Get-MgPolicyPermissionGrantPolicy
Retrieve a single permissionGrantPolicy object.
Note
To view the beta release of this cmdlet, view Get-MgBetaPolicyPermissionGrantPolicy
Syntax
Get-MgPolicyPermissionGrantPolicy
[-ExpandProperty <String[]>]
[-Property <String[]>]
[-Filter <String>]
[-Search <String>]
[-Skip <Int32>]
[-Sort <String[]>]
[-Top <Int32>]
[-ResponseHeadersVariable <String>]
[-Headers <IDictionary>]
[-PageSize <Int32>]
[-All]
[-CountVariable <String>]
[-ProgressAction <ActionPreference>]
[<CommonParameters>]
Get-MgPolicyPermissionGrantPolicy
-PermissionGrantPolicyId <String>
[-ExpandProperty <String[]>]
[-Property <String[]>]
[-ResponseHeadersVariable <String>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[<CommonParameters>]
Get-MgPolicyPermissionGrantPolicy
-InputObject <IIdentitySignInsIdentity>
[-ExpandProperty <String[]>]
[-Property <String[]>]
[-ResponseHeadersVariable <String>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[<CommonParameters>]
Description
Retrieve a single permissionGrantPolicy object.
Permissions
Permission type | Least privileged permissions | Higher privileged permissions |
---|---|---|
Delegated (work or school account) | Policy.Read.PermissionGrant | Policy.ReadWrite.PermissionGrant |
Delegated (personal Microsoft account) | Not supported. | Not supported. |
Application | Policy.Read.PermissionGrant | Policy.ReadWrite.PermissionGrant |
Permissions
Permission type | Least privileged permissions | Higher privileged permissions |
---|---|---|
Delegated (work or school account) | Policy.Read.PermissionGrant | Policy.ReadWrite.PermissionGrant |
Delegated (personal Microsoft account) | Not supported. | Not supported. |
Application | Policy.Read.PermissionGrant | Policy.ReadWrite.PermissionGrant |
Examples
Example 1: List all permission grant policies
Connect-MgGraph -Scopes "Policy.Read.PermissionGrant"
Get-MgPolicyPermissionGrantPolicy | fl
DeletedDateTime :
Description : Includes all application permissions (app roles), for all APIs, for any client application.
DisplayName : All application permissions, for any client app
Excludes : {}
Id : microsoft-all-application-permissions
Includes : {bddda1ec-0174-44d5-84e2-47fb0ac01595}
AdditionalProperties : {[includeAllPreApprovedApplications, False], [resourceScopeType, tenant], [includes@odata.context,
https://graph.microsoft.com/beta/$metadata#policies/permissionGrantPolicies('microsoft-all-application-permissions')/includes], [excludes@odata.context,
https://graph.microsoft.com/beta/$metadata#policies/permissionGrantPolicies('microsoft-all-application-permissions')/excludes]}
DeletedDateTime :
Description : Includes all chat resoruce-specific application permissions, for all APIs, for any client application.
DisplayName : All chat resource-specific application permissions, for any client app
Excludes : {}
Id : microsoft-all-application-permissions-for-chat
Includes : {013e8de3-5e79-4b0f-a440-8f7794086460}
AdditionalProperties : {[includeAllPreApprovedApplications, False], [resourceScopeType, chat], [includes@odata.context,
https://graph.microsoft.com/beta/$metadata#policies/permissionGrantPolicies('microsoft-all-application-permissions-for-chat')/includes], [excludes@odata.context,
https://graph.microsoft.com/beta/$metadata#policies/permissionGrantPolicies('microsoft-all-application-permissions-for-chat')/excludes]}
This command retrieves a list of all permission grant policies in Azure AD.
Example 2: Get a permission grant policy by ID
Connect-MgGraph -Scopes "Policy.Read.PermissionGrant"
Get-MgPolicyPermissionGrantPolicy -PermissionGrantPolicyId "microsoft-all-application-permissions" | fl
DeletedDateTime :
Description : Includes all application permissions (app roles), for all APIs, for any client application.
DisplayName : All application permissions, for any client app
Excludes : {}
Id : microsoft-all-application-permissions
Includes : {bddda1ec-0174-44d5-84e2-47fb0ac01595}
AdditionalProperties : {[@odata.context, https://graph.microsoft.com/beta/$metadata#policies/permissionGrantPolicies/$entity], [includeAllPreApprovedApplications, False], [resourceScopeType, tenant],
[includes@odata.context, https://graph.microsoft.com/beta/$metadata#policies/permissionGrantPolicies('microsoft-all-application-permissions')/includes]…}
This command retrieves a specified permission grant policy in Azure AD.
Parameters
-All
List all pages.
Type: | SwitchParameter |
Position: | Named |
Default value: | False |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-CountVariable
Specifies a count of the total number of items in a collection. By default, this variable will be set in the global scope.
Type: | String |
Aliases: | CV |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ExpandProperty
Expand related entities
Type: | String[] |
Aliases: | Expand |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Filter
Filter items by property values
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Headers
Optional headers that will be added to the request.
Type: | IDictionary |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-InputObject
Identity Parameter To construct, see NOTES section for INPUTOBJECT properties and create a hash table.
Type: | IIdentitySignInsIdentity |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-PageSize
Sets the page size of results.
Type: | Int32 |
Position: | Named |
Default value: | 0 |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-PermissionGrantPolicyId
The unique identifier of permissionGrantPolicy
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ProgressAction
{{ Fill ProgressAction Description }}
Type: | ActionPreference |
Aliases: | proga |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Property
Select properties to be returned
Type: | String[] |
Aliases: | Select |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ResponseHeadersVariable
Optional Response Headers Variable.
Type: | String |
Aliases: | RHV |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Search
Search items by search phrases
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Skip
Skip the first n items
Type: | Int32 |
Position: | Named |
Default value: | 0 |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Sort
Order items by property values
Type: | String[] |
Aliases: | OrderBy |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Top
Show only the first n items
Type: | Int32 |
Aliases: | Limit |
Position: | Named |
Default value: | 0 |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Inputs
Microsoft.Graph.PowerShell.Models.IIdentitySignInsIdentity
System.Collections.IDictionary
Outputs
Microsoft.Graph.PowerShell.Models.IMicrosoftGraphPermissionGrantPolicy
Notes
COMPLEX PARAMETER PROPERTIES
To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.
INPUTOBJECT <IIdentitySignInsIdentity>
: Identity Parameter
[ActivityBasedTimeoutPolicyId <String>]
: The unique identifier of activityBasedTimeoutPolicy[AppManagementPolicyId <String>]
: The unique identifier of appManagementPolicy[AuthenticationCombinationConfigurationId <String>]
: The unique identifier of authenticationCombinationConfiguration[AuthenticationConditionApplicationAppId <String>]
: The unique identifier of authenticationConditionApplication[AuthenticationContextClassReferenceId <String>]
: The unique identifier of authenticationContextClassReference[AuthenticationEventListenerId <String>]
: The unique identifier of authenticationEventListener[AuthenticationEventsFlowId <String>]
: The unique identifier of authenticationEventsFlow[AuthenticationMethodConfigurationId <String>]
: The unique identifier of authenticationMethodConfiguration[AuthenticationMethodId <String>]
: The unique identifier of authenticationMethod[AuthenticationMethodModeDetailId <String>]
: The unique identifier of authenticationMethodModeDetail[AuthenticationStrengthPolicyId <String>]
: The unique identifier of authenticationStrengthPolicy[B2XIdentityUserFlowId <String>]
: The unique identifier of b2xIdentityUserFlow[BitlockerRecoveryKeyId <String>]
: The unique identifier of bitlockerRecoveryKey[CertificateBasedAuthConfigurationId <String>]
: The unique identifier of certificateBasedAuthConfiguration[ClaimsMappingPolicyId <String>]
: The unique identifier of claimsMappingPolicy[ConditionalAccessPolicyId <String>]
: The unique identifier of conditionalAccessPolicy[ConditionalAccessTemplateId <String>]
: The unique identifier of conditionalAccessTemplate[CrossTenantAccessPolicyConfigurationPartnerTenantId <String>]
: The unique identifier of crossTenantAccessPolicyConfigurationPartner[CustomAuthenticationExtensionId <String>]
: The unique identifier of customAuthenticationExtension[DataPolicyOperationId <String>]
: The unique identifier of dataPolicyOperation[DirectoryObjectId <String>]
: The unique identifier of directoryObject[EmailAuthenticationMethodId <String>]
: The unique identifier of emailAuthenticationMethod[FeatureRolloutPolicyId <String>]
: The unique identifier of featureRolloutPolicy[Fido2AuthenticationMethodId <String>]
: The unique identifier of fido2AuthenticationMethod[HomeRealmDiscoveryPolicyId <String>]
: The unique identifier of homeRealmDiscoveryPolicy[IdentityApiConnectorId <String>]
: The unique identifier of identityApiConnector[IdentityProviderBaseId <String>]
: The unique identifier of identityProviderBase[IdentityProviderId <String>]
: The unique identifier of identityProvider[IdentityUserFlowAttributeAssignmentId <String>]
: The unique identifier of identityUserFlowAttributeAssignment[IdentityUserFlowAttributeId <String>]
: The unique identifier of identityUserFlowAttribute[LongRunningOperationId <String>]
: The unique identifier of longRunningOperation[MicrosoftAuthenticatorAuthenticationMethodId <String>]
: The unique identifier of microsoftAuthenticatorAuthenticationMethod[MultiTenantOrganizationMemberId <String>]
: The unique identifier of multiTenantOrganizationMember[NamedLocationId <String>]
: The unique identifier of namedLocation[OAuth2PermissionGrantId <String>]
: The unique identifier of oAuth2PermissionGrant[OrganizationId <String>]
: The unique identifier of organization[PasswordAuthenticationMethodId <String>]
: The unique identifier of passwordAuthenticationMethod[PermissionGrantConditionSetId <String>]
: The unique identifier of permissionGrantConditionSet[PermissionGrantPolicyId <String>]
: The unique identifier of permissionGrantPolicy[PhoneAuthenticationMethodId <String>]
: The unique identifier of phoneAuthenticationMethod[RiskDetectionId <String>]
: The unique identifier of riskDetection[RiskyServicePrincipalHistoryItemId <String>]
: The unique identifier of riskyServicePrincipalHistoryItem[RiskyServicePrincipalId <String>]
: The unique identifier of riskyServicePrincipal[RiskyUserHistoryItemId <String>]
: The unique identifier of riskyUserHistoryItem[RiskyUserId <String>]
: The unique identifier of riskyUser[ServicePrincipalRiskDetectionId <String>]
: The unique identifier of servicePrincipalRiskDetection[SoftwareOathAuthenticationMethodId <String>]
: The unique identifier of softwareOathAuthenticationMethod[TemporaryAccessPassAuthenticationMethodId <String>]
: The unique identifier of temporaryAccessPassAuthenticationMethod[ThreatAssessmentRequestId <String>]
: The unique identifier of threatAssessmentRequest[ThreatAssessmentResultId <String>]
: The unique identifier of threatAssessmentResult[TokenIssuancePolicyId <String>]
: The unique identifier of tokenIssuancePolicy[TokenLifetimePolicyId <String>]
: The unique identifier of tokenLifetimePolicy[UnifiedRoleManagementPolicyAssignmentId <String>]
: The unique identifier of unifiedRoleManagementPolicyAssignment[UnifiedRoleManagementPolicyId <String>]
: The unique identifier of unifiedRoleManagementPolicy[UnifiedRoleManagementPolicyRuleId <String>]
: The unique identifier of unifiedRoleManagementPolicyRule[UserFlowLanguageConfigurationId <String>]
: The unique identifier of userFlowLanguageConfiguration[UserFlowLanguagePageId <String>]
: The unique identifier of userFlowLanguagePage[UserId <String>]
: The unique identifier of user[WindowsHelloForBusinessAuthenticationMethodId <String>]
: The unique identifier of windowsHelloForBusinessAuthenticationMethod