Update application

Important

APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported.

Update the properties of an application object.

Permissions

One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permission type Permissions (from least to most privileged)
Delegated (work or school account) Directory.AccessAsUser.All
Delegated (personal Microsoft account) Not supported.
Application Application.ReadWrite.OwnedBy, Application.ReadWrite.All

HTTP request

PATCH /applications/{id}

Request headers

Name Type Description
Authorization string Bearer {token}. Required.

Request body

In the request body, supply the values for relevant fields that should be updated. Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values. For best performance, don't include existing values that haven't changed.

Property Type Description
api apiApplication Specifies settings for an application that implements a web API.
appRoles appRole collection The collection of application roles that an application may declare. These roles can be assigned to users, groups, or service principals. Not nullable.
displayName String The display name for the application.
groupMembershipClaims String Configures the groups claim issued in a user or OAuth 2.0 access token that the application expects. To set this attribute, use one of the following valid string values:
  • None
  • SecurityGroup: For security groups and Azure Active Directory (Azure AD) roles
  • All: This will get all of the security groups, distribution groups, and Azure AD directory roles that the signed-in user is a member of
identifierUris String collection The URIs that identify the application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant. For more information, see Application Objects and Service Principal Objects. The any operator is required for filter expressions on multi-valued properties. Not nullable.
info informationalUrl Basic profile information of the application such as app's marketing, support, terms of service, and privacy statement URLs. The terms of service and privacy statement are surfaced to users through the user consent experience. For more information, see Add Terms of service and privacy statement for registered Azure AD apps.
isFallbackPublicClient Boolean Specifies the fallback application type as public client, such as an installed application running on a mobile device. The default value is false, which means the fallback application type is confidential client such as web app. There are certain scenarios where Azure AD cannot determine the client application type (for example, ROPC flow where it is configured without specifying a redirect URI). In those cases, Azure AD will interpret the application type based on the value of this property.
keyCredentials keyCredential collection The collection of key credentials associated with the application. Not nullable.
logo Stream The main logo for the application. Not nullable.
optionalClaims optionalClaims Application developers can configure optional claims in their Azure AD apps to specify which claims they want in tokens sent to their application by the Microsoft security token service. See optional claims for more information.
parentalControlSettings parentalControlSettings Specifies parental control settings for an application.
passwordCredentials passwordCredential collection The collection of password credentials associated with the application. Not nullable.
publicClient publicClientApplication Specifies settings for installed clients such as desktop or mobile devices.
requiredResourceAccess requiredResourceAccess collection Specifies resources that this application requires access to and the set of OAuth permission scopes and application roles that it needs under each of those resources. This pre-configuration of required resource access drives the consent experience. Not nullable.
signInAudience String Specifies what Microsoft accounts are supported for the current application. Supported values are:
  • AzureADMyOrg: Users with a Microsoft work or school account in my organization’s Azure AD tenant (i.e. single tenant)
  • AzureADMultipleOrgs: Users with a Microsoft work or school account in any organization’s Azure AD tenant (i.e. multi-tenant)
  • AzureADandPersonalMicrosoftAccount: Users with a personal Microsoft account, or a work or school account in any organization’s Azure AD tenant
AzureADandPersonalMicrosoftAccount
tags String collection Custom strings that can be used to categorize and identify the application. Not nullable.
tokenEncryptionKeyId String Specifies the keyId of a public key from the keyCredentials collection. When configured, Azure AD encrypts all the tokens it emits by using the key this property points to. The application code that receives the encrypted token must use the matching private key to decrypt the token before it can be used for the signed-in user.
web webApplication Specifies settings for a web application.

Response

If successful, this method returns a 204 No Content response code and does not return anything in the response body.

Example

Request

Here is an example of the request.

PATCH https://graph.microsoft.com/beta/applications/{id}
Content-type: application/json
Content-length: 72

{
  "displayName": "New display name"
}
Response
HTTP/1.1 204 No Content