| Policy.Read.All |
572fea84-0151-49b2-9301-11cb16974376 |
Read your organization’s policies |
Allows the app to read your organization’s policies on behalf of the signed-in user. |
| Policy.Read.ConditionalAccess |
633e0fce-8c58-4cfb-9495-12bbd5a24f7c |
Read your organization’s conditional access policies |
Allows the app to read your organization’s conditional access policies on behalf of the signed-in user. |
| Policy.Read.PermissionGrant |
414de6ea-2d92-462f-b120-6e2a809a6d01 |
Read consent and permission grant policies |
Allows the app to read policies related to consent and permission grants for applications, on behalf of the signed-in user. |
| Policy.ReadWrite.AccessReview |
4f5bc9c8-ea54-4772-973a-9ca119cb0409 |
Read and write your organization’s directory access review default policy |
Allows the app to read and write your organization’s directory access review default policy on behalf of the signed-in user. |
| Policy.ReadWrite.ApplicationConfiguration |
b27add92-efb2-4f16-84f5-8108ba77985c |
Read and write your organization’s application configuration policies |
Allows the app to read and write your organization’s application configuration policies on behalf of the signed-in user. This includes policies such as activityBasedTimeoutPolicy, claimsMappingPolicy, homeRealmDiscoveryPolicy, tokenIssuancePolicy and tokenLifetimePolicy. |
| Policy.ReadWrite.AuthenticationFlows |
edb72de9-4252-4d03-a925-451deef99db7 |
Read and write authentication flow policies |
Allows the app to read and write the authentication flow policies, on behalf of the signed-in user. |
| Policy.ReadWrite.AuthenticationMethod |
7e823077-d88e-468f-a337-e18f1f0e6c7c |
Read and write authentication method policies |
Allows the app to read and write the authentication method policies, on behalf of the signed-in user. |
| Policy.ReadWrite.Authorization |
edd3c878-b384-41fd-95ad-e7407dd775be |
Read and write your organization’s authorization policy |
Allows the app to read and write your organization’s authorization policy on behalf of the signed-in user. For example, authorization policies can control some of the permissions that the out-of-the-box user role has by default. |
| Policy.ReadWrite.ConditionalAccess |
ad902697-1014-4ef5-81ef-2b4301988e8c |
Read and write your organization’s conditional access policies |
Allows the app to read and write your organization’s conditional access policies on behalf of the signed-in user. |
| Policy.ReadWrite.ConsentRequest |
4d135e65-66b8-41a8-9f8b-081452c91774 |
Read and write consent request policy |
Allows the app to read and write your organization’s consent requests policy on behalf of the signed-in user. |
| Policy.ReadWrite.CrossTenantAccess |
014b43d0-6ed4-4fc6-84dc-4b6f7bae7d85 |
Read and write your organization’s cross tenant access policies |
Allows the app to read and write your organization’s cross tenant access policies on behalf of the signed-in user. |
| Policy.ReadWrite.DeviceConfiguration |
40b534c3-9552-4550-901b-23879c90bcf9 |
Read and write your organization’s device configuration policies |
Allows the app to read and write your organization’s device configuration policies on behalf of the signed-in user. For example, device registration policy can limit initial provisioning controls using quota restrictions, additional authentication and authorization checks. |
| Policy.ReadWrite.ExternalIdentities |
b5219784-1215-45b5-b3f1-88fe1081f9c0 |
Read and write your organization’s external identities policy |
Allows the application to read and update the organization’s external identities policy on behalf of the signed-in user. For example, external identities policy controls if users invited to access resources in your organization via B2B collaboration or B2B direct connect are allowed to self-service leave. |
| Policy.ReadWrite.FeatureRollout |
92a38652-f13b-4875-bc77-6e1dbb63e1b2 |
Read and write your organization’s feature rollout policies |
Allows the app to read and write your organization’s feature rollout policies on behalf of the signed-in user. Includes abilities to assign and remove users and groups to rollout of a specific feature. |
| Policy.ReadWrite.MobilityManagement |
a8ead177-1889-4546-9387-f25e658e2a79 |
Read and write your organization’s mobility management policies |
Allows the app to read and write your organization’s mobility management policies on behalf of the signed-in user. For example, a mobility management policy can set the enrollment scope for a given mobility management application. |
| Policy.ReadWrite.PermissionGrant |
2672f8bb-fd5e-42e0-85e1-ec764dd2614e |
Manage consent and permission grant policies |
Allows the app to manage policies related to consent and permission grants for applications, on behalf of the signed-in user. |
| Policy.ReadWrite.SecurityDefaults |
0b2a744c-2abf-4f1e-ad7e-17a087e2be99 |
Read and write your organization’s security defaults policy |
Allows the app to read and write your organization’s security defaults policy on behalf of the signed-in user. |
| Policy.ReadWrite.TrustFramework |
cefba324-1a70-4a6e-9c1d-fd670b7ae392 |
Read and write your organization’s trust framework policies |
Allows the app to read and write your organization’s trust framework policies on behalf of the signed-in user. |