Microsoft Graph Policies
Microsoft Graph Policies is the set of Microsoft Graph API endpoints that let administrators and developers read and manage tenant-wide policy settings across Microsoft Entra ID and Microsoft 365.
OpenAPI Specification
openapi: 3.1.0
info:
title: Microsoft Graph Policies
description: Needs a description.
paths:
/identity/conditionalAccess/authenticationStrength/policies:
description: >-
Provides operations to manage the policies property of the
microsoft.graph.authenticationStrengthRoot entity.
get:
tags:
- identity.conditionalAccessRoot
summary: Microsoft Graph Get policies from identity
description: >-
A collection of authentication strength policies that exist for this
tenant, including both built-in and custom policies.
operationId: identity.conditionalAccess.authenticationStrength.ListPolicies
parameters:
- $ref: '#/components/parameters/top'
- $ref: '#/components/parameters/skip'
- $ref: '#/components/parameters/search'
- $ref: '#/components/parameters/filter'
- $ref: '#/components/parameters/count'
- name: $orderby
in: query
description: Order items by property values
style: form
explode: false
schema:
uniqueItems: true
type: array
items:
type: string
- name: $select
in: query
description: Select properties to be returned
style: form
explode: false
schema:
uniqueItems: true
type: array
items:
type: string
- name: $expand
in: query
description: Expand related entities
style: form
explode: false
schema:
uniqueItems: true
type: array
items:
type: string
responses:
2XX:
$ref: >-
#/components/responses/microsoft.graph.authenticationStrengthPolicyCollectionResponse
4XX:
$ref: '#/components/responses/error'
5XX:
$ref: '#/components/responses/error'
x-ms-pageable:
nextLinkName: '@odata.nextLink'
operationName: listMore
x-ms-docs-operation-type: operation
post:
tags:
- identity.conditionalAccessRoot
summary: Microsoft Graph Create new navigation property to policies for identity
operationId: identity.conditionalAccess.authenticationStrength.CreatePolicies
requestBody:
description: New navigation property
content:
application/json:
schema:
$ref: >-
#/components/schemas/microsoft.graph.authenticationStrengthPolicy
required: true
responses:
2XX:
description: Created navigation property.
content:
application/json:
schema:
$ref: >-
#/components/schemas/microsoft.graph.authenticationStrengthPolicy
4XX:
$ref: '#/components/responses/error'
5XX:
$ref: '#/components/responses/error'
x-ms-docs-operation-type: operation
/identity/conditionalAccess/authenticationStrength/policies/{authenticationStrengthPolicy-id}:
description: >-
Provides operations to manage the policies property of the
microsoft.graph.authenticationStrengthRoot entity.
get:
tags:
- identity.conditionalAccessRoot
summary: Microsoft Graph Get policies from identity
description: >-
A collection of authentication strength policies that exist for this
tenant, including both built-in and custom policies.
operationId: identity.conditionalAccess.authenticationStrength.GetPolicies
parameters:
- name: $select
in: query
description: Select properties to be returned
style: form
explode: false
schema:
uniqueItems: true
type: array
items:
type: string
- name: $expand
in: query
description: Expand related entities
style: form
explode: false
schema:
uniqueItems: true
type: array
items:
type: string
responses:
2XX:
description: Retrieved navigation property
content:
application/json:
schema:
$ref: >-
#/components/schemas/microsoft.graph.authenticationStrengthPolicy
4XX:
$ref: '#/components/responses/error'
5XX:
$ref: '#/components/responses/error'
x-ms-docs-operation-type: operation
patch:
tags:
- identity.conditionalAccessRoot
summary: Microsoft Graph Update the navigation property policies in identity
operationId: identity.conditionalAccess.authenticationStrength.UpdatePolicies
requestBody:
description: New navigation property values
content:
application/json:
schema:
$ref: >-
#/components/schemas/microsoft.graph.authenticationStrengthPolicy
required: true
responses:
2XX:
description: Success
content:
application/json:
schema:
$ref: >-
#/components/schemas/microsoft.graph.authenticationStrengthPolicy
4XX:
$ref: '#/components/responses/error'
5XX:
$ref: '#/components/responses/error'
x-ms-docs-operation-type: operation
delete:
tags:
- identity.conditionalAccessRoot
summary: Microsoft Graph Delete navigation property policies for identity
operationId: identity.conditionalAccess.authenticationStrength.DeletePolicies
parameters:
- name: If-Match
in: header
description: ETag
schema:
type: string
responses:
'204':
description: Success
4XX:
$ref: '#/components/responses/error'
5XX:
$ref: '#/components/responses/error'
x-ms-docs-operation-type: operation
parameters:
- name: authenticationStrengthPolicy-id
in: path
description: The unique identifier of authenticationStrengthPolicy
required: true
schema:
type: string
x-ms-docs-key-type: authenticationStrengthPolicy
/identity/conditionalAccess/authenticationStrength/policies/{authenticationStrengthPolicy-id}/combinationConfigurations:
description: >-
Provides operations to manage the combinationConfigurations property of
the microsoft.graph.authenticationStrengthPolicy entity.
