Microsoft Entra ID roles and permissions
Cloud Commander end of life (EOL)
Cloud Commander will be decommissioned and stop functioning on May 13, 2026. You can use the product until that date.
Review and update workflows to remove any dependencies before the product is decommissioned.
Support, bug fixes, and security patches will be available until April 13, 2026.
| Role | Permission | Description |
|---|---|---|
| Microsoft Entra ID Group Administrators Can manage all Microsoft Entra ID group-related features. |
group.graph.delete | Can delete all properties of a group (details) |
| group.graph.read | Can read all properties of a group (details) | |
| group.graph.readbasic | Can read all basic group properties (list) | |
| group.graph.write | Can read, write and delete all properties of a group (details) | |
| groupmember.graph.delete | Can remove members from a group | |
| groupmember.graph.read | Can read members from a group | |
| groupmember.graph.write | Can add members to a group | |
| organization.readbasic | Can read all basic organization properties (list) | |
| organization.graph.read | Can read all basic Graph organization properties (list) | |
| user.graph.readbasic | Can read all basic Microsoft Graph user properties (list) | |
| user.readbasic | Can read all basic user properties (list) |
Related articles
Updated: Jan 09, 2026