Create Policy


APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported.

Create a new policy object by specifying display name, policy type, and policy description.

Note: The policy details will be validated before being stored. If it does not pass validation, a 400 Bad Request will be returned.


One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permission type Permissions (from least to most privileged)
Delegated (work or school account) Directory.AccessAsUser.All
Delegated (personal Microsoft account) Not supported.
Application Not supported.

HTTP request

POST /policies

Request headers

Name Type Description
Authorization string Bearer {token}. Required.
Content-Type application/json Nature of the data in the body of an entity. Required.

Request body

In the request body, provide a JSON representation of policy object.

The following table shows the properties that are required when you create a policy.

Parameter Type Description
definition String The string version of the policy object.
displayName String A custom name for the policy.
type String Specifies the type of policy. Currently must be "TokenLifetimePolicy"


If successful, this method returns 201 Created response code and policy object in the response body. If unsuccessful, a 4xx error will be returned with specific details.


The following example creates a new token lifetime Policy. Notice the string definition parameter has escaped double quotes.


Here is an example of the request.

Content-Type: application/json


Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

HTTP/1.1 201 Created
Content-type: application/json