🔍 Code Extractor

class TenantAppManagementPolicy

Maturity: 48

A class representing a tenant-wide application authentication method policy that enforces app management restrictions for all applications and service principals in Microsoft 365/Azure AD.

File:
/tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/policies/tenant_app_management.py
Lines:
4 - 9
Complexity:
moderate

Purpose

This class manages tenant-level policies for application authentication methods and management restrictions. It serves as a default policy that applies to all applications and service principals within a tenant unless specifically overridden by an individual appManagementPolicy applied to a specific object. It inherits from PolicyBase to provide standard policy management capabilities within the Microsoft 365 directory services context.

Source Code

class TenantAppManagementPolicy(PolicyBase):
    """
    Tenant-wide application authentication method policy to enforce app management restrictions for all applications
    and service principals. This policy applies to all apps and service principals unless overridden when an
    appManagementPolicy is applied to the object.
    """

Parameters

Name Type Default Kind
bases PolicyBase -

Parameter Details

bases: Inherits from PolicyBase, which provides the foundational policy management functionality including common attributes and methods for handling Microsoft 365/Azure AD policies

Return Value

Instantiation returns a TenantAppManagementPolicy object that represents the tenant-wide application management policy. This object can be used to configure and enforce authentication method restrictions and app management rules across all applications and service principals in the tenant.

Class Interface

Dependencies

  • office365

Required Imports

from office365.directory.policies.base import PolicyBase
from office365.directory.policies.tenant_app_management_policy import TenantAppManagementPolicy

Usage Example

from office365.directory.policies.tenant_app_management_policy import TenantAppManagementPolicy
from office365.runtime.auth.client_credential import ClientCredential
from office365.graph_client import GraphClient

# Initialize Graph client with credentials
credentials = ClientCredential('client_id', 'client_secret')
client = GraphClient(credentials)

# Get or create tenant app management policy
policy = TenantAppManagementPolicy(client.policies.tenant_app_management_policies)

# The policy inherits methods from PolicyBase for CRUD operations
# Typically used to retrieve and configure tenant-wide app restrictions
tenant_policy = client.policies.tenant_app_management_policies.get().execute_query()

# Access policy properties (inherited from PolicyBase)
print(tenant_policy.display_name)
print(tenant_policy.description)

Best Practices

  • Ensure proper authentication and authorization before attempting to create or modify tenant app management policies
  • Verify that the authenticated user or service principal has sufficient permissions (Global Administrator or Policy Administrator role)
  • Understand that this policy applies tenant-wide and will affect all applications and service principals unless specifically overridden
  • Test policy changes in a non-production environment first, as tenant-wide policies can have broad impact
  • Use the inherited PolicyBase methods for standard CRUD operations rather than implementing custom logic
  • Document any tenant-wide policy changes for compliance and audit purposes
  • Consider the inheritance hierarchy - individual app policies can override this tenant-wide policy
  • Monitor the impact of policy changes on existing applications and service principals after deployment

Tags

microsoft365 azure-ad policy tenant-management application-management authentication security directory-services graph-api service-principal

Similar Components

AI-powered semantic similarity - components with related functionality:

  • class AppManagementPolicy 86.9% similar

    A policy class that manages restrictions on app management operations for specific applications and service principals in Microsoft 365/Azure AD environments.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/policies/app_management.py

  • class AuthorizationPolicy 74.5% similar

    A singleton class representing Azure Active Directory authorization policy settings that control tenant-level authorization behaviors.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/policies/authorization.py

  • class CrossTenantAccessPolicy 71.8% similar

    Represents the base policy in the directory for cross-tenant access settings in Microsoft 365/Azure AD environments.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/policies/cross_tenant_access.py

  • class AuthenticationMethodsPolicy 67.7% similar

    A class representing Azure Active Directory authentication methods policy that defines which authentication methods users can use for sign-in and multi-factor authentication (MFA).

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/policies/authentication_methods.py

  • class AuthenticationStrengthPolicy 66.9% similar

    Represents an Azure AD authentication strength policy that defines specific combinations of authentication methods and metadata for Conditional Access scenarios.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/policies/authentication_strength.py
← Back to Browse