JSON enriched
Copy JSON enriched
{ 29 items id: "62e90394-69f5-4237-9190-012177145e10" , displayName: "Global Administrator" , description: "Can manage all aspects of Microsoft Entra ID and Microsoft services that use Microsoft Entra identities." , richDescription: "Users with this role have access to all administrative features in Microsoft Entra ID, as well as services that federate to Microsoft Entra ID like Exchange Online, SharePoint Online, and Skype for Business Online. The person who signs up for the Microsoft Entra tenant becomes a global administrator. Only global administrators can assign other administrator roles. There can be more than one global administrator at your company. Global admins can reset the password for any user and all other administrators. Note: In Microsoft Graph API, Azure AD Graph API, and Azure AD PowerShell, this role is identified as "Company Administrator". It is "Global Administrator" in the Azure portal." , privileged: true , categories: "global" , permissionsTotal: 268 , operationActionsCount: 274 , permissionsDirect: 214 , permissionsInherited: true , permissionsInheritedCount: 54 , permissionsDirectAndInheritedCount: 0 , permissionsDirectAndInherited: null , permissionsInheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , permissionsInheritedToCount: 0 , permissionsInheritedTo: null , permissionsConditionedCount: 0 , permissionsUnConditionedCount: 268 , permissionConditioned: [] , permissionsPrivileged: 20 , permissionsNamespacesCount: 51 , permissionsNamespaces: [ 51 items { 1 item microsoft.azure.advancedThreatProtection: 1 } , { 1 item microsoft.azure.informationProtection: 1 } , { 1 item microsoft.azure.serviceHealth: 1 } , { 1 item microsoft.azure.supportTickets: 1 } , { 1 item } , { 1 item } , { 1 item microsoft.commerce.billing: 2 } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item microsoft.graph.dataConnect: 1 } , { 1 item microsoft.hardware.support: 3 } , { 1 item } , { 1 item } , { 1 item microsoft.microsoft365.organizationalData: 1 } , { 1 item microsoft.networkAccess: 2 } , { 1 item microsoft.office365.complianceManager: 1 } , { 1 item microsoft.office365.copilot: 1 } , { 1 item microsoft.office365.desktopAnalytics: 1 } , { 1 item microsoft.office365.exchange: 1 } , { 1 item microsoft.office365.fileStorageContainers: 1 } , { 1 item microsoft.office365.knowledge: 5 } , { 1 item microsoft.office365.lockbox: 1 } , { 1 item microsoft.office365.messageCenter: 2 } , { 1 item microsoft.office365.migrations: 1 } , { 1 item microsoft.office365.network: 1 } , { 1 item microsoft.office365.organizationalMessages: 1 } , { 1 item microsoft.office365.protectionCenter: 1 } , { 1 item microsoft.office365.search: 1 } , { 1 item microsoft.office365.securityComplianceCenter: 1 } , { 1 item microsoft.office365.serviceHealth: 1 } , { 1 item microsoft.office365.sharePoint: 1 } , { 1 item microsoft.office365.skypeForBusiness: 1 } , { 1 item microsoft.office365.supportTickets: 1 } , { 1 item microsoft.office365.usageReports: 1 } , { 1 item microsoft.office365.userCommunication: 1 } , { 1 item microsoft.office365.webPortal: 1 } , { 1 item microsoft.office365.yammer: 1 } , { 1 item } , { 1 item } , { 1 item microsoft.permissionsManagement: 1 } , { 1 item } , { 1 item microsoft.powerApps.powerBI: 1 } , { 1 item } , { 1 item microsoft.virtualVisits: 1 } , { 1 item } , { 1 item } , { 1 item } , { 1 item microsoft.windows.defenderAdvancedThreatProtection: 1 } , { 1 item microsoft.windows.updatesDeployments: 1 } ] , permissionActionsCount: 11 , permissionActions: [ 11 items { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item managePermissionGrantsForAll: 1 } , { 1 item } , { 1 item } , { 1 item reprocessLicenseAssignment: 1 } , { 1 item } , { 1 item } ] , permissionVerbsCount: 6 , permissionVerbs: [ 6 items ] , permissionsConsentPolicyAppliesCount: 1 , permissionsConsentPolicies: { 1 item } , permissions: [ 268 items { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item microsoft.directory/accessReviews/allProperties/allTasks: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "allTasks" } , permissionDetails: { 6 items actionVerb: "n/a" , description: "Create and delete access reviews, and read and update all properties of access reviews in Microsoft Entra ID" , id: "microsoft.directory-accessReviews-allProperties-allTasks" , name: "microsoft.directory/accessReviews/allProperties/allTasks" , resourceScopeId: null , isPrivileged: false } } } , { 1 item } , { 1 item } , { 1 item } , { 1 item microsoft.directory/administrativeUnits/members/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read members of administrative units" , id: "microsoft.directory-administrativeUnits-members-read-get" , name: "microsoft.directory/administrativeUnits/members/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/administrativeUnits/standard/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read basic properties on administrative units" , id: "microsoft.directory-administrativeUnits-standard-read-get" , name: "microsoft.directory/administrativeUnits/standard/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item } , { 1 item microsoft.directory/applicationPolicies/standard/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read standard properties of application policies" , id: "microsoft.directory-applicationPolicies-standard-read-get" , name: "microsoft.directory/applicationPolicies/standard/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/applications/allProperties/allTasks: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "allTasks" } , permissionDetails: { 6 items actionVerb: "n/a" , description: "Create and delete applications, and read and update all properties" , id: "microsoft.directory-applications-allProperties-allTasks" , name: "microsoft.directory/applications/allProperties/allTasks" , resourceScopeId: null , isPrivileged: true } } } , { 1 item microsoft.directory/applications/owners/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read owners of applications" , id: "microsoft.directory-applications-owners-read-get" , name: "microsoft.directory/applications/owners/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/applications/policies/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read policies of applications" , id: "microsoft.directory-applications-policies-read-get" , name: "microsoft.directory/applications/policies/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/applications/standard/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read standard properties of applications" , id: "microsoft.directory-applications-standard-read-get" , name: "microsoft.directory/applications/standard/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item } , { 1 item } , { 1 item microsoft.directory/auditLogs/allProperties/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read all properties on audit logs, excluding custom security attributes audit logs" , id: "microsoft.directory-auditLogs-allProperties-read-get" , name: "microsoft.directory/auditLogs/allProperties/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item microsoft.directory/cloudAppSecurity/allProperties/allTasks: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "allTasks" } , permissionDetails: { 6 items actionVerb: "n/a" , description: "Create and delete all resources, and read and update standard properties in Microsoft Cloud App Security" , id: "microsoft.directory-cloudAppSecurity-allProperties-allTasks" , name: "microsoft.directory/cloudAppSecurity/allProperties/allTasks" , resourceScopeId: null , isPrivileged: false } } } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item microsoft.directory/contacts/allProperties/allTasks: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "allTasks" } , permissionDetails: { 6 items actionVerb: "n/a" , description: "Create and delete contacts, and read and update all properties" , id: "microsoft.directory-contacts-allProperties-allTasks" , name: "microsoft.directory/contacts/allProperties/allTasks" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/contacts/memberOf/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read the group membership for all contacts in Microsoft Entra ID" , id: "microsoft.directory-contacts-memberOf-read-get" , name: "microsoft.directory/contacts/memberOf/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/contacts/standard/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read basic properties on contacts in Microsoft Entra ID" , id: "microsoft.directory-contacts-standard-read-get" , name: "microsoft.directory/contacts/standard/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/contracts/allProperties/allTasks: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "allTasks" } , permissionDetails: { 6 items actionVerb: "n/a" , description: "Create and delete partner contracts, and read and update all properties" , id: "microsoft.directory-contracts-allProperties-allTasks" , name: "microsoft.directory/contracts/allProperties/allTasks" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/contracts/standard/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read basic properties on partner contracts" , id: "microsoft.directory-contracts-standard-read-get" , name: "microsoft.directory/contracts/standard/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item microsoft.directory/deletedItems/delete: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "delete" } , permissionDetails: { 6 items actionVerb: "DELETE" , description: "Permanently delete objects, which can no longer be restored" , id: "microsoft.directory-deletedItems-delete-delete" , name: "microsoft.directory/deletedItems/delete" , resourceScopeId: null , isPrivileged: false } } } , { 1 item } , { 1 item microsoft.directory/deviceLocalCredentials/password/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read all properties of the backed up local administrator account credentials for Microsoft Entra joined devices, including the password" , id: "microsoft.directory-deviceLocalCredentials-password-read-get" , name: "microsoft.directory/deviceLocalCredentials/password/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item microsoft.directory/devices/allProperties/allTasks: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "allTasks" } , permissionDetails: { 6 items actionVerb: "n/a" , description: "Create and delete devices, and read and update all properties" , id: "microsoft.directory-devices-allProperties-allTasks" , name: "microsoft.directory/devices/allProperties/allTasks" , resourceScopeId: null , isPrivileged: true } } } , { 1 item microsoft.directory/devices/memberOf/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read device memberships" , id: "microsoft.directory-devices-memberOf-read-get" , name: "microsoft.directory/devices/memberOf/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item } , { 1 item microsoft.directory/devices/registeredOwners/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read registered owners of devices" , id: "microsoft.directory-devices-registeredOwners-read-get" , name: "microsoft.directory/devices/registeredOwners/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/devices/registeredUsers/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read registered users of devices" , id: "microsoft.directory-devices-registeredUsers-read-get" , name: "microsoft.directory/devices/registeredUsers/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/devices/standard/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read basic properties on devices" , id: "microsoft.directory-devices-standard-read-get" , name: "microsoft.directory/devices/standard/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item } , { 1 item microsoft.directory/deviceTemplates/owners/update: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "update" } , permissionDetails: [ 2 items { 6 items actionVerb: "DELETE" , description: "Update owners on Internet of Things (IoT) device templates" , id: "microsoft.directory-deviceTemplates-owners-update-delete" , name: "microsoft.directory/deviceTemplates/owners/update" , resourceScopeId: null , isPrivileged: false } , { 6 items actionVerb: "POST" , description: "Update owners on Internet of Things (IoT) device templates" , id: "microsoft.directory-deviceTemplates-owners-update-post" , name: "microsoft.directory/deviceTemplates/owners/update" , resourceScopeId: null , isPrivileged: false } ] } } , { 1 item microsoft.directory/directoryRoles/allProperties/allTasks: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "allTasks" } , permissionDetails: { 6 items actionVerb: "n/a" , description: "Create and delete directory roles, and read and update all properties" , id: "microsoft.directory-directoryRoles-allProperties-allTasks" , name: "microsoft.directory/directoryRoles/allProperties/allTasks" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/directoryRoles/eligibleMembers/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read the eligible members of Microsoft Entra roles" , id: "microsoft.directory-directoryRoles-eligibleMembers-read-get" , name: "microsoft.directory/directoryRoles/eligibleMembers/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/directoryRoles/members/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read all members of Microsoft Entra roles" , id: "microsoft.directory-directoryRoles-members-read-get" , name: "microsoft.directory/directoryRoles/members/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/directoryRoles/standard/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read basic properties of Microsoft Entra roles" , id: "microsoft.directory-directoryRoles-standard-read-get" , name: "microsoft.directory/directoryRoles/standard/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/directoryRoleTemplates/allProperties/allTasks: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "allTasks" } , permissionDetails: { 6 items actionVerb: "n/a" , description: "Create and delete Microsoft Entra role templates, and read and update all properties" , id: "microsoft.directory-directoryRoleTemplates-allProperties-allTasks" , name: "microsoft.directory/directoryRoleTemplates/allProperties/allTasks" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/domains/allProperties/allTasks: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "allTasks" } , permissionDetails: { 6 items actionVerb: "n/a" , description: "Create and delete domains, and read and update all properties" , id: "microsoft.directory-domains-allProperties-allTasks" , name: "microsoft.directory/domains/allProperties/allTasks" , resourceScopeId: null , isPrivileged: true } } } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item microsoft.directory/domains/standard/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read basic properties on domains" , id: "microsoft.directory-domains-standard-read-get" , name: "microsoft.directory/domains/standard/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/entitlementManagement/allProperties/allTasks: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "allTasks" } , permissionDetails: { 6 items actionVerb: "n/a" , description: "Create and delete resources, and read and update all properties in