cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Accessing app centric permission via API

LarsSchw
Copper Contributor

‎Jun 11 2024 11:01 PM

‎Jun 11 2024 11:01 PM

Accessing app centric permission via API

Hi,

 

is there any way to access (get/set) app centric permissions from GraphAPI or any other API? Our usecase is that we want to set the configuration programatically and also assign groups to specific apps without using the admin.teams portal.

 

Best Regards

 

Lars

222 Views
0 Likes
5 Replies
Reply
5 Replies
Nivedipa-MSFT

‎Jun 12 2024 10:25 PM

‎Jun 12 2024 10:25 PM

Re: Accessing app centric permission via API

@LarsSchw -
We can set app management policies using the Graph API. You can check the following document for this.
appManagementPolicy resource type - Microsoft Graph v1.0 | Microsoft Learn

Please let us know if this is what you are looking for or if it is not exactly what you want?

0 Likes
Reply
Nivedipa-MSFT

‎Jun 16 2024 11:11 PM

‎Jun 16 2024 11:11 PM

Re: Accessing app centric permission via API

@LarsSchw - Could you please confirm is your issue resolved or are you still looking for any help?
0 Likes
Reply
LarsSchw

‎Jun 17 2024 01:05 AM

‎Jun 17 2024 01:05 AM

Re: Accessing app centric permission via API

@Nivedipa-MSFTUnfortunately, this didn't work. Trying to get all app policies using Get-MgPolicyAppManagementPolicy gives an empty list. Although I configured access for a security group using app-centric management in Teams Admin (beware, permission policies are no longer used in the Teams Admin UI; groups have been assigned under "Manage Apps").


This is the code I used:


$body = @{
Grant_Type = "client_credentials"
Scope = "https://graph.microsoft.com/.default"
Client_Id = $appid
Client_Secret = $secret
}

$connection = Invoke-RestMethod `
-Uri https://login.microsoftonline.com/$tenantid/oauth2/v2.0/token `
-Method POST `
-Body $body

$token = $connection.access_token | ConvertTo-SecureString -AsPlainText -Force

Connect-MgGraph -AccessToken $token

$catalog = Get-MgAppCatalogTeamApp -ExpandProperty "AppDefinitions" -Property "AppDefinitions"
$catalog | ConvertTo-Json -Depth 50 | Out-File -FilePath c:\temp\appcatalog.json

 

$policy = Get-MgPolicyAppManagementPolicy
$policy | ConvertTo-Json -Depth 50 | Out-File -FilePath c:\temp\appPolicy.json

 

 

Preview file
16 KB
0 Likes
Reply
Nivedipa-MSFT

‎Jun 17 2024 11:11 PM

‎Jun 17 2024 11:11 PM

Re: Accessing app centric permission via API

@LarsSchw - The Get-MgPolicyAppManagementPolicy cmdlet requires an -AppManagementPolicyId parameter. Ensure that you're providing the correct ID when calling the cmdlet?
0 Likes
Reply
Nivedipa-MSFT

‎Jun 19 2024 03:08 AM

‎Jun 19 2024 03:08 AM

Re: Accessing app centric permission via API

@LarsSchw - Have you verified the AppManagementPolicyId parameter?
0 Likes
Reply