The following table describes permitted editing methods of Azure Active Directory schema types and names restrictions required by system object processing.
Type | Read | Add | Delete | Refresh |
---|---|---|---|---|
Subscriptions (SubscribedSku) |
Yes |
No |
No |
No |
Administrator roles (DirectoryRole) |
Yes |
No |
No |
Yes |
User accounts (User) |
Yes |
Yes |
Yes |
Yes |
Service plans (ServicePlanInfo) |
Yes |
No |
No |
No |
Domains (VerifiedDomain) |
Yes |
No |
No |
No |
Groups (Group) |
Yes |
Yes |
Yes |
Yes |
License assignments to user accounts (LicenseAssignments) |
Yes |
Yes |
Yes |
Yes |
License assignments to groups (GroupLicenseAssignments) |
Yes |
No |
No |
No |
Tenants (Organization) |
Yes |
No |
No |
Yes |
Applications (Application) |
Yes |
No |
No |
Yes |
Service principle (ServicePrincipal) |
Yes |
No |
No |
Yes |
App roles (AppRole) |
Yes |
No |
No |
No |
Assignments to app roles (AppRoleAssignment) |
Yes |
Yes |
Yes |
Yes |
Policies on activity-based timeout (ActivityBasedTimeoutPolicy) |
Yes |
No |
No |
No |
Policies on home realm discovery (HomeRealmDiscoveryPolicy) |
Yes |
No |
No |
No |
Policies on token issuance (TokenIssuancePolicy) |
Yes |
No |
No |
No |
Policies on token lifetime (TokenLifetimePolicy) |
Yes |
No |
No |
No |
Classifications (AADGroupClassificationLbl) |
Yes |
No |
No |
No |