Microsoft Entra entitlement management" , id: "microsoft.directory-entitlementManagement-allProperties-allTasks" , name: "microsoft.directory/entitlementManagement/allProperties/allTasks" , resourceScopeId: null , isPrivileged: false } } } , { 1 item } , { 1 item } , { 1 item } , { 1 item microsoft.directory/groups/allProperties/allTasks: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "allTasks" } , permissionDetails: { 6 items actionVerb: "n/a" , description: "Create and delete groups, and read and update all properties" , id: "microsoft.directory-groups-allProperties-allTasks" , name: "microsoft.directory/groups/allProperties/allTasks" , resourceScopeId: null , isPrivileged: true } } } , { 1 item microsoft.directory/groups/appRoleAssignments/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read application role assignments of groups" , id: "microsoft.directory-groups-appRoleAssignments-read-get" , name: "microsoft.directory/groups/appRoleAssignments/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/groups/memberOf/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read the memberOf property on Security groups and Microsoft 365 groups, including role-assignable groups" , id: "microsoft.directory-groups-memberOf-read-get" , name: "microsoft.directory/groups/memberOf/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/groups/members/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read members of Security groups and Microsoft 365 groups, including role-assignable groups" , id: "microsoft.directory-groups-members-read-get" , name: "microsoft.directory/groups/members/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/groups/owners/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read owners of Security groups and Microsoft 365 groups, including role-assignable groups" , id: "microsoft.directory-groups-owners-read-get" , name: "microsoft.directory/groups/owners/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/groups/settings/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read settings of groups" , id: "microsoft.directory-groups-settings-read-get" , name: "microsoft.directory/groups/settings/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/groups/standard/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read standard properties of Security groups and Microsoft 365 groups, including role-assignable groups" , id: "microsoft.directory-groups-standard-read-get" , name: "microsoft.directory/groups/standard/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item microsoft.directory/groupSettings/allProperties/allTasks: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "allTasks" } , permissionDetails: { 6 items actionVerb: "n/a" , description: "Create and delete group settings, and read and update all properties" , id: "microsoft.directory-groupSettings-allProperties-allTasks" , name: "microsoft.directory/groupSettings/allProperties/allTasks" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/groupSettings/standard/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read basic properties on group settings" , id: "microsoft.directory-groupSettings-standard-read-get" , name: "microsoft.directory/groupSettings/standard/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/groupSettingTemplates/allProperties/allTasks: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "allTasks" } , permissionDetails: { 6 items actionVerb: "n/a" , description: "Create and delete group setting templates, and read and update all properties" , id: "microsoft.directory-groupSettingTemplates-allProperties-allTasks" , name: "microsoft.directory/groupSettingTemplates/allProperties/allTasks" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/groupSettingTemplates/standard/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read basic properties on group setting templates" , id: "microsoft.directory-groupSettingTemplates-standard-read-get" , name: "microsoft.directory/groupSettingTemplates/standard/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item } , { 1 item microsoft.directory/identityProtection/allProperties/allTasks: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "allTasks" } , permissionDetails: { 6 items actionVerb: "n/a" , description: "Create and delete all resources, and read and update standard properties in Microsoft Entra ID Protection" , id: "microsoft.directory-identityProtection-allProperties-allTasks" , name: "microsoft.directory/identityProtection/allProperties/allTasks" , resourceScopeId: null , isPrivileged: true } } } , { 1 item } , { 1 item microsoft.directory/loginOrganizationBranding/allProperties/allTasks: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "allTasks" } , permissionDetails: { 6 items actionVerb: "n/a" , description: "Create and delete loginTenantBranding, and read and update all properties" , id: "microsoft.directory-loginOrganizationBranding-allProperties-allTasks" , name: "microsoft.directory/loginOrganizationBranding/allProperties/allTasks" , resourceScopeId: null , isPrivileged: false } } } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item