Microsoft Graph supports policies to modify behavior of Microsoft Entra components. A policy is defined globally in the tenant and then applied to the entire organization or to one or more applications, service principals, or groups.
The utexas tenant currently permits the following policy types:
- ClaimsMappingPolicy
- A claims mapping policy modifies the claims that are included in tokens. This policy type can select which claims are included, create new claims, or modify the source of an existing claim and each policy can be assigned to one or more service principal objects.
- HomeRealmDiscoveryPolicy
- A home realm discovery policy modifies the authentication behavior for federated users. This policy type can bypass home realm discovery and send authentication requests directly to a federated IDP such as ADFS, bypass federation and authenticate directly against the cloud when Password Hash Synchronization is enabled, or enable sign-in with an alternate ID such as an e-mail address that does not match a user principal name. Each policy can be assigned to one or more service principal objects. One policy can be assigned to the entire tenant via the IsOrganizationDefault property.