Skip to content

tenantappmanagementpolicy-update.md

Latest commit

 

History

History
202 lines (161 loc) · 8.55 KB

tenantappmanagementpolicy-update.md

File metadata and controls

202 lines (161 loc) · 8.55 KB
title Update tenantAppManagementPolicy
description Update the default tenant policy that applies to applications and service principals objects.
ms.localizationpriority medium
author aricrowe57
ms.subservice entra-sign-in
doc_type apiPageType
ms.date 08/09/2024

Update tenantAppManagementPolicy

Namespace: microsoft.graph

[!INCLUDE beta-disclaimer]

Update the properties of a tenantAppManagementPolicy object.

[!INCLUDE national-cloud-support]

Permissions

Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.

[!INCLUDE permissions-table]

[!INCLUDE rbac-app-auth-method-default-policy-api-update]

HTTP request

PATCH /policies/defaultAppManagementPolicy

Request headers

Name Description
Authorization Bearer {token}. Required. Learn more about authentication and authorization.
Content-Type application/json. Required.

Important

Service principals with a createdDateTime null are treated as having being created on 01/01/2019.

Request body

In the request body, supply the values for relevant fields from the tenantAppManagementPolicy that should be updated. Existing properties that are not included in the request body will maintain their previous values. For best performance, do not include unchanged values in the request payload.

Property Type Description
applicationRestrictions appManagementApplicationConfiguration Restrictions that apply as default to all application objects in the tenant.
displayName String The display name of the default policy. Inherited from policyBase.
description String The description of the default policy. Inherited from policyBase.
isEnabled Boolean Denotes if the policy is enabled. Default value is false.
servicePrincipalRestrictions appManagementConfiguration Restrictions that apply as default to all service principal objects in the tenant.

Important

Service principals with a createdDateTime null are treated as having being created on 01/01/2019.

Response

If successful, this method returns a 204 No Content response code. It doesn't return anything in the response body.

Examples

Request

The following example shows a request.

HTTP

PATCH https://graph.microsoft.com/beta/policies/defaultAppManagementPolicy
Content-Type: application/json

{
    "isEnabled": true,
    "applicationRestrictions": {
        "passwordCredentials": [
            {
                "restrictionType": "passwordAddition",
                "maxLifetime": null,
                "restrictForAppsCreatedAfterDateTime": "2021-01-01T10:37:00Z"
            },
            {
                "restrictionType": "passwordLifetime",
                "maxLifetime": "P90D",
                "restrictForAppsCreatedAfterDateTime": "2017-01-01T10:37:00Z"
            },
            {
                "restrictionType": "symmetricKeyAddition",
                "maxLifetime": null,
                "restrictForAppsCreatedAfterDateTime": "2021-01-01T10:37:00Z"
            },
            {
                "restrictionType": "customPasswordAddition",
                "maxLifetime": null,
                "restrictForAppsCreatedAfterDateTime": "2015-01-01T10:37:00Z"
            },
            {
                "restrictionType": "symmetricKeyLifetime",
                "maxLifetime": "P30D",
                "restrictForAppsCreatedAfterDateTime": "2015-01-01T10:37:00Z"
            }
        ],
        "keyCredentials": [
            {
                "restrictionType": "asymmetricKeyLifetime",
                "maxLifetime": "P30D",
                "restrictForAppsCreatedAfterDateTime": "2015-01-01T10:37:00Z"
            },
            {
                "restrictionType": "trustedCertificateAuthority",
                "restrictForAppsCreatedAfterDateTime": "2019-10-19T10:37:00Z",
                "certificateBasedApplicationConfigurationIds": [
                    "eec5ba11-2fc0-4113-83a2-ed986ed13743",
                    "bb8e164b-f9ed-4b98-bc45-65eddc14f4c1"
                ],
                "maxLifetime": null
            }
        ],
        "identifierUris": {
            "nonDefaultUriAddition": {
                "restrictForAppsCreatedAfterDateTime": "2024-01-01T10:37:00Z",
                "excludeAppsReceivingV2Tokens": true,
                "excludeSaml": true,
                "excludeActors": {
                    "customSecurityAttributes": [
                        {
                            "@odata.type": "microsoft.graph.customSecurityAttributeStringValueExemption",
                            "id": "PolicyExemptions_AppManagementExemption",
                            "operator": "equals",
                            "value": "ExemptFromIdentifierUriAdditionRestriction"
                        }
                    ]
                }
            }
        }
    }
}

C#

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

Go

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

Java

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

JavaScript

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

PHP

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

PowerShell

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

Python

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

Response

The following example shows the response.

HTTP/1.1 204 No Content