APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
Permission type
Least privileged permissions
Higher privileged permissions
Delegated (work or school account)
Policy.ReadWrite.PermissionGrant
Not available.
Delegated (personal Microsoft account)
Not supported.
Not supported.
Application
Policy.ReadWrite.PermissionGrant
Not available.
To read the configuration, the calling user must also be assigned at least one of the following Microsoft Entra roles.
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new PermissionGrantPreApprovalPolicy
{
Conditions = new List<PreApprovalDetail>
{
new PreApprovalDetail
{
ScopeType = ResourceScopeType.Chat,
SensitivityLabels = new AllScopeSensitivityLabels
{
OdataType = "#microsoft.graph.allScopeSensitivityLabels",
LabelKind = LabelKind.All,
},
Permissions = new AllPreApprovedPermissions
{
OdataType = "#microsoft.graph.allPreApprovedPermissions",
PermissionKind = PermissionKind.All,
PermissionType = PermissionType.Application,
},
},
new PreApprovalDetail
{
ScopeType = ResourceScopeType.Group,
Permissions = new EnumeratedPreApprovedPermissions
{
OdataType = "#microsoft.graph.enumeratedPreApprovedPermissions",
PermissionKind = PermissionKind.Enumerated,
PermissionType = PermissionType.Application,
ResourceApplicationId = "00000003-0000-0000-c000-000000000000",
PermissionIds = new List<string>
{
"134483aa-3dda-4d65-ac91-b8dda1417875",
"9d33613d-f855-483b-bca7-ea63ac9f5485",
},
},
AdditionalData = new Dictionary<string, object>
{
{
"scopeSensitivityLabels" , new EnumeratedScopeSensitivityLabels
{
OdataType = "microsoft.graph.enumeratedScopeSensitivityLabels",
LabelKind = LabelKind.Enumerated,
SensitivityLabels = new List<string>
{
"d9c43deb-f3e1-4422-9fd6-ccf22a3206b8",
"c99dade2-aa54-4890-ac1c-a146fa26bd1e",
},
}
},
},
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Policies.PermissionGrantPreApprovalPolicies.PostAsync(requestBody);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewPermissionGrantPreApprovalPolicy()
preApprovalDetail := graphmodels.NewPreApprovalDetail()
scopeType := graphmodels.CHAT_RESOURCESCOPETYPE
preApprovalDetail.SetScopeType(&scopeType)
sensitivityLabels := graphmodels.NewAllScopeSensitivityLabels()
labelKind := graphmodels.ALL_LABELKIND
sensitivityLabels.SetLabelKind(&labelKind)
preApprovalDetail.SetSensitivityLabels(sensitivityLabels)
permissions := graphmodels.NewAllPreApprovedPermissions()
permissionKind := graphmodels.ALL_PERMISSIONKIND
permissions.SetPermissionKind(&permissionKind)
permissionType := graphmodels.APPLICATION_PERMISSIONTYPE
permissions.SetPermissionType(&permissionType)
preApprovalDetail.SetPermissions(permissions)
preApprovalDetail1 := graphmodels.NewPreApprovalDetail()
scopeType := graphmodels.GROUP_RESOURCESCOPETYPE
preApprovalDetail1.SetScopeType(&scopeType)
permissions := graphmodels.NewEnumeratedPreApprovedPermissions()
permissionKind := graphmodels.ENUMERATED_PERMISSIONKIND
permissions.SetPermissionKind(&permissionKind)
permissionType := graphmodels.APPLICATION_PERMISSIONTYPE
permissions.SetPermissionType(&permissionType)
resourceApplicationId := "00000003-0000-0000-c000-000000000000"
permissions.SetResourceApplicationId(&resourceApplicationId)
permissionIds := []string {
"134483aa-3dda-4d65-ac91-b8dda1417875",
"9d33613d-f855-483b-bca7-ea63ac9f5485",
}
permissions.SetPermissionIds(permissionIds)
preApprovalDetail1.SetPermissions(permissions)
additionalData := map[string]interface{}{
scopeSensitivityLabels := graphmodels.NewEnumeratedScopeSensitivityLabels()
labelKind := graphmodels.ENUMERATED_LABELKIND
scopeSensitivityLabels.SetLabelKind(&labelKind)
sensitivityLabels := []string {
"d9c43deb-f3e1-4422-9fd6-ccf22a3206b8",
"c99dade2-aa54-4890-ac1c-a146fa26bd1e",
}
scopeSensitivityLabels.SetSensitivityLabels(sensitivityLabels)
preApprovalDetail1.SetScopeSensitivityLabels(scopeSensitivityLabels)
}
preApprovalDetail1.SetAdditionalData(additionalData)
conditions := []graphmodels.PreApprovalDetailable {
preApprovalDetail,
preApprovalDetail1,
}
requestBody.SetConditions(conditions)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
permissionGrantPreApprovalPolicies, err := graphClient.Policies().PermissionGrantPreApprovalPolicies().Post(context.Background(), requestBody, nil)
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
PermissionGrantPreApprovalPolicy permissionGrantPreApprovalPolicy = new PermissionGrantPreApprovalPolicy();
LinkedList<PreApprovalDetail> conditions = new LinkedList<PreApprovalDetail>();
PreApprovalDetail preApprovalDetail = new PreApprovalDetail();
preApprovalDetail.setScopeType(ResourceScopeType.Chat);
AllScopeSensitivityLabels sensitivityLabels = new AllScopeSensitivityLabels();
sensitivityLabels.setOdataType("#microsoft.graph.allScopeSensitivityLabels");
sensitivityLabels.setLabelKind(LabelKind.All);
preApprovalDetail.setSensitivityLabels(sensitivityLabels);
AllPreApprovedPermissions permissions = new AllPreApprovedPermissions();
permissions.setOdataType("#microsoft.graph.allPreApprovedPermissions");
permissions.setPermissionKind(PermissionKind.All);
permissions.setPermissionType(PermissionType.Application);
preApprovalDetail.setPermissions(permissions);
conditions.add(preApprovalDetail);
PreApprovalDetail preApprovalDetail1 = new PreApprovalDetail();
preApprovalDetail1.setScopeType(ResourceScopeType.Group);
EnumeratedPreApprovedPermissions permissions1 = new EnumeratedPreApprovedPermissions();
permissions1.setOdataType("#microsoft.graph.enumeratedPreApprovedPermissions");
permissions1.setPermissionKind(PermissionKind.Enumerated);
permissions1.setPermissionType(PermissionType.Application);
permissions1.setResourceApplicationId("00000003-0000-0000-c000-000000000000");
LinkedList<String> permissionIds = new LinkedList<String>();
permissionIds.add("134483aa-3dda-4d65-ac91-b8dda1417875");
permissionIds.add("9d33613d-f855-483b-bca7-ea63ac9f5485");
permissions1.setPermissionIds(permissionIds);
preApprovalDetail1.setPermissions(permissions1);
HashMap<String, Object> additionalData = new HashMap<String, Object>();
EnumeratedScopeSensitivityLabels scopeSensitivityLabels = new EnumeratedScopeSensitivityLabels();
scopeSensitivityLabels.setOdataType("microsoft.graph.enumeratedScopeSensitivityLabels");
scopeSensitivityLabels.setLabelKind(LabelKind.Enumerated);
LinkedList<String> sensitivityLabels1 = new LinkedList<String>();
sensitivityLabels1.add("d9c43deb-f3e1-4422-9fd6-ccf22a3206b8");
sensitivityLabels1.add("c99dade2-aa54-4890-ac1c-a146fa26bd1e");
scopeSensitivityLabels.setSensitivityLabels(sensitivityLabels1);
additionalData.put("scopeSensitivityLabels", scopeSensitivityLabels);
preApprovalDetail1.setAdditionalData(additionalData);
conditions.add(preApprovalDetail1);
permissionGrantPreApprovalPolicy.setConditions(conditions);
PermissionGrantPreApprovalPolicy result = graphClient.policies().permissionGrantPreApprovalPolicies().post(permissionGrantPreApprovalPolicy);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\PermissionGrantPreApprovalPolicy;
use Microsoft\Graph\Beta\Generated\Models\PreApprovalDetail;
use Microsoft\Graph\Beta\Generated\Models\ResourceScopeType;
use Microsoft\Graph\Beta\Generated\Models\AllScopeSensitivityLabels;
use Microsoft\Graph\Beta\Generated\Models\LabelKind;
use Microsoft\Graph\Beta\Generated\Models\AllPreApprovedPermissions;
use Microsoft\Graph\Beta\Generated\Models\PermissionKind;
use Microsoft\Graph\Beta\Generated\Models\PermissionType;
use Microsoft\Graph\Beta\Generated\Models\EnumeratedPreApprovedPermissions;
use Microsoft\Graph\Beta\Generated\Models\EnumeratedScopeSensitivityLabels;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new PermissionGrantPreApprovalPolicy();
$conditionsPreApprovalDetail1 = new PreApprovalDetail();
$conditionsPreApprovalDetail1->setScopeType(new ResourceScopeType('chat'));
$conditionsPreApprovalDetail1SensitivityLabels = new AllScopeSensitivityLabels();
$conditionsPreApprovalDetail1SensitivityLabels->setOdataType('#microsoft.graph.allScopeSensitivityLabels');
$conditionsPreApprovalDetail1SensitivityLabels->setLabelKind(new LabelKind('all'));
$conditionsPreApprovalDetail1->setSensitivityLabels($conditionsPreApprovalDetail1SensitivityLabels);
$conditionsPreApprovalDetail1Permissions = new AllPreApprovedPermissions();
$conditionsPreApprovalDetail1Permissions->setOdataType('#microsoft.graph.allPreApprovedPermissions');
$conditionsPreApprovalDetail1Permissions->setPermissionKind(new PermissionKind('all'));
$conditionsPreApprovalDetail1Permissions->setPermissionType(new PermissionType('application'));
$conditionsPreApprovalDetail1->setPermissions($conditionsPreApprovalDetail1Permissions);
$conditionsArray []= $conditionsPreApprovalDetail1;
$conditionsPreApprovalDetail2 = new PreApprovalDetail();
$conditionsPreApprovalDetail2->setScopeType(new ResourceScopeType('group'));
$conditionsPreApprovalDetail2Permissions = new EnumeratedPreApprovedPermissions();
$conditionsPreApprovalDetail2Permissions->setOdataType('#microsoft.graph.enumeratedPreApprovedPermissions');
$conditionsPreApprovalDetail2Permissions->setPermissionKind(new PermissionKind('enumerated'));
$conditionsPreApprovalDetail2Permissions->setPermissionType(new PermissionType('application'));
$conditionsPreApprovalDetail2Permissions->setResourceApplicationId('00000003-0000-0000-c000-000000000000');
$conditionsPreApprovalDetail2Permissions->setPermissionIds(['134483aa-3dda-4d65-ac91-b8dda1417875', '9d33613d-f855-483b-bca7-ea63ac9f5485', ]);
$conditionsPreApprovalDetail2->setPermissions($conditionsPreApprovalDetail2Permissions);
$additionalData = [
'scopeSensitivityLabels' => [
'@odata.type' => 'microsoft.graph.enumeratedScopeSensitivityLabels',
'labelKind' => new LabelKind('enumerated'),
'sensitivityLabels' => [
'd9c43deb-f3e1-4422-9fd6-ccf22a3206b8', 'c99dade2-aa54-4890-ac1c-a146fa26bd1e', ],
],
];
$conditionsPreApprovalDetail2->setAdditionalData($additionalData);
$conditionsArray []= $conditionsPreApprovalDetail2;
$requestBody->setConditions($conditionsArray);
$result = $graphServiceClient->policies()->permissionGrantPreApprovalPolicies()->post($requestBody)->wait();
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new PermissionGrantPreApprovalPolicy
