Home
PowerShell
Get-MgPolicyAuthorizationPolicy

How to get a Microsoft Entra ID authorization policy using Microsoft Graph PowerShell

The Get-MgPolicyAuthorizationPolicy cmdlet fetches the current authorization policy settings in Microsoft Entra ID (previously Azure AD). This policy defines baseline permissions and organizational rules for user and administrative operations in your tenant.

Get authorization policy using Microsoft Graph PowerShell

Prerequisites

Before using the cmdlet, ensure that the Microsoft Graph PowerShell module is installed. If not, install it using this PowerShell command:
Install-Module Microsoft.Graph -Scope CurrentUser
Also, use the following PowerShell command to connect to Microsoft Graph with the required permissions (e.g., Policy.Read.All):
Connect-MgGraph -Scopes "Policy.Read.All"

Using the Get-MgPolicyAuthorizationPolicy cmdlet

Run the Graph PowerShell command below to view the current authorization policy. This retrieves the only instance of the authorization policy for your organization:


                            Get-MgPolicyAuthorizationPolicy

Examples

Example 1: View all authorization policy settings

This Graph PowerShell command displays all settings in the authorization policy:


                            Get-MgPolicyAuthorizationPolicy

Example 2: Show policies with only displayName and ID

This Graph PowerShell command lists only the displayName and ID of the policy:


                            Get-MgPolicyAuthorizationPolicy | Select-Object displayName, id

Example 3: Get a specific authorization policy by ID

This Graph PowerShell command gets the policy using its explicit ID:


                            Get-MgPolicyAuthorizationPolicy -AuthorizationPolicyId "authorizationPolicy"

Supported parameters

The following are some essential parameters that can be used along with the Get-MgPolicyAuthorizationPolicy command:

Parameters	Description
-AuthorizationPolicyId	The ID of the authorization policy to retrieve
-Top	Limits the number of results
-Filter	Returns only policies matching specified criteria
-All	Retrieves all results without paging
-Property	Selects specific properties to display

Limitations of using Microsoft Graph PowerShell to get authorization policy

PowerShell commands can get complicated with different use cases and scenarios.
IT admins can spend a lot of time debugging errors, which in turn negatively impacts productivity.
Delegation can get tricky since technicians require elevated permissions.

How ADManager Plus helps you manage Microsoft Entra ID

ADManager Plus, an identity governance and administration solution with comprehensive Microsoft Entra ID management and reporting capabilities, simplifies complex admin tasks from a single, user-friendly console:

Manage Entra ID users, contacts, groups, licenses, and other objects with a script-free, centralized console.
Reduce human errors by automating user provisioning, deprovisioning, and license assignment across various platforms.
Delegate Entra ID tasks to technicians without elevating their native privileges.
Keep a watchful eye with 200+ prepackaged reports for your Entra ID and AD environments.
Monitor delegated activities through smart workflows.
Ensure business continuity with AD, Entra ID, and Google Workspace backup and recovery.

Perform script-free Microsoft Entra ID management and reporting with ADManager Plus

Try it now for free

Get authorization policy using Microsoft Graph PowerShell
Examples
Supported parameters
Limitations of using Microsoft Graph PowerShell to get authorization policy
How ADManager Plus helps you manage Microsoft Entra ID

Related features:

Related Powershell Guides: