This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi All,
I am trying to Add and delete domains via "Microsoft Grap" at Entra Id > External Identities > External collaboration settings.
Does anyone know how to add and remove domains using Microsoft Graph when I select "Allow invitations only to the specified domains (most restrictive)" or "Deny invitations to the specified domains"?
Thanks
Leonardo
You can manage those via the B2BManagementPolicy policy under https://graph.microsoft.com/beta/legacy/policies
Going forward, you should be using the cross-tenant collaboration policies instead.
Thanks for your answer.
Thanks for your answer, now I can view my policy, but when I try to PATCH it I get this response. I tried to configure my application permissions to allow "Policy.ReadWrite.All" but I did not found.
JSON
{
"error": {
"code": "Authorization_RequestDenied",
"message": "Insufficient privileges to complete the operation.",
"innerError": {
"date": "2024-09-03T14:55:09",
"request-id": "c872259d-0f79-425e-a082-cd5edaec304b",
"client-request-id": "c872259d-0f79-425e-a082-cd5edaec304b"
}
}
}
This is my curl
YAML
curl
These are my Bearer Token Roles
"roles": [ "User.ReadWrite.All", "Policy.ReadWrite.ConditionalAccess", "Directory.ReadWrite.All", "AuditLog.Read.All", "Policy.Read.All" ],
You would need Global admin/Directory.AccessAsUser.All permissions for PATCH. Best use cross-tenant collaboration policies instead, as suggested above.
Thanks for your answer.
My PATCH is working!, it is not a good practice to use "graph.microsoft.com/beta" to go to production. Is there another way for me to PATCH my policy using "https://graph.microsoft.com/1.0/"?
curl --location --request PATCH 'https://graph.microsoft.com/beta/legacy/policies/14928e78-a165-40f1-99bc-003187112345' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJub25jZSI6InQ5V05yQ................' \
--data '{
"definition": [
"{\"B2BManagementPolicy\":{\"InvitationsAllowedAndBlockedDomainsPolicy\":{\"AllowedDomains\":[\"domain1.com\",\"domain2.com\"]},\"AutoRedeemPolicy\":{\"AdminConsentedForUsersIntoTenantIds\":null,\"NoAADConsentForUsersFromTenantsIds\":null}}}"
],
"displayName": "B2BManagementPolicy",
"isOrganizationDefault": true,
"type": "B2BManagementPolicy",
"keyCredentials": []
}'
No, this endpoint is not available on /v1.0 (and again, not supported, so you should not use it in production).
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 27%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)
Hello @Leonardo A. Barbastefano,
Just checking in to see if the above answer provided by @Vasil Michev helped.
If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.
Hello @Leonardo A. Barbastefano,
I would like to follow up with you regarding the issue. Please let me know if you're still facing any problems or if you have any additional questions.
If this answers your query, do click Accept Answer and Yes for was this answer helpful.
Hi Raja,
I can update the domain list, but unfortunately, this is in the beta version and is not supposed to be used in production. I just hope that this endpoint moves to version 1.0 soon.
Regards
Leonardo
Hello @Leonardo A. Barbastefano,
Thank you for your response.
Yes, as Vasil mentioned, this endpoint is currently not supported in v1.0, and there is no ETA for when it will be available. Please let me know if you have any other questions.
Please remember to "Accept Answer", so that others in the community facing similar issues can easily find the solution.
Thanks for your answer, now I can view my policy, but when I try to PATCH it I get this response. I tried to configure my application permissions to allow "Policy.ReadWrite.All" but I did not found.
{
"error": {
"code": "Authorization_RequestDenied",
"message": "Insufficient privileges to complete the operation.",
"innerError": {
"date": "2024-09-03T14:55:09",
"request-id": "c872259d-0f79-425e-a082-cd5edaec304b",
"client-request-id": "c872259d-0f79-425e-a082-cd5edaec304b"
}
}
}
This is my curl
curl --location --request PATCH 'https://graph.microsoft.com/beta/legacy/policies/14928e78-a165-40f1-99bc-003187122345' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJub25jZSI6Inh2eGcxQ25sN2xPc1N........................' \
--data '{
"definition": [
"{\"InvitationsAllowedAndBlockedDomainsPolicy\":{ \"AllowedDomains\":[\"example.com\",\"newdomain.com\",\"anotherdomain.org\"] }}"
]
}'
These are my Bearer Token Roles
"roles": [ "User.ReadWrite.All", "Policy.ReadWrite.ConditionalAccess", "Directory.ReadWrite.All", "AuditLog.Read.All", "Policy.Read.All" ],