microsoft.directory/oAuth2PermissionGrants/allProperties/allTasks: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "allTasks" } , permissionDetails: { 6 items actionVerb: "n/a" , description: "Create and delete OAuth 2.0 permission grants, and read and update all properties" , id: "microsoft.directory-oAuth2PermissionGrants-allProperties-allTasks" , name: "microsoft.directory/oAuth2PermissionGrants/allProperties/allTasks" , resourceScopeId: null , isPrivileged: true } } } , { 1 item microsoft.directory/oAuth2PermissionGrants/standard/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read basic properties on OAuth 2.0 permission grants" , id: "microsoft.directory-oAuth2PermissionGrants-standard-read-get" , name: "microsoft.directory/oAuth2PermissionGrants/standard/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item } , { 1 item } , { 1 item } , { 1 item microsoft.directory/organization/standard/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read basic properties on an organization" , id: "microsoft.directory-organization-standard-read-get" , name: "microsoft.directory/organization/standard/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/organization/trustedCAsForPasswordlessAuth/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read trusted certificate authorities for passwordless authentication" , id: "microsoft.directory-organization-trustedCAsForPasswordlessAuth-read-get" , name: "microsoft.directory/organization/trustedCAsForPasswordlessAuth/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item microsoft.directory/policies/allProperties/allTasks: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "allTasks" } , permissionDetails: { 6 items actionVerb: "n/a" , description: "Create and delete policies, and read and update all properties" , id: "microsoft.directory-policies-allProperties-allTasks" , name: "microsoft.directory/policies/allProperties/allTasks" , resourceScopeId: null , isPrivileged: true } } } , { 1 item } , { 1 item } , { 1 item microsoft.directory/resourceNamespaces/resourceActions/authenticationContext/update: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "update" } , permissionDetails: [ 3 items { 6 items actionVerb: "DELETE" , description: "Update Conditional Access authentication context of Microsoft 365 role-based access control (RBAC) resource actions" , id: "microsoft.directory-resourceNamespaces-resourceActions-authenticationContext-update-delete" , name: "microsoft.directory/resourceNamespaces/resourceActions/authenticationContext/update" , resourceScopeId: null , isPrivileged: true } , { 6 items actionVerb: "PATCH" , description: "Update Conditional Access authentication context of Microsoft 365 role-based access control (RBAC) resource actions" , id: "microsoft.directory-resourceNamespaces-resourceActions-authenticationContext-update-patch" , name: "microsoft.directory/resourceNamespaces/resourceActions/authenticationContext/update" , resourceScopeId: null , isPrivileged: true } , { 6 items actionVerb: "POST" , description: "Update Conditional Access authentication context of Microsoft 365 role-based access control (RBAC) resource actions" , id: "microsoft.directory-resourceNamespaces-resourceActions-authenticationContext-update-post" , name: "microsoft.directory/resourceNamespaces/resourceActions/authenticationContext/update" , resourceScopeId: null , isPrivileged: true } ] } } , { 1 item microsoft.directory/roleAssignments/allProperties/allTasks: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "allTasks" } , permissionDetails: { 6 items actionVerb: "n/a" , description: "Create and delete role assignments, and read and update all role assignment properties" , id: "microsoft.directory-roleAssignments-allProperties-allTasks" , name: "microsoft.directory/roleAssignments/allProperties/allTasks" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/roleAssignments/standard/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read basic properties on role assignments" , id: "microsoft.directory-roleAssignments-standard-read-get" , name: "microsoft.directory/roleAssignments/standard/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/roleDefinitions/allProperties/allTasks: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "allTasks" } , permissionDetails: { 6 items actionVerb: "n/a" , description: "Create and delete role definitions, and read and update all properties" , id: "microsoft.directory-roleDefinitions-allProperties-allTasks" , name: "microsoft.directory/roleDefinitions/allProperties/allTasks" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/roleDefinitions/standard/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read basic properties on role definitions" , id: "microsoft.directory-roleDefinitions-standard-read-get" , name: "microsoft.directory/roleDefinitions/standard/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/scopedRoleMemberships/allProperties/allTasks: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "allTasks" } , permissionDetails: { 6 items actionVerb: "n/a" , description: