Accessing app centric permission via API

Copper Contributor



is there any way to access (get/set) app centric permissions from GraphAPI or any other API? Our usecase is that we want to set the configuration programatically and also assign groups to specific apps without using the admin.teams portal.


Best Regards



5 Replies

@LarsSchw -
We can set app management policies using the Graph API. You can check the following document for this.
appManagementPolicy resource type - Microsoft Graph v1.0 | Microsoft Learn

Please let us know if this is what you are looking for or if it is not exactly what you want?

@LarsSchw - Could you please confirm is your issue resolved or are you still looking for any help?

@Nivedipa-MSFTUnfortunately, this didn't work. Trying to get all app policies using Get-MgPolicyAppManagementPolicy gives an empty list. Although I configured access for a security group using app-centric management in Teams Admin (beware, permission policies are no longer used in the Teams Admin UI; groups have been assigned under "Manage Apps").

This is the code I used:

$body = @{
Grant_Type = "client_credentials"
Scope = ""
Client_Id = $appid
Client_Secret = $secret

$connection = Invoke-RestMethod `
-Uri$tenantid/oauth2/v2.0/token `
-Method POST `
-Body $body

$token = $connection.access_token | ConvertTo-SecureString -AsPlainText -Force

Connect-MgGraph -AccessToken $token

$catalog = Get-MgAppCatalogTeamApp -ExpandProperty "AppDefinitions" -Property "AppDefinitions"
$catalog | ConvertTo-Json -Depth 50 | Out-File -FilePath c:\temp\appcatalog.json


$policy = Get-MgPolicyAppManagementPolicy
$policy | ConvertTo-Json -Depth 50 | Out-File -FilePath c:\temp\appPolicy.json



@LarsSchw - The Get-MgPolicyAppManagementPolicy cmdlet requires an -AppManagementPolicyId parameter. Ensure that you're providing the correct ID when calling the cmdlet?
@LarsSchw - Have you verified the AppManagementPolicyId parameter?