Microsoft Entra ID roles and permissions

Role	Permission	Description
Microsoft Entra ID Group Administrators Can manage all Microsoft Entra ID group-related features.	group.graph.delete	Can delete all properties of a group (details)
	group.graph.read	Can read all properties of a group (details)
	group.graph.readbasic	Can read all basic group properties (list)
	group.graph.write	Can read, write and delete all properties of a group (details)
	groupmember.graph.delete	Can remove members from a group
	groupmember.graph.read	Can read members from a group
	groupmember.graph.write	Can add members to a group
	organization.readbasic	Can read all basic organization properties (list)
	organization.graph.read	Can read all basic Graph organization properties (list)
	user.readbasic	Can read all basic user properties (list)
	user.graph.readbasic	Can read all basic Microsoft Graph user properties (list)

Related articles

• Platform roles dictionary

Updated: Nov 13, 2024