{
Conditions = new List<PreApprovalDetail>
{
new PreApprovalDetail
{
ScopeType = ResourceScopeType.Group,
SensitivityLabels = new AllScopeSensitivityLabels
{
OdataType = "#microsoft.graph.allScopeSensitivityLabels",
LabelKind = LabelKind.All,
},
Permissions = new PreApprovedPermissions
{
OdataType = "#microsoft.graph.allPermissionsOnResourceApp",
PermissionKind = PermissionKind.AllPermissionsOnResourceApp,
PermissionType = PermissionType.Application,
AdditionalData = new Dictionary<string, object>
{
{
"resourceApplicationId" , "00000003-0000-0000-c000-000000000000"
},
},
},
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Policies.PermissionGrantPreApprovalPolicies.PostAsync(requestBody);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewPermissionGrantPreApprovalPolicy()
preApprovalDetail := graphmodels.NewPreApprovalDetail()
scopeType := graphmodels.GROUP_RESOURCESCOPETYPE
preApprovalDetail.SetScopeType(&scopeType)
sensitivityLabels := graphmodels.NewAllScopeSensitivityLabels()
labelKind := graphmodels.ALL_LABELKIND
sensitivityLabels.SetLabelKind(&labelKind)
preApprovalDetail.SetSensitivityLabels(sensitivityLabels)
permissions := graphmodels.NewPreApprovedPermissions()
permissionKind := graphmodels.ALLPERMISSIONSONRESOURCEAPP_PERMISSIONKIND
permissions.SetPermissionKind(&permissionKind)
permissionType := graphmodels.APPLICATION_PERMISSIONTYPE
permissions.SetPermissionType(&permissionType)
additionalData := map[string]interface{}{
"resourceApplicationId" : "00000003-0000-0000-c000-000000000000",
}
permissions.SetAdditionalData(additionalData)
preApprovalDetail.SetPermissions(permissions)
conditions := []graphmodels.PreApprovalDetailable {
preApprovalDetail,
}
requestBody.SetConditions(conditions)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
permissionGrantPreApprovalPolicies, err := graphClient.Policies().PermissionGrantPreApprovalPolicies().Post(context.Background(), requestBody, nil)
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
PermissionGrantPreApprovalPolicy permissionGrantPreApprovalPolicy = new PermissionGrantPreApprovalPolicy();
LinkedList<PreApprovalDetail> conditions = new LinkedList<PreApprovalDetail>();
PreApprovalDetail preApprovalDetail = new PreApprovalDetail();
preApprovalDetail.setScopeType(ResourceScopeType.Group);
AllScopeSensitivityLabels sensitivityLabels = new AllScopeSensitivityLabels();
sensitivityLabels.setOdataType("#microsoft.graph.allScopeSensitivityLabels");
sensitivityLabels.setLabelKind(LabelKind.All);
preApprovalDetail.setSensitivityLabels(sensitivityLabels);
PreApprovedPermissions permissions = new PreApprovedPermissions();
permissions.setOdataType("#microsoft.graph.allPermissionsOnResourceApp");
permissions.setPermissionKind(PermissionKind.AllPermissionsOnResourceApp);
permissions.setPermissionType(PermissionType.Application);
HashMap<String, Object> additionalData = new HashMap<String, Object>();
additionalData.put("resourceApplicationId", "00000003-0000-0000-c000-000000000000");
permissions.setAdditionalData(additionalData);
preApprovalDetail.setPermissions(permissions);
conditions.add(preApprovalDetail);
permissionGrantPreApprovalPolicy.setConditions(conditions);
PermissionGrantPreApprovalPolicy result = graphClient.policies().permissionGrantPreApprovalPolicies().post(permissionGrantPreApprovalPolicy);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\PermissionGrantPreApprovalPolicy;
