| Policy.Read.All |
246dd0d5-5bd0-4def-940b-0421030a5b68 |
Read your organization’s policies |
Allows the app to read all your organization’s policies without a signed in user. |
| Policy.Read.ConditionalAccess |
37730810-e9ba-4e46-b07e-8ca78d182097 |
Read your organization’s conditional access policies |
Allows the app to read your organization’s conditional access policies, without a signed-in user. |
| Policy.Read.PermissionGrant |
9e640839-a198-48fb-8b9a-013fd6f6cbcd |
Read consent and permission grant policies |
Allows the app to read policies related to consent and permission grants for applications, without a signed-in user. |
| Policy.ReadWrite.AccessReview |
77c863fd-06c0-47ce-a7eb-49773e89d319 |
Read and write your organization’s directory access review default policy |
Allows the app to read and write your organization’s directory access review default policy without a signed-in user. |
| Policy.ReadWrite.ApplicationConfiguration |
be74164b-cff1-491c-8741-e671cb536e13 |
Read and write your organization’s application configuration policies |
Allows the app to read and write your organization’s application configuration policies, without a signed-in user. This includes policies such as activityBasedTimeoutPolicy, claimsMappingPolicy, homeRealmDiscoveryPolicy, tokenIssuancePolicy and tokenLifetimePolicy. |
| Policy.ReadWrite.AuthenticationFlows |
25f85f3c-f66c-4205-8cd5-de92dd7f0cec |
Read and write authentication flow policies |
Allows the app to read and write all authentication flow policies for the tenant, without a signed-in user. |
| Policy.ReadWrite.AuthenticationMethod |
29c18626-4985-4dcd-85c0-193eef327366 |
Read and write all authentication method policies |
Allows the app to read and write all authentication method policies for the tenant, without a signed-in user. |
| Policy.ReadWrite.Authorization |
fb221be6-99f2-473f-bd32-01c6a0e9ca3b |
Read and write your organization’s authorization policy |
Allows the app to read and write your organization’s authorization policy without a signed in user. For example, authorization policies can control some of the permissions that the out-of-the-box user role has by default. |
| Policy.ReadWrite.ConditionalAccess |
01c0a623-fc9b-48e9-b794-0756f8e8f067 |
Read and write your organization’s conditional access policies |
Allows the app to read and write your organization’s conditional access policies, without a signed-in user. |
| Policy.ReadWrite.ConsentRequest |
999f8c63-0a38-4f1b-91fd-ed1947bdd1a9 |
Read and write your organization’s consent request policy |
Allows the app to read and write your organization’s consent requests policy without a signed-in user. |
| Policy.ReadWrite.CrossTenantAccess |
338163d7-f101-4c92-94ba-ca46fe52447c |
Read and write your organization’s cross tenant access policies |
Allows the app to read and write your organization’s cross tenant access policies without a signed-in user. |
| Policy.ReadWrite.ExternalIdentities |
03cc4f92-788e-4ede-b93f-199424d144a5 |
Read and write your organization’s external identities policy |
Allows the application to read and update the organization’s external identities policy without a signed-in user. For example, external identities policy controls if users invited to access resources in your organization via B2B collaboration or B2B direct connect are allowed to self-service leave. |
| Policy.ReadWrite.FeatureRollout |
2044e4f1-e56c-435b-925c-44cd8f6ba89a |
Read and write feature rollout policies |
Allows the app to read and write feature rollout policies without a signed-in user. Includes abilities to assign and remove users and groups to rollout of a specific feature. |
| Policy.ReadWrite.PermissionGrant |
a402ca1c-2696-4531-972d-6e5ee4aa11ea |
Manage consent and permission grant policies |
Allows the app to manage policies related to consent and permission grants for applications, without a signed-in user. |
| Policy.ReadWrite.SecurityDefaults |
1c6e93a6-28e2-4cbb-9f64-1a46a821124d |
Read and write your organization’s security defaults policy |
Allows the app to read and write your organization’s security defaults policy, without a signed-in user. |
| Policy.ReadWrite.TrustFramework |
79a677f7-b79d-40d0-a36a-3e6f8688dd7a |
Read and write your organization’s trust framework policies |
Allows the app to read and write your organization’s trust framework policies without a signed in user. |