featureRolloutPolicy resource type
The featureRolloutPolicy API moved from /directory/featureRolloutPolicies to /policies/featureRolloutPolicies on March 5, 2021. The previous /directory/featureRolloutPolicies endpoint stopped returning returning data after June 30, 2021.
APIs under the
/beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
Represents a feature rollout policy associated with a directory object. Creating a feature rollout policy helps tenant administrators to pilot features of Microsoft Entra ID with a specific group before enabling features for entire organization. This minimizes the impact and helps administrators to test and rollout authentication related features gradually.
The following are limitations of feature rollout:
- Each feature supports a maximum of 10 groups.
- The appliesTo field only supports groups.
- Dynamic groups and nested groups are not supported.
The following are pre-requisites for each of the features that are currently supported for rollout using this rollout policy.
- Identify a server running Windows Server 2012 R2 or later where you want the PassthroughAuthentication Agent to run. Ensure that the server is domain-joined, can authenticate selected users with Active Directory, and can communicate with Microsoft Entra ID on outbound ports / URLs.
- Download & install the Microsoft Entra Connect Authentication Agent on the server.
- To enable high availability, install additional Authentication Agents on other servers as described here.
- Ensure that you have configured your Smart Lockout settings appropriately. This is to ensure that your users' on-premises Active Directory accounts don't get locked out by bad actors.
- Enable PasswordHashSync from the "Optional features" page in Microsoft Entra Connect.
- Associate alternate email with user accounts.
|Retrieve a list of featureRolloutPolicy objects.
|Retrieve the properties and relationships of featurerolloutpolicy object.
|Create a new featureRolloutPolicy object.
|Update the properties of featurerolloutpolicy object.
|Delete a featureRolloutPolicy object.
|Assign a directoryObject to feature rollout.
|Remove a directoryObject from feature rollout.
|A description for this feature rollout policy.
|The display name for this feature rollout policy.
|Possible values are:
|Indicates whether this feature rollout policy should be applied to the entire organization.
|Indicates whether the feature rollout is enabled.
|Nullable. Specifies a list of directoryObjects that feature is enabled for.
The following is a JSON representation of the resource.
"id": "String (identifier)",