Azure AD policy overview

Namespace: microsoft.graph


APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported.

Azure Active Directory (Azure AD) uses policies to control Azure AD feature behaviors in your organization. Policies are custom rules that you can enforce on applications, service principals, groups, or on the entire organization they are assigned to.

What policies are available?

Policy type Description Examples
activityBasedTimeoutPolicies Represents a policy that controls automatic sign-out for web sessions after a period of inactivity, for applications that support activity-based timeout functionality. Configure the Azure portal to have an inactivity timeout of 15 minutes.
authorizationPolicy Represents a policy that can control authorization settings of Azure Active Directory. Configure Azure AD to block MSOL PowerShell in the tenant.
claimsMappingPolicies Represents the claim-mapping policies for WS-Fed, SAML, OAuth 2.0, and OpenID Connect protocols, for tokens issued to a specific application. Create and assign a policy to omit the basic claims from tokens issued to a service principal.
homeRealmDiscoveryPolicies Represents a policy to control Azure Active Directory authentication behavior for federated users, in particular for auto-acceleration and user authentication restrictions in federated domains. Configure all users to skip home realm discovery and be routed directly to ADFS for authentication.
tokenLifetimePolicies Represents the lifetime duration of access tokens used to access protected resources. Configure a particularly sensitive application with a shorter than default token lifetime.
tokenIssuancePolicy Represents the policy to specify the characteristics of SAML tokens issued by Azure AD. Configure the signing algorithm or SAML token version to be used to issue the SAML token.
identitySecurityDefaultsEnforcementPolicy Represents the Azure AD security defaults policy. Configure the Azure AD security defaults policy to protect against common attacks.

Next steps

  • Review the different policy resouce types listed above and their various methods.
  • Try the API in the Graph Explorer.