externalIdentitiesPolicy resource type

Namespace: microsoft.graph


APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.

Represents the tenant-wide policy that controls whether external users can leave the guest Microsoft Entra tenant via self-service controls. When permitted by the administrator, external users can leave the guest Microsoft Entra tenant through the organizations menu of the My Account portal.

Inherits from policyBase.


Method Return type Description
Get externalIdentitiesPolicy Read the properties and relationships of an externalIdentitiesPolicy object.
Update externalIdentitiesPolicy Update the properties of an externalIdentitiesPolicy object.


Property Type Description
allowDeletedIdentitiesDataRemoval Boolean Reserved for future use.
allowExternalIdentitiesToLeave Boolean Defines whether external users can leave the guest tenant. If set to false, self-service controls are disabled, and the admin of the guest tenant must manually remove the external user from the guest tenant. When the external user leaves the tenant, their data in the guest tenant is first soft-deleted then permanently deleted in 30 days.
displayName String The policy name. Inherited from policyBase.



JSON representation

The following JSON representation shows the resource type.

  "@odata.type": "#microsoft.graph.externalIdentitiesPolicy",
  "id": "String (identifier)",
  "description": "String",
  "displayName": "String",
  "allowExternalIdentitiesToLeave": "Boolean",
  "allowDeletedIdentitiesDataRemoval": "Boolean"