Microsoft Graph Security roles and permissions

Role	Permission	Description
Microsoft Secure Scores Reader Can read all Security and compliance Command Blocks.	command.category.read	Can read all corresponding Command Block categories
	command.securitycompliance.securescore.read	Can read all Security Compliance secure score Command Blocks and jobs
	command.jobs.read	Can read related Command Block jobs
	command.read	Can read all related Command Blocks
	organization.readbasic	Can read all basic organization properties (list)
	report.accesstoken.read	Can read Power BI report access token (list)
	report.read	Can read Power BI reports (list)
	user.read	Can read all properties of a user (details)
	user.readbasic	Can read all basic user properties (list)
Microsoft Secure Scores Writer Can read and execute all Security and compliance Command Blocks.	command.category.read	Can read all corresponding Command Block categories
	command.securitycompliance.securescore.read	Can read all Security Compliance secure score Command Blocks and jobs
	command.securitycompliance.securescore.write	Can write all Security Compliance secure score Command Blocks and jobs
	command.jobs.read	Can read related Command Block jobs
	command.read	Can read all related Command Blocks
	organization.readbasic	Can read all basic organization properties (list)
	report.accesstoken.read	Can read Power BI report access token (list)
	report.read	Can read Power BI reports (list)
	user.read	Can read all properties of a user (details)
	user.readbasic	Can read all basic user properties (list)
Microsoft Security Alerts Reader Can read all Security and compliance Command Blocks.	command.category.read	Can read all corresponding Command Block categories
	command.securitycompliance.alerts.read	Can read all Security Compliance alerts Command Blocks and jobs
	command.jobs.read	Can read related Command Block jobs
	command.read	Can read all related Command Blocks
	organization.readbasic	Can read all basic organization properties (list)
	report.accesstoken.read	Can read Power BI report access token (list)
	report.read	Can read Power BI reports (list)
	user.read	Can read all properties of a user (details)
	user.readbasic	Can read all basic user properties (list)
Microsoft Security Alerts Writer Can read and execute all Security and compliance Command Blocks.	command.category.read	Can read all corresponding Command Block categories
	command.securitycompliance.alerts.read	Can read all Security Compliance alerts Command Blocks and jobs
	command.securitycompliance.alerts.write	Can write all Security Compliance alerts Command Blocks and jobs
	command.jobs.read	Can read related Command Block jobs
	command.read	Can read all related Command Blocks
	organization.readbasic	Can read all basic organization properties (list)
	report.accesstoken.read	Can read Power BI report access token (list)
	report.read	Can read Power BI reports (list)
	user.read	Can read all properties of a user (details)
	user.readbasic	Can read all basic user properties (list)
Microsoft Threats Assessments Reader Can read all Security and compliance Command Blocks.	command.category.read	Can read all corresponding Command Block categories
	command.securitycompliance.threatassessment.read	Can read all Security Compliance threat assessment Command Blocks and jobs
	command.jobs.read	Can read related Command Block jobs
	command.read	Can read all related Command Blocks
	organization.readbasic	Can read all basic organization properties (list)
	report.accesstoken.read	Can read Power BI report access token (list)
	report.read	Can read Power BI reports (list)
	user.read	Can read all properties of a user (details)
	user.readbasic	Can read all basic user properties (list)
Microsoft Threats Assessments Writer Can read and execute all Security and compliance Command Blocks.	command.category.read	Can read all corresponding Command Block categories
	command.securitycompliance.threatassessment.read	Can read all Security Compliance threat assessment Command Blocks and jobs
	command.securitycompliance.threatassessment.write	Can write all Security Compliance threat assessment Command Blocks and jobs
	command.jobs.read	Can read related Command Block jobs
	command.read	Can read all related Command Blocks
	organization.readbasic	Can read all basic organization properties (list)
	report.accesstoken.read	Can read Power BI report access token (list)
	report.read	Can read Power BI reports (list)
	user.read	Can read all properties of a user (details)
	user.readbasic	Can read all basic user properties (list)

Platform roles dictionary

Updated: Feb 29, 2024

Microsoft Graph Security roles and permissions

Related articles