use Microsoft\Graph\Beta\Generated\Models\PreApprovalDetail;
use Microsoft\Graph\Beta\Generated\Models\ResourceScopeType;
use Microsoft\Graph\Beta\Generated\Models\AllScopeSensitivityLabels;
use Microsoft\Graph\Beta\Generated\Models\LabelKind;
use Microsoft\Graph\Beta\Generated\Models\PreApprovedPermissions;
use Microsoft\Graph\Beta\Generated\Models\PermissionKind;
use Microsoft\Graph\Beta\Generated\Models\PermissionType;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new PermissionGrantPreApprovalPolicy();
$conditionsPreApprovalDetail1 = new PreApprovalDetail();
$conditionsPreApprovalDetail1->setScopeType(new ResourceScopeType('group'));
$conditionsPreApprovalDetail1SensitivityLabels = new AllScopeSensitivityLabels();
$conditionsPreApprovalDetail1SensitivityLabels->setOdataType('#microsoft.graph.allScopeSensitivityLabels');
$conditionsPreApprovalDetail1SensitivityLabels->setLabelKind(new LabelKind('all'));
$conditionsPreApprovalDetail1->setSensitivityLabels($conditionsPreApprovalDetail1SensitivityLabels);
$conditionsPreApprovalDetail1Permissions = new PreApprovedPermissions();
$conditionsPreApprovalDetail1Permissions->setOdataType('#microsoft.graph.allPermissionsOnResourceApp');
$conditionsPreApprovalDetail1Permissions->setPermissionKind(new PermissionKind('allPermissionsOnResourceApp'));
$conditionsPreApprovalDetail1Permissions->setPermissionType(new PermissionType('application'));
$additionalData = [
'resourceApplicationId' => '00000003-0000-0000-c000-000000000000',
];
$conditionsPreApprovalDetail1Permissions->setAdditionalData($additionalData);
$conditionsPreApprovalDetail1->setPermissions($conditionsPreApprovalDetail1Permissions);
$conditionsArray []= $conditionsPreApprovalDetail1;
$requestBody->setConditions($conditionsArray);
$result = $graphServiceClient->policies()->permissionGrantPreApprovalPolicies()->post($requestBody)->wait();
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.permission_grant_pre_approval_policy import PermissionGrantPreApprovalPolicy
from msgraph_beta.generated.models.pre_approval_detail import PreApprovalDetail
from msgraph_beta.generated.models.resource_scope_type import ResourceScopeType
from msgraph_beta.generated.models.all_scope_sensitivity_labels import AllScopeSensitivityLabels
from msgraph_beta.generated.models.label_kind import LabelKind
from msgraph_beta.generated.models.pre_approved_permissions import PreApprovedPermissions
from msgraph_beta.generated.models.permission_kind import PermissionKind
from msgraph_beta.generated.models.permission_type import PermissionType
graph_client = GraphServiceClient(credentials, scopes)
request_body = PermissionGrantPreApprovalPolicy(
conditions = [
PreApprovalDetail(
scope_type = ResourceScopeType.Group,
sensitivity_labels = AllScopeSensitivityLabels(
odata_type = "#microsoft.graph.allScopeSensitivityLabels",
label_kind = LabelKind.All,
),
permissions = PreApprovedPermissions(
odata_type = "#microsoft.graph.allPermissionsOnResourceApp",
permission_kind = PermissionKind.AllPermissionsOnResourceApp,
permission_type = PermissionType.Application,
additional_data = {
"resource_application_id" : "00000003-0000-0000-c000-000000000000",
}
),
),
],
)
result = await graph_client.policies.permission_grant_pre_approval_policies.post(request_body)
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.