Here’s another one in the series “I blog so I don’t forget about this”, this time related to the B2BManagementPolicy in Azure AD. For whatever reason, Microsoft is still to provide us with a Graph API endpoints for this, and searching through the official (and /beta) documentation will not yield any results. Turns out however, there is a way to query those settings, as shared by a Microsoft employee over at Q&A.
To get the B2BManagementPolicy policy settings, one needs to query the (hidden) /legacy/policies endpoint. If no such policy has ever been configured in your tenant, either via the Azure AD blade or the Get-AzureADPolicy PowerShell cmdlet, the result will be empty. If however you have configured the policy, you will get reply similar to the below:
Which you can easily compare with the values from the Azure AD blade or PowerShell:
# Get-AzureADPolicy |fl Id : c9755042-7b11-4504-b9e6-6347d0beabf5 OdataType : AlternativeIdentifier : Definition : {{"B2BManagementPolicy":{"InvitationsAllowedAndBlockedDomainsPolicy":{"BlockedDomains":["michevdev2.onmicrosoft.com"]},"PreviewPolicy":{"Features":["OneTimePasscode"]},"AutoRe deemPolicy":{"AdminConsentedForUsersIntoTenantIds":[],"NoAADConsentForUsersFromTenantsIds":[]}}}} DisplayName : B2BManagementPolicy IsOrganizationDefault : True KeyCredentials : {} Type : B2BManagementPolicy
Few things need to be mentioned here. First and foremost, not only this is under /beta, but its also under an unpublished /legacy endpoint, so it goes without saying you should not be using this for your production workloads. You can also create/modify existing policies using POST/PATCH requests, as long as you have granted the necessary permissions first. And if you are having any troubles with this, you can also use the old Azure AD Graph method as detailed in this GitHub issue.
So there you have it, a method to query or update B2BManagementPolicy settings in a totally unsupported way, until Microsoft provides proper Graph API endpoints to do the same in a supported manner.