Page Comparison

Microsoft Graph supports defining and assinging policy to applications to modify behavior such as allowing additional attributes to be emitted in claims or authenticating directly against Entra IDEntra ID uses policies to control behavior of Microsoft Entra features. A policy is defined globally in the Entra ID tenant and then applied to the entire tenant or to one or more more applications, service principals, or groups.

Create policy

Define the policy on the following page:
- Graph Policy Resources - Definitions
Create the policy per the following page:
- Graph Policy - Create Policy

Assign policy

...

Graph Policy Resources - Assignments

...

The utexas tenant currently permits the following policy types:

Expand

title	Claims Mapping Policy

A claims mapping policy modifies the claims that are included in tokens. This policy type can select which claims are included, create new claims, or modify the source of an existing claim and each policy can be assigned to one or more service principal objects.

Expand

title	Home Realm Discovery Policy

A home realm discovery policy modifies the authentication behavior for federated users. This policy type can bypass home realm discovery and send authentication requests directly to a federated IDP such as ADFS, bypass federation and authenticate directly against the cloud when Password Hash Synchronization is enabled, or enable sign-in with an alternate ID such as an e-mail address that does not match a user principal name. Each policy can be assigned to one or more service principal objects. One policy can be assigned to the entire tenant via the IsOrganizationDefault property.

References

https://learn.microsoft.com/en-us/graph/api/resources/policy-overview?view=graph-rest-1.0

Versions Compared

Old Version 8

New Version Current

Key

Create policy

Assign policy

References