get:
tags:
- identity.conditionalAccessRoot
summary: Microsoft Graph List combinationConfigurations
description: "Get the authenticationCombinationConfiguration objects for an authentication strength policy. The objects can be of one or more of the following derived types:\r\n* fido2combinationConfigurations\r\n* x509certificatecombinationconfiguration authenticationCombinationConfiguration objects are supported only for custom authentication strengths."
externalDocs:
description: Find more info here
url: >-
https://learn.microsoft.com/graph/api/authenticationstrengthpolicy-list-combinationconfigurations?view=graph-rest-1.0
operationId: >-
identity.conditionalAccess.authenticationStrength.policies.ListCombinationConfigurations
parameters:
- $ref: '#/components/parameters/top'
- $ref: '#/components/parameters/skip'
- $ref: '#/components/parameters/search'
- $ref: '#/components/parameters/filter'
- $ref: '#/components/parameters/count'
- name: $orderby
in: query
description: Order items by property values
style: form
explode: false
schema:
uniqueItems: true
type: array
items:
type: string
- name: $select
in: query
description: Select properties to be returned
style: form
explode: false
schema:
uniqueItems: true
type: array
items:
type: string
- name: $expand
in: query
description: Expand related entities
style: form
explode: false
schema:
uniqueItems: true
type: array
items:
type: string
responses:
2XX:
$ref: >-
#/components/responses/microsoft.graph.authenticationCombinationConfigurationCollectionResponse
4XX:
$ref: '#/components/responses/error'
5XX:
$ref: '#/components/responses/error'
x-ms-pageable:
nextLinkName: '@odata.nextLink'
operationName: listMore
x-ms-docs-operation-type: operation
post:
tags:
- identity.conditionalAccessRoot
summary: Microsoft Graph Create authenticationCombinationConfiguration
description: "Create a new authenticationCombinationConfiguration object which can be of one of the following derived types:\r\n* fido2combinationConfiguration\r\n* x509certificatecombinationconfiguration"
externalDocs:
description: Find more info here
url: >-
https://learn.microsoft.com/graph/api/authenticationstrengthpolicy-post-combinationconfigurations?view=graph-rest-1.0
operationId: >-
identity.conditionalAccess.authenticationStrength.policies.CreateCombinationConfigurations
requestBody:
description: New navigation property
content:
application/json:
schema:
$ref: >-
#/components/schemas/microsoft.graph.authenticationCombinationConfiguration
required: true
responses:
2XX:
description: Created navigation property.
content:
application/json:
schema:
$ref: >-
#/components/schemas/microsoft.graph.authenticationCombinationConfiguration
4XX:
$ref: '#/components/responses/error'
5XX:
$ref: '#/components/responses/error'
x-ms-docs-operation-type: operation
parameters:
- name: authenticationStrengthPolicy-id
in: path
description: The unique identifier of authenticationStrengthPolicy
required: true
schema:
type: string
x-ms-docs-key-type: authenticationStrengthPolicy
? /identity/conditionalAccess/authenticationStrength/policies/{authenticationStrengthPolicy-id}/combinationConfigurations/{authenticationCombinationConfiguration-id}
: description: >-
Provides operations to manage the combinationConfigurations property of
the microsoft.graph.authenticationStrengthPolicy entity.
