Microsoft Graph Security roles and permissions

Cloud Commander end of life (EOL)

Cloud Commander will be decommissioned and stop functioning on May 13, 2026. You can use the product until that date.

Review and update workflows to remove any dependencies before the product is decommissioned.

Support, bug fixes, and security patches will be available until April 13, 2026.

Role	Permission	Description
Microsoft Secure Scores Reader Can read all Security and compliance Command Blocks.	command.category.read	Can read all corresponding Command Block categories
	command.jobs.read	Can read related Command Block jobs
	command.read	Can read all related Command Blocks
	command.securitycompliance.securescore.read	Can read all Security Compliance secure score Command Blocks and jobs
	organization.readbasic	Can read all basic organization properties (list)
	report.accesstoken.read	Can read Power BI report access token (list)
	report.read	Can read Power BI reports (list)
	user.read	Can read all properties of a user (details)
	user.readbasic	Can read all basic user properties (list)
Microsoft Secure Scores Writer Can read and execute all Security and compliance Command Blocks.	command.category.read	Can read all corresponding Command Block categories
	command.jobs.read	Can read related Command Block jobs
	command.read	Can read all related Command Blocks
	command.securitycompliance.securescore.read	Can read all Security Compliance secure score Command Blocks and jobs
	command.securitycompliance.securescore.write	Can write all Security Compliance secure score Command Blocks and jobs
	organization.readbasic	Can read all basic organization properties (list)
	report.accesstoken.read	Can read Power BI report access token (list)
	report.read	Can read Power BI reports (list)
	user.read	Can read all properties of a user (details)
	user.readbasic	Can read all basic user properties (list)
Microsoft Security Alerts Reader Can read all Security and compliance Command Blocks.	command.category.read	Can read all corresponding Command Block categories
	command.jobs.read	Can read related Command Block jobs
	command.read	Can read all related Command Blocks
	command.securitycompliance.alerts.read	Can read all Security Compliance alerts Command Blocks and jobs
	organization.readbasic	Can read all basic organization properties (list)
	report.accesstoken.read	Can read Power BI report access token (list)
	report.read	Can read Power BI reports (list)
	user.read	Can read all properties of a user (details)
	user.readbasic	Can read all basic user properties (list)
Microsoft Security Alerts Writer Can read and execute all Security and compliance Command Blocks.	command.category.read	Can read all corresponding Command Block categories
	command.jobs.read	Can read related Command Block jobs
	command.read	Can read all related Command Blocks
	command.securitycompliance.alerts.read	Can read all Security Compliance alerts Command Blocks and jobs
	command.securitycompliance.alerts.write	Can write all Security Compliance alerts Command Blocks and jobs
	organization.readbasic	Can read all basic organization properties (list)
	report.accesstoken.read	Can read Power BI report access token (list)
	report.read	Can read Power BI reports (list)
	user.read	Can read all properties of a user (details)
	user.readbasic	Can read all basic user properties (list)
Microsoft Threats Assessments Reader Can read all Security and compliance Command Blocks.	command.category.read	Can read all corresponding Command Block categories
	command.jobs.read	Can read related Command Block jobs
	command.read	Can read all related Command Blocks
	command.securitycompliance.threatassessment.read	Can read all Security Compliance threat assessment Command Blocks and jobs
	organization.readbasic	Can read all basic organization properties (list)
	report.accesstoken.read	Can read Power BI report access token (list)
	report.read	Can read Power BI reports (list)
	user.read	Can read all properties of a user (details)
	user.readbasic	Can read all basic user properties (list)
Microsoft Threats Assessments Writer Can read and execute all Security and compliance Command Blocks.	command.category.read	Can read all corresponding Command Block categories
	command.jobs.read	Can read related Command Block jobs
	command.read	Can read all related Command Blocks
	command.securitycompliance.threatassessment.read	Can read all Security Compliance threat assessment Command Blocks and jobs
	command.securitycompliance.threatassessment.write	Can write all Security Compliance threat assessment Command Blocks and jobs
	organization.readbasic	Can read all basic organization properties (list)
	report.accesstoken.read	Can read Power BI report access token (list)
	report.read	Can read Power BI reports (list)
	user.read	Can read all properties of a user (details)
	user.readbasic	Can read all basic user properties (list)

Platform roles dictionary

Updated: Jan 09, 2026

Microsoft Graph Security roles and permissions

Related articles