Surface inheritable permission to TOC (#28544)

* [TEST] Surface inheritable permission to TOC

* fix

* Try again

* Remove inheritable permissions section from agentIdentityBlueprint Methods table

* Update reference TOC

* Default properties
- All properties in the doc are returned by default

---------

Co-authored-by: Microsoft Graph DevX Tooling <GraphTooling@service.microsoft.com>

Author: FaithOmbongi

api-reference/beta/resources/agentidentityblueprint.md

@@ -2,7 +2,7 @@
 title: "agentIdentityBlueprint resource type"
 description: "An agent identity blueprint is a specialized application type that serves as the template for creating agent identity instances within the Microsoft Entra ID ecosystem."
 author: "zallison22"
-ms.date: 11/10/2025
+ms.date: 03/31/2026
 ms.localizationpriority: medium
 ms.subservice: "entra-agent-id"
 doc_type: resourcePageType
@@ -56,10 +56,6 @@ This resource is an open type that allows additional properties beyond those doc
 |**Verified publisher**| | |
 |[Set](../api/agentidentityblueprint-setverifiedpublisher.md)| None | Set the verified publisher of an application.|
 |[Unset](../api/agentidentityblueprint-unsetverifiedpublisher.md)| None | Unset the verified publisher of an application.|
-|**Inheritable permissions**|||
-|[List inheritable permissions](../api/agentidentityblueprint-list-inheritablepermissions.md)|[inheritablePermission](../resources/inheritablepermission.md) collection|Get a list of the inheritablePermission objects and their properties.|
-|[Add inheritable permission](../api/agentidentityblueprint-post-inheritablepermissions.md)|[inheritablePermission](../resources/inheritablepermission.md)|Create a new inheritablePermission object.|
-|[Delete inheritable permission](../api/agentidentityblueprint-delete-inheritablepermissions.md)|None|Delete an inheritablePermission object.|
 
 ## Properties
 
@@ -82,7 +78,7 @@ This resource is an open type that allows additional properties beyond those doc
 |identifierUris|String collection| Also known as App ID URI, this value is set when an agent identity blueprint is used as a resource app. The identifierUris acts as the prefix for the scopes you reference in your API's code, and it must be globally unique across Microsoft Entra ID. Not nullable. Inherited from [application](../resources/application.md).|
 |info|[informationalUrl](../resources/informationalurl.md)|Basic profile information of the agent identity blueprint, such as it's marketing, support, terms of service, and privacy statement URLs. The terms of service and privacy statement are surfaced to users through the user consent experience. Inherited from [application](../resources/application.md).|
 |keyCredentials|[keyCredential](../resources/keycredential.md) collection|The collection of key credentials associated with the agent identity blueprint. Not nullable. Inherited from [application](../resources/application.md).|
-|managerApplications|Guid collection|A collection of application IDs for applications designated as managers of this agent identity blueprint. Manager applications can create agent blueprint principals, agent identities, and agent users for their managed blueprints — without requiring high-privileged permissions such as `AgentIdentityBlueprintPrincipal.ReadWrite.All`. Currently, only Microsoft first-party application IDs can be set as values. Maximum of 10 values. Not nullable. Returned by default.|
+|managerApplications|Guid collection|A collection of application IDs for applications designated as managers of this agent identity blueprint. Manager applications can create agent blueprint principals, agent identities, and agent users for their managed blueprints — without requiring high-privileged permissions such as `AgentIdentityBlueprintPrincipal.ReadWrite.All`. Currently, only Microsoft first-party application IDs can be set as values. Maximum of 10 values. Not nullable.|
 |optionalClaims|[optionalClaims](../resources/optionalclaims.md)|Application developers can configure optional claims in their Microsoft Entra agent identity blueprints to specify the claims that are sent to their application by the Microsoft security token service. Inherited from [application](../resources/application.md).|
 |passwordCredentials|[passwordCredential](../resources/passwordcredential.md) collection|The collection of password credentials associated with the agent identity blueprint. Not nullable. Inherited from [application](../resources/application.md).<br/><br/>You can also add passwords after creating the agent identity blueprint by calling the [Add password](../api/agentidentityblueprint-addpassword.md) API.|
 |publisherDomain|String|The verified publisher domain for the agent identity blueprint. Read-only. Inherited from [application](../resources/application.md).|
@@ -111,7 +107,7 @@ This resource is an open type that allows additional properties beyond those doc
 |sponsors|[directoryObject](../resources/directoryobject.md) collection|The sponsors for this agent identity blueprint. Sponsors are users or groups who can authorize and manage the lifecycle of agent identity instances. Required during the create operation.|
 
 ## JSON representation
-The following JSON representation shows the resource type. Only a subset of all properties are returned by default. All other properties can only be retrieved using `$select`.
+The following JSON representation shows the resource type.
 <!-- {
   "blockType": "resource",
   "keyProperty": "id",

api-reference/beta/toc/agents/toc.yml

@@ -76,13 +76,19 @@ items:
         href: ../../api/agentidentityblueprint-setverifiedpublisher.md
       - name: Unset
         href: ../../api/agentidentityblueprint-unsetverifiedpublisher.md
-    - name: Inheritable permissions
+    - name: Inheritable permission
       items:
-      - name: List inheritable permissions
+      - name: Inheritable permission
+        href: ../../resources/inheritablepermission.md
+      - name: List
         href: ../../api/agentidentityblueprint-list-inheritablepermissions.md
-      - name: Add inheritable permission
+      - name: Create
         href: ../../api/agentidentityblueprint-post-inheritablepermissions.md
-      - name: Delete inheritable permission
+      - name: Get
+        href: ../../api/inheritablepermission-get.md
+      - name: Update
+        href: ../../api/inheritablepermission-update.md
+      - name: Delete
         href: ../../api/agentidentityblueprint-delete-inheritablepermissions.md
   - name: Agent identity blueprint principal
     items:

