Get tenantAppManagementPolicy

Namespace: microsoft.graph

Read the properties of a tenantAppManagementPolicy object.

This API is supported in the following national cloud deployments.

Global service US Government L4 US Government L5 (DOD) China operated by 21Vianet


One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permission type Permissions (from least to most privileged)
Delegated (work or school account) Policy.Read.All, Policy.ReadWrite.ApplicationConfiguration
Delegated (personal Microsoft account) Not supported.
Application Policy.Read.All, Policy.ReadWrite.ApplicationConfiguration

To configure application authentication method policies, the calling user must also be assigned at least the Application Administrator or Cloud Application Administrator directory role.

HTTP request

GET /policies/defaultAppManagementPolicy

Request headers

Name Description
Authorization Bearer {token}. Required.

Request body

Do not supply a request body for this method.


If successful, this method returns a 200 OK response code and the requested defaultAppManagementPolicy object in the response body.



The following is an example of the request.



The following is an example of the response that shows the default tenant app management policy.

HTTP/1.1 200 OK
Content-type: application/json

    "@odata.context": "$metadata#policies/defaultAppManagementPolicy/$entity",
    "": "",
    "id": "00000000-0000-0000-0000-000000000000",
    "displayName": "Default app management tenant policy",
    "description": "Default tenant policy that enforces app management restrictions on applications and service principals. To apply policy to targeted resources, create a new policy under appManagementPolicies collection.",
    "isEnabled": false,
    "applicationRestrictions": {
        "passwordCredentials": [],
    "servicePrincipalRestrictions": {
        "passwordCredentials": [],