Microsoft Entra ID roles and permissions

Role Permission Description
Microsoft Entra ID Group Administrators

Can manage all Microsoft Entra ID group-related features.

group.graph.delete Can delete all properties of a group (details) Can read all properties of a group (details)
group.graph.readbasic Can read all basic group properties (list)
group.graph.write Can read, write and delete all properties of a group (details)
groupmember.graph.delete Can remove members from a group Can read members from a group
groupmember.graph.write Can add members to a group
organization.readbasic Can read all basic organization properties (list) Can read all basic Graph organization properties (list)
user.readbasic Can read all basic user properties (list)
user.graph.readbasic Can read all basic Microsoft Graph user properties (list)

Related articles

Updated: Feb 29, 2024