api-reference/beta/toc/toc.mapping.json

@@ -144,30 +144,38 @@
       "name": "Agents",
       "overview": "../../resources/agentid-platform-overview.md",
       "shouldSort": true,
-      "childNodes": [
-          {
-            "name": "Agent identities",
-            "resources": [
-              "agentIdentityBlueprint",
-              "agentIdentityBlueprintPrincipal",
-              "agentIdentity"
-            ]
-          },
-          {
-            "name": "Agent user (preview)",
-            "resources": [
-              "agentUser"
-            ]
-          },
-          {
-            "name": "Agent registry (preview)",
-            "resources": [
-              "agentRegistry",
-              "agentInstance",
-              "agentCardManifest",
-              "agentCollection"
-            ]
-          }
+      "childNodes": [ 
+        {
+          "name": "Agent identities",
+          "resources": [
+            "agentIdentityBlueprint",
+            "agentIdentityBlueprintPrincipal",
+            "agentIdentity"
+          ],
+          "childNodes": [
+            {
+              "name": "Agent identity blueprint",
+              "resources": [
+                "inheritablePermission"
+              ]
+            }
+          ]
+        },
+        {
+          "name": "Agent user (preview)",
+          "resources": [
+            "agentUser"
+          ]
+        },
+        {
+          "name": "Agent registry (preview)",
+          "resources": [
+            "agentRegistry",
+            "agentInstance",
+            "agentCardManifest",
+            "agentCollection"
+          ]
+        }
       ]
     },
     {

api-reference/v1.0/resources/agentidentityblueprint.md

@@ -2,7 +2,7 @@
 title: "agentIdentityBlueprint resource type"
 description: "An agent identity blueprint is a specialized application type that serves as the template for creating agent identity instances within the Microsoft Entra ID ecosystem."
 author: "zallison22"
-ms.date: 02/26/2026
+ms.date: 03/31/2026
 ms.localizationpriority: medium
 ms.subservice: "entra-agent-id"
 doc_type: resourcePageType
@@ -54,10 +54,6 @@ This resource is an open type that allows additional properties beyond those doc
 |**Verified publisher**| | |
 |[Set](../api/agentidentityblueprint-setverifiedpublisher.md)| None | Set the verified publisher of an application.|
 |[Unset](../api/agentidentityblueprint-unsetverifiedpublisher.md)| None | Unset the verified publisher of an application.|
-|**Inheritable permissions**|||
-|[List inheritable permissions](../api/agentidentityblueprint-list-inheritablepermissions.md)|[inheritablePermission](../resources/inheritablepermission.md) collection|Get a list of the inheritablePermission objects and their properties.|
-|[Add inheritable permission](../api/agentidentityblueprint-post-inheritablepermissions.md)|[inheritablePermission](../resources/inheritablepermission.md)|Create a new inheritablePermission object.|
-|[Delete inheritable permission](../api/agentidentityblueprint-delete-inheritablepermissions.md)|None|Delete an inheritablePermission object.|
 
 ## Properties
 
@@ -108,7 +104,7 @@ This resource is an open type that allows additional properties beyond those doc
 |sponsors|[directoryObject](../resources/directoryobject.md) collection|The sponsors for this agent identity blueprint. Sponsors are users or groups who can authorize and manage the lifecycle of agent identity instances. Required during the create operation.|
 
 ## JSON representation
-The following JSON representation shows the resource type. Only a subset of all properties are returned by default. All other properties can only be retrieved using `$select`.
+The following JSON representation shows the resource type.
 <!-- {
   "blockType": "resource",
   "keyProperty": "id",

api-reference/v1.0/toc/agents/toc.yml

@@ -74,13 +74,19 @@ items:
         href: ../../api/agentidentityblueprint-setverifiedpublisher.md
       - name: Unset
         href: ../../api/agentidentityblueprint-unsetverifiedpublisher.md
-    - name: Inheritable permissions
+    - name: Inheritable permission
       items:
-      - name: List inheritable permissions
+      - name: Inheritable permission
+        href: ../../resources/inheritablepermission.md
+      - name: List
         href: ../../api/agentidentityblueprint-list-inheritablepermissions.md
-      - name: Add inheritable permission
+      - name: Create
         href: ../../api/agentidentityblueprint-post-inheritablepermissions.md
-      - name: Delete inheritable permission
+      - name: Get
+        href: ../../api/inheritablepermission-get.md
+      - name: Update
+        href: ../../api/inheritablepermission-update.md
+      - name: Delete
         href: ../../api/agentidentityblueprint-delete-inheritablepermissions.md
   - name: Agent identity blueprint principal
     items:

api-reference/v1.0/toc/toc.mapping.json

@@ -111,14 +111,22 @@
       "overview": "",
       "resources": [],
       "childNodes": [
-          {
-            "name": "Agent identities",
-            "resources": [
-              "agentIdentityBlueprint",
-              "agentIdentityBlueprintPrincipal",
-              "agentIdentity"
-            ]
-          }
+        {
+          "name": "Agent identities",
+          "resources": [
+            "agentIdentityBlueprint",
+            "agentIdentityBlueprintPrincipal",
+            "agentIdentity"
+          ],
+          "childNodes": [
+            {
+              "name": "Agent identity blueprint",
+              "resources": [
+                "inheritablePermission"
+              ]
+            }
+          ]
+        }
       ]
     },
     {