get:
tags:
- identity.conditionalAccessRoot
summary: Microsoft Graph Get authenticationCombinationConfiguration
description: >-
Read the properties and relationships of an
authenticationCombinationConfiguration object.
externalDocs:
description: Find more info here
url: >-
https://learn.microsoft.com/graph/api/authenticationcombinationconfiguration-get?view=graph-rest-1.0
operationId: >-
identity.conditionalAccess.authenticationStrength.policies.GetCombinationConfigurations
parameters:
- name: $select
in: query
description: Select properties to be returned
style: form
explode: false
schema:
uniqueItems: true
type: array
items:
type: string
- name: $expand
in: query
description: Expand related entities
style: form
explode: false
schema:
uniqueItems: true
type: array
items:
type: string
responses:
2XX:
description: Retrieved navigation property
content:
application/json:
schema:
$ref: >-
#/components/schemas/microsoft.graph.authenticationCombinationConfiguration
4XX:
$ref: '#/components/responses/error'
5XX:
$ref: '#/components/responses/error'
x-ms-docs-operation-type: operation
patch:
tags:
- identity.conditionalAccessRoot
summary: Microsoft Graph Update authenticationCombinationConfiguration
description: "Update the properties of an authenticationCombinationConfiguration object. \r\nThe properties can be for one of the following derived types:\r\n* fido2combinationConfigurations\r\n* x509certificatecombinationconfiguration"
externalDocs:
description: Find more info here
url: >-
https://learn.microsoft.com/graph/api/authenticationcombinationconfiguration-update?view=graph-rest-1.0
operationId: >-
identity.conditionalAccess.authenticationStrength.policies.UpdateCombinationConfigurations
requestBody:
description: New navigation property values
content:
application/json:
schema:
$ref: >-
#/components/schemas/microsoft.graph.authenticationCombinationConfiguration
required: true
responses:
2XX:
description: Success
content:
application/json:
schema:
$ref: >-
#/components/schemas/microsoft.graph.authenticationCombinationConfiguration
4XX:
$ref: '#/components/responses/error'
5XX:
$ref: '#/components/responses/error'
x-ms-docs-operation-type: operation
delete:
tags:
- identity.conditionalAccessRoot
summary: Microsoft Graph Delete authenticationCombinationConfiguration
description: >-
Delete an authenticationCombinationConfiguration for a custom
authenticationStrengthPolicy object.
externalDocs:
description: Find more info here
url: >-
https://learn.microsoft.com/graph/api/authenticationstrengthpolicy-delete-combinationconfigurations?view=graph-rest-1.0
operationId: >-
identity.conditionalAccess.authenticationStrength.policies.DeleteCombinationConfigurations
parameters:
- name: If-Match
in: header
description: ETag
schema:
type: string
responses:
'204':
description: Success
4XX:
$ref: '#/components/responses/error'
5XX:
$ref: '#/components/responses/error'
x-ms-docs-operation-type: operation
parameters:
- name: authenticationStrengthPolicy-id
in: path
description: The unique identifier of authenticationStrengthPolicy
required: true
schema:
type: string
x-ms-docs-key-type: authenticationStrengthPolicy
- name: authenticationCombinationConfiguration-id
in: path
description: The unique identifier of authenticationCombinationConfiguration
required: true
schema:
type: string
x-ms-docs-key-type: authenticationCombinationConfiguration
? /identity/conditionalAccess/authenticationStrength/policies/{authenticationStrengthPolicy-id}/combinationConfigurations/$count
: description: Provides operations to count the resources in the collection.
get:
tags:
- identity.conditionalAccessRoot
summary: Microsoft Graph Get the number of the resource
operationId: >-
identity.conditionalAccess.authenticationStrength.policies.combinationConfigurations.GetCount-64b7
parameters:
- $ref: '#/components/parameters/search'
- $ref: '#/components/parameters/filter'
responses:
2XX:
$ref: '#/components/responses/ODataCountResponse'
4XX:
$ref: '#/components/responses/error'
5XX:
$ref: '#/components/responses/error'
parameters:
- name: authenticationStrengthPolicy-id
in: path
description: The unique identifier of authenticationStrengthPolicy
required: true
schema:
type: string
x-ms-docs-key-type: authenticationStrengthPolicy
/identity/conditionalAccess/authenticationStrength/policies/{authenticationStrengthPolicy-id}/updateAllowedCombinations:
description: Provides operations to call the updateAllowedCombinations method.
post:
tags:
- identity.conditionalAccessRoot
summary: Microsoft Graph Invoke action updateAllowedCombinations
description: >-
Update the allowedCombinations property of an
authenticationStrengthPolicy object. To update other properties of an
authenticationStrengthPolicy object, use the Update
authenticationStrengthPolicy method.
externalDocs:
description: Find more info here
url: >-
https://learn.microsoft.com/graph/api/authenticationstrengthpolicy-updateallowedcombinations?view=graph-rest-1.0
operationId: >-
identity.conditionalAccess.authenticationStrength.policies.authenticationStrengthPolicy.updateAllowedCombinations
requestBody:
description: Action parameters
content:
application/json:
schema:
type: object
properties:
allowedCombinations:
type: array
items:
anyOf:
- $ref: >-
#/components/schemas/microsoft.graph.authenticationMethodModes
- type: object
nullable: true
required: true
responses:
2XX:
description: Success
content:
application/json:
schema:
anyOf:
- $ref: >-
#/components/schemas/microsoft.graph.updateAllowedCombinationsResult
- type: object
nullable: true
4XX:
$ref: '#/components/responses/error'
5XX:
$ref: '#/components/responses/error'
x-ms-docs-operation-type: action
parameters:
- name: authenticationStrengthPolicy-id
in: path
description: The unique identifier of authenticationStrengthPolicy
required: true
schema:
type: string
x-ms-docs-key-type: authenticationStrengthPolicy
/identity/conditionalAccess/authenticationStrength/policies/{authenticationStrengthPolicy-id}/usage():
description: Provides operations to call the usage method.
get:
tags:
- identity.conditionalAccessRoot
summary: Microsoft Graph Invoke function usage
description: >-
Allows the caller to see which Conditional Access policies reference a
specified authentication strength policy. The policies are returned in
two collections, one containing Conditional Access policies that require
an MFA claim and the other containing Conditional Access policies that
do not require such a claim. Policies in the former category are
restricted in what kinds of changes may be made to them to prevent
undermining the MFA requirement of those policies.
externalDocs:
description: Find more info here
url: >-
https://learn.microsoft.com/graph/api/authenticationstrengthpolicy-usage?view=graph-rest-1.0
operationId: >-
identity.conditionalAccess.authenticationStrength.policies.authenticationStrengthPolicy.usage
responses:
2XX:
description: Success
content:
application/json:
schema:
anyOf:
- $ref: >-
#/components/schemas/microsoft.graph.authenticationStrengthUsage
- type: object
nullable: true
4XX:
$ref: '#/components/responses/error'
5XX:
$ref: '#/components/responses/error'
x-ms-docs-operation-type: function
parameters:
- name: authenticationStrengthPolicy-id
in: path
description: The unique identifier of authenticationStrengthPolicy
required: true
schema:
type: string
x-ms-docs-key-type: authenticationStrengthPolicy
/identity/conditionalAccess/authenticationStrength/policies/$count:
description: Provides operations to count the resources in the collection.
get:
tags:
- identity.conditionalAccessRoot
summary: Microsoft Graph Get the number of the resource
operationId: identity.conditionalAccess.authenticationStrength.policies.GetCount-8166
parameters:
- $ref: '#/components/parameters/search'
- $ref: '#/components/parameters/filter'
responses:
2XX:
$ref: '#/components/responses/ODataCountResponse'
4XX:
$ref: '#/components/responses/error'
5XX:
$ref: '#/components/responses/error'
/identity/conditionalAccess/policies:
description: >-
Provides operations to manage the policies property of the
microsoft.graph.conditionalAccessRoot entity.
get:
tags:
- identity.conditionalAccessRoot
summary: Microsoft Graph List policies
description: Retrieve a list of conditionalAccessPolicy objects.
externalDocs:
description: Find more info here
url: >-
https://learn.microsoft.com/graph/api/conditionalaccessroot-list-policies?view=graph-rest-1.0
operationId: identity.conditionalAccess.ListPolicies
parameters:
- $ref: '#/components/parameters/top'
- $ref: '#/components/parameters/skip'
- $ref: '#/components/parameters/search'
- $ref: '#/components/parameters/filter'
- $ref: '#/components/parameters/count'
- name: $orderby
in: query
description: Order items by property values
style: form
explode: false
schema:
uniqueItems: true
type: array
items:
type: string
- name: $select
in: query
description: Select properties to be returned
style: form
explode: false
schema:
uniqueItems: true
type: array
items:
type: string
- name: $expand
in: query
description: Expand related entities
style: form
explode: false
schema:
uniqueItems: true
type: array
items:
type: string
responses:
2XX:
$ref: >-
#/components/responses/microsoft.graph.conditionalAccessPolicyCollectionResponse
4XX:
$ref: '#/components/responses/error'
5XX:
$ref: '#/components/responses/error'
x-ms-pageable:
nextLinkName: '@odata.nextLink'
operationName: listMore
x-ms-docs-operation-type: operation
post:
tags:
- identity.conditionalAccessRoot
summary: Microsoft Graph Create conditionalAccessPolicy
description: Create a new conditionalAccessPolicy.
externalDocs:
description: Find more info here
url: >-
https://learn.microsoft.com/graph/api/conditionalaccessroot-post-policies?view=graph-rest-1.0
operationId: identity.conditionalAccess.CreatePolicies
requestBody:
description: New navigation property
content:
application/json:
schema:
$ref: '#/components/schemas/microsoft.graph.conditionalAccessPolicy'
required: true
responses:
2XX:
description: Created navigation property.
content:
application/json:
schema:
$ref: '#/components/schemas/microsoft.graph.conditionalAccessPolicy'
4XX:
$ref: '#/components/responses/error'
5XX:
$ref: '#/components/responses/error'
x-ms-docs-operation-type: operation
/identity/conditionalAccess/policies/{conditionalAccessPolicy-id}:
description: >-
Provides operations to manage the policies property of the
microsoft.graph.conditionalAccessRoot entity.
get:
tags:
- identity.conditionalAccessRoot
summary: Microsoft Graph Get conditionalAccessPolicy
description: >-
Retrieve the properties and relationships of a conditionalAccessPolicy
object.
externalDocs:
description: Find more info here
url: >-
https://learn.microsoft.com/graph/api/conditionalaccesspolicy-get?view=graph-rest-1.0
operationId: identity.conditionalAccess.GetPolicies
parameters:
- name: $select
in: query
description: Select properties to be returned
style: form
explode: false
schema:
uniqueItems: true
type: array
items:
type: string
- name: $expand
in: query
description: Expand related entities
style: form
explode: false
schema:
uniqueItems: true
type: array
items:
type: string
responses:
2XX:
description: Retrieved navigation property
content:
application/json:
schema:
$ref: '#/components/schemas/microsoft.graph.conditionalAccessPolicy'
4XX:
$ref: '#/components/responses/error'
5XX:
$ref: '#/components/responses/error'
x-ms-docs-operation-type: operation
patch:
tags:
- identity.conditionalAccessRoot
summary: Microsoft Graph Update conditionalaccesspolicy
description: Update the properties of a conditionalAccessPolicy object.
externalDocs:
description: Find more info here
url: >-
https://learn.microsoft.com/graph/api/conditionalaccesspolicy-update?view=graph-rest-1.0
operationId: identity.conditionalAccess.UpdatePolicies
requestBody:
description: New navigation property values
content:
application/json:
schema:
$ref: '#/components/schemas/microsoft.graph.conditionalAccessPolicy'
required: true
responses:
2XX:
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/microsoft.graph.conditionalAccessPolicy'
4XX:
$ref: '#/components/responses/error'
5XX:
$ref: '#/components/responses/error'
x-ms-docs-operation-type: operation
delete:
tags:
- identity.conditionalAccessRoot
summary: Microsoft Graph Delete conditionalAccessPolicy
description: Delete a conditionalAccessPolicy object.
externalDocs:
description: Find more info here
url: >-
https://learn.microsoft.com/graph/api/conditionalaccesspolicy-delete?view=graph-rest-1.0
operationId: identity.conditionalAccess.DeletePolicies
parameters:
- name: If-Match
in: header
description: ETag
schema:
type: string
responses:
'204':
description: Success
4XX:
$ref: '#/components/responses/error'
5XX:
$ref: '#/components/responses/error'
x-ms-docs-operation-type: operation
parameters:
- name: conditionalAccessPolicy-id
in: path
description: The unique identifier of conditionalAccessPolicy
required: true
schema:
type: string
x-ms-docs-key-type: conditionalAccessPolicy
/identity/conditionalAccess/policies/$count:
description: Provides operations to count the resources in the collection.
get:
tags:
- identity.conditionalAccessRoot
summary: Microsoft Graph Get the number of the resource
operationId: identity.conditionalAccess.policies.GetCount-608a
parameters:
- $ref: '#/components/parameters/search'
- $ref: '#/components/parameters/filter'
responses:
2XX:
$ref: '#/components/responses/ODataCountResponse'
4XX:
$ref: '#/components/responses/error'
5XX:
$ref: '#/components/responses/error'
/policies:
description: Provides operations to manage the policyRoot singleton.
get:
tags:
- policies.policyRoot
summary: Microsoft Graph Get policies
operationId: policies.policyRoot.GetPolicyRoot
parameters:
- name: $select
in: query
description: Select properties to be returned
style: form
explode: false
schema:
uniqueItems: true
type: array
items:
type: string
- name: $expand
in: query
description: Expand related entities
style: form
explode: false
schema:
uniqueItems: true
type: array
items:
type: string
responses:
2XX:
description: Retrieved entity
content:
application/json:
schema:
$ref: '#/components/schemas/microsoft.graph.policyRoot'
4XX:
$ref: '#/components/responses/error'
5XX:
$ref: '#/components/responses/error'
x-ms-docs-operation-type: operation
patch:
tags:
- policies.policyRoot
summary: Microsoft Graph Update policies
operationId: policies.policyRoot.UpdatePolicyRoot
requestBody:
description: New property values
content:
application/json:
schema:
$ref: '#/components/schemas/microsoft.graph.policyRoot'
required: true
responses:
2XX:
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/microsoft.graph.policyRoot'
4XX:
$ref: '#/components/responses/error'
5XX:
$ref: '#/components/responses/error'
x-ms-docs-operation-type: operation
/policies/activityBasedTimeoutPolicies:
description: >-
Provides operations to manage the activityBasedTimeoutPolicies property of
the microsoft.graph.policyRoot entity.
get:
tags:
- policies.activityBasedTimeoutPolicy
summary: Microsoft Graph List activityBasedTimeoutPolicies
description: Get a list of activityBasedTimeoutPolicy objects.
externalDocs:
description: Find more info here
url: >-
https://learn.microsoft.com/graph/api/activitybasedtimeoutpolicy-list?view=graph-rest-1.0
operationId: policies.ListActivityBasedTimeoutPolicies
parameters:
- $ref: '#/components/parameters/top'
- $ref: '#/components/parameters/skip'
- $ref: '#/components/parameters/search'
- $ref: '#/components/parameters/filter'
- $ref: '#/components/parameters/count'
- name: $orderby
in: query
description: Order items by property values
style: form
explode: false
schema:
uniqueItems: true
type: array
items:
type: string
- name: $select
in: query
description: Select properties to be returned
style: form
explode: false
schema:
uniqueItems: true
type: array
items:
type: string
- name: $expand
in: query
description: Expand related entities
style: form
explode: false
schema:
uniqueItems: true
type: array
items:
type: string
responses:
2XX:
$ref: >-
#/components/responses/microsoft.graph.activityBasedTimeoutPolicyCollectionResponse
4XX:
$ref: '#/components/responses/error'
5XX:
$ref: '#/components/responses/error'
x-ms-pageable:
nextLinkName: '@odata.nextLink'
operationName: listMore
x-ms-docs-operation-type: operation
post:
tags:
- policies.activityBasedTimeoutPolicy
summary: Microsoft Graph Create activityBasedTimeo
# --- truncated at 32 KB (311 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/microsoft-graph/refs/heads/main/openapi/policies-openapi-original.yml