graph
++
+Application authentication methods such as certificates and password secrets allow apps to acquire tokens to access data in Azure Active Directory (Azure AD). The policies allow IT admins to enforce best practices for how apps in their organizations use these application authentication methods. For example, an admin might configure a policy to block the use or limit the lifetime of password secrets, and use the creation date of the object to enforce the policy.
+
+These policies allow organizations to take advantage of the new app security hardening features. By enforcing restrictions that are based on the application or service principal created date, an organization can review their current app security posture, inventory apps, and enforce controls per their resourcing schedules and needs. This approach using the created date allows the organization to enforce the policy for new applications and also apply it to existing applications.
+
+There are two types of policy controls:
+
+- Tenant default policy that applies to all applications or service principals.
+- App (application or service principal) management policies that allow inclusion or exclusion of individual applications from the tenant default policy.
+
+## Tenant default app management policy
+
+A tenant default policy is a single object that always exists and is disabled by default. It's defined by the [tenantAppManagementPolicy](tenantappmanagementpolicy.md) resource and enforces restrictions on application vs service principal objects. It contains the following two properties:
+
+- **applicationRestrictions** allows targeting applications owned by the tenant (application objects).
+- **servicePrincipalRestrictions** allows targeting provisioned from another tenant (service principal objects.
+
+These properties allow the organization to either lock down apps that originate within a tenant or raise the quality bar for apps that are provisioned from outside the tenant boundary.
+
+## App (application and service principal) management policy
+
+App management policies are defined in the [appManagementPolicy](appmanagementpolicy.md) resource, which contains a collection of policies with varying restrictions or different enforcement dates from what's defined in tenant default policy. One of these policies can be assigned to an application or service principal, excluding them from the tenant default policy.
+
+When both the tenant default policy and an app management policy exist, the app management policy takes precedence and the assigned application or service principal doesn't inherit from the tenant default policy. Only one policy can be assigned to an application or service principal.
+
+> [!Note]
+> Neither the tenant default policies nor the app management policies block token issuance for existing applications. An application that does not meet the policy requirements will continue to work until it tries to update the resource to add a new secret.
+
+## What restrictions can be managed in Microsoft Graph?
+
+The application authentication methods policy API offers the following restrictions:
+
+| Restriction name | Description | Examples |
+| : | :- | :- |
+| passwordAddition | Restrict password secrets on applications altogether. | Block new passwords on applications created on or after '01/01/2019'. |
+| passwordLifetime | Enforce a max lifetime range for a password secret. | Restrict all new password secrets to a maximum of 30 days for on applications created after '01/01/2019'. |
+
+### Single vs. Multi-tenant apps
+
+Depending on whether your app is a single tenant or multitenant app, you apply the policy on either an application or the service principal object as follows:
+
+- For single tenant apps, apply the policy to the application object.
+- To restrict multi-tenant apps homed in a customer tenant, apply the policy to the application object.
+- To restrict multi-tenant apps provisioned from another tenant, apply the policy to the service principal object.
++
+### Summary of key differences between the tenant default policy and app management policies
+
+| Tenant default policy | App management policy |
+| | |
+| Policy always exists. | Policy objects can be created or updated to override default policy. |
+| Restrictions are disabled by default for app/SP. | Allows customization for single tenant or multi tenant(backing app in home tenant or provisioned apps). |
+| Allows only single restriction object definition for all resources.| Allows multiple policy objects to be defined, but only one can be applied to a resource. |
+|Allows distinction of restrictions for application objects vs. service principals. | Policy can be applied to either an application or service principal object. |
+| Applies all restrictions configured to all apps or service principals. | Applies only the restrictions configured in the resource policy to the specified app or service principal, and doesn't inherit from default policy. |
+
+## Next steps
+
+- [tenantAppManagementPolicy](tenantappmanagementpolicy.md) resource type.
+- [appManagementPolicy](appmanagementpolicy.md) resource type.
v1.0 Enums https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/enums.md
Namespace: microsoft.graph
+### appCredentialRestrictionType values
+
+|Member|
+|:--|
+|passwordAddition|
+|passwordLifetime|
+|unknownFutureValue|
+ ### synchronizationSecret values |Member|
v1.0 Passwordcredentialconfiguration https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/passwordCredentialConfiguration.md
+
+ Title: "passwordCredentialConfiguration resource type"
+description: "Password credential configuration complex type to configure password credential restriction, maxLifetime, and enforcement date"
+
+localization_priority: Normal
++
+# passwordCredentialConfiguration resource type
+
+Namespace: microsoft.graph
++
+Password credential configuration object that contains properties to configure restrictions such as blocking or restricting lifetimes of password secrets.
+
+## Properties
+
+| Property | Type | Description |
+| :- | : | :-- |
+| restrictionType | appCredentialRestrictionType | The type of restriction being applied. Possible values are `passwordAddition` or `passwordLifetime`. Each value of restrictionType can be used only once per policy. |
+| maxLifeTime | Duration | Value that can be used as the maximum number for setting password expiration time in days, hours, minutes or seconds. For example, "P4DT12H30M5S" represents a duration of four days, twelve hours, thirty minutes, and five seconds. This property is required when restriction type is set to `passwordLifetime`. |
+| restrictForAppsCreatedAfterDateTime | DateTimeOffset | Enforces the policy for an app created on or after the enforcement date. For existing applications, the enforcement date would be back dated. To apply to all applications, enforcement datetime would be null. |
+
+## Relationships
+
+None.
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.passwordCredentialConfiguration"
+}
+-->
+
+```json
+{
+ "@odata.type": "#microsoft.graph.passwordCredentialConfiguration",
+ "restrictionType": {
+ "@odata.type": "microsoft.graph.appCredentialRestrictionType"
+ },
+ "maxLifetime": "String (duration)",
+ "restrictForAppsCreatedAfterDateTime": "DateTimeOffset"
+}
+```
v1.0 Policy Overview https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/policy-overview.md
Azure Active Directory (Azure AD) uses policies to control Azure AD feature beha
## What policies are available?
-| Policy type | Description | Examples |
-|:-|:|:|
-|[activityBasedTimeoutPolicies](activityBasedTimeoutPolicy.md)| Represents a policy that controls automatic sign-out for web sessions after a period of inactivity, for applications that support activity-based timeout functionality.| Configure the Azure portal to have an inactivity timeout of 15 minutes. |
-|[authenticationFlowsPolicies](authenticationflowspolicy.md)| Represents a policy that controls whether external users should be able to sign up and gain a guest account via an External Identities self-service sign-up user flow.| Enable your applications to support external users signing up via a self-service sign-up user flow. |
-|[authorizationPolicy](authorizationpolicy.md)| Represents a policy that can control authorization settings of Azure Active Directory. | Configure Azure AD to block MSOL PowerShell in the tenant. |
-|[claimsMappingPolicies](claimsMappingPolicy.md)| Represents the claim-mapping policies for WS-Fed, SAML, OAuth 2.0, and OpenID Connect protocols, for tokens issued to a specific application. | Create and assign a policy to omit the basic claims from tokens issued to a service principal. |
-|[homeRealmDiscoveryPolicies](homeRealmDiscoveryPolicy.md)| Represents a policy to control Azure Active Directory authentication behavior for federated users, in particular for auto-acceleration and user authentication restrictions in federated domains.| Configure all users to skip home realm discovery and be routed directly to ADFS for authentication. |
-|[tokenLifetimePolicies](tokenlifetimepolicy.md)|Represents the lifetime duration of access tokens used to access protected resources.| Configure a particularly sensitive application with a shorter than default token lifetime.|
-|[tokenIssuancePolicy](tokenIssuancePolicy.md)|Represents the policy to specify the characteristics of SAML tokens issued by Azure AD.| Configure the signing algorithm or SAML token version to be used to issue the SAML token.
-|[identitySecurityDefaultsEnforcementPolicy](identitysecuritydefaultsenforcementpolicy.md)|Represents the Azure AD security defaults policy.| Configure the Azure AD security defaults policy to protect against common attacks.
+| Policy type | Description | Examples |
+| :- | : | :- |
+| [activityBasedTimeoutPolicies](activityBasedTimeoutPolicy.md) | Represents a policy that controls automatic sign-out for web sessions after a period of inactivity, for applications that support activity-based timeout functionality. | Configure the Azure portal to have an inactivity timeout of 15 minutes. |
+| [applicationAuthMethodPolicies](applicationAuthMethodPolicy.md) | Represents a set of policies that restrict app management operations for applications and service principals. | Configure applications or service principals to not use password secrets or enforce lifetime on secrets. |
+| [authenticationFlowsPolicies](authenticationflowspolicy.md) | Represents a policy that controls whether external users should be able to sign up and gain a guest account via an External Identities self-service sign-up user flow. | Enable your applications to support external users signing up via a self-service sign-up user flow. |
+| [authorizationPolicy](authorizationpolicy.md) | Represents a policy that can control authorization settings of Azure Active Directory. | Configure Azure AD to block MSOL PowerShell in the tenant. |
+| [claimsMappingPolicies](claimsMappingPolicy.md) | Represents the claim-mapping policies for WS-Fed, SAML, OAuth 2.0, and OpenID Connect protocols, for tokens issued to a specific application. | Create and assign a policy to omit the basic claims from tokens issued to a service principal. |
+| [homeRealmDiscoveryPolicies](homeRealmDiscoveryPolicy.md) | Represents a policy to control Azure Active Directory authentication behavior for federated users, in particular for auto-acceleration and user authentication restrictions in federated domains. | Configure all users to skip home realm discovery and be routed directly to ADFS for authentication. |
+| [tokenLifetimePolicies](tokenlifetimepolicy.md) | Represents the lifetime duration of access tokens used to access protected resources. | Configure a particularly sensitive application with a shorter than default token lifetime. |
+| [tokenIssuancePolicy](tokenIssuancePolicy.md) | Represents the policy to specify the characteristics of SAML tokens issued by Azure AD. | Configure the signing algorithm or SAML token version to be used to issue the SAML token. |
+| [identitySecurityDefaultsEnforcementPolicy](identitysecuritydefaultsenforcementpolicy.md) | Represents the Azure AD security defaults policy. | Configure the Azure AD security defaults policy to protect against common attacks. |
## Next steps
-* Review the different policy resouce types listed above and their various methods.
-* Try the API in the [Graph Explorer](https://developer.microsoft.com/graph/graph-explorer).
+- Review the different policy resource types listed above and their various methods.
+- Try the API in the [Graph Explorer](https://developer.microsoft.com/graph/graph-explorer).
v1.0 Serviceprincipal https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/serviceprincipal.md
This resource supports using [delta query](/graph/delta-query-overview) to track
| Relationship | Type |Description| |:|:--|:-|
+|appManagementPolicies|[appManagementPolicy](../resources/appManagementPolicy.md) collection| The appManagementPolicy applied to this service principal.|
|appRoleAssignedTo|[appRoleAssignment](approleassignment.md)|App role assignments for this app or service, granted to users, groups, and other service principals.Supports `$expand`.| |appRoleAssignments|[appRoleAssignment](approleassignment.md) collection|App role assignment for another app or service, granted to this service principal. Supports `$expand`.| |claimsMappingPolicies|[claimsMappingPolicy](claimsmappingpolicy.md) collection|The claimsMappingPolicies assigned to this service principal. Supports `$expand`.|
v1.0 Tenantappmanagementpolicy https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/tenantAppManagementPolicy.md
+
+ Title: "tenantAppManagementPolicy resource type"
+description: "Application auth method tenant default policy enforces app management operation restrictions."
+
+localization_priority: Normal
++
+# tenantAppManagementPolicy resource type
+
+Namespace: microsoft.graph
++
+Tenant-wide application authentication method policy to enforce app management restrictions for all applications and service principals. This policy applies to all apps and service principals unless overridden when an [appManagementPolicy](../resources/appmanagementpolicy.md) is applied to the object.
+
+Inherits from [policyBase](policybase.md).
+
+## Methods
+
+| Method | Return type | Description |
+| :- | :- | :- |
+| [Get](../api/tenantAppManagementPolicy-get.md) | [tenantAppManagementPolicy](../resources/tenantAppManagementPolicy.md) | Read the properties of the default app management policy set for applications and service principals. |
+| [Update](../api/tenantAppManagementPolicy-update.md) | None | Updates the default app management policy for applications and service principals. |
+
+## Properties
+
+| Property | Type | Description |
+| : | :-- | :-- |
+| id | String | The default policy identifier. |
+| displayName | String | The display name of the default policy. Inherited from [policyBase](policybase.md). |
+| description | String | The description of the default policy. Inherited from [policyBase](policybase.md). |
+| isEnabled | Boolean | Denotes whether the policy is enabled. Default value is `false`. |
+| applicationRestrictions | [appManagementConfiguration](../resources/appManagementConfiguration.md) | Restrictions that apply as default to all application objects in the tenant. |
+| servicePrincipalRestrictions | [appManagementConfiguration](../resources/appManagementConfiguration.md) | Restrictions that apply as default to all service principal objects in the tenant. |
+
+## Relationships
+
+None.
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.tenantAppManagementPolicy",
+ "baseType": "microsoft.graph.policyBase",
+ "openType": false
+}
+-->
+
+```json
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/tenantAppManagementPolicy",
+ "id": "string (identifier)",
+ "description": "string",
+ "displayName": "string",
+ "isEnabled": false,
+ "applicationRestrictions": {
+ "@odata.type":"microsoft.graph.appManagementConfiguration"
+ },
+ "servicePrincipalRestrictions": {
+ "@odata.type":"microsoft.graph.appManagementConfiguration"
+ }
+}
+```
v1.0 Conversationthread https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/conversationthread.md
A new thread is created when a recipient is removed from the thread.
## Properties | Property | Type | Description | |:-|:-|:-|
-| id | String | Read-only. |
-| toRecipients | [recipient](recipient.md) collection | The To: recipients for the thread. |
-| ccRecipients | [recipient](recipient.md) collection | The Cc: recipients for the thread. |
-| topic | String | The topic of the conversation. This property can be set when the conversation is created, but it cannot be updated. |
-| hasAttachments | Boolean | Indicates whether any of the posts within this thread has at least one attachment. |
-| lastDeliveredDateTime | DateTimeOffset | The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z` |
-| uniqueSenders | String collection | All the users that sent a message to this thread. |
-| preview | String | A short summary from the body of the latest post in this conversation. |
-| isLocked | Boolean | Indicates if the thread is locked. |
+| id | String | Read-only. <br/><br/>Returned by default. |
+| toRecipients | [recipient](recipient.md) collection | The To: recipients for the thread. <br/><br/>Returned only on $select. |
+| ccRecipients | [recipient](recipient.md) collection | The Cc: recipients for the thread. <br/><br/>Returned only on $select. |
+| topic | String | The topic of the conversation. This property can be set when the conversation is created, but it cannot be updated. <br/><br/>Returned by default. |
+| hasAttachments | Boolean | Indicates whether any of the posts within this thread has at least one attachment. <br/><br/>Returned by default. |
+| lastDeliveredDateTime | DateTimeOffset | The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.<br/><br/>Returned by default. |
+| uniqueSenders | String collection | All the users that sent a message to this thread. <br/><br/>Returned by default. |
+| preview | String | A short summary from the body of the latest post in this conversation. <br/><br/>Returned by default. |
+| isLocked | Boolean | Indicates if the thread is locked. <br/><br/>Returned by default. |
## Relationships | Relationship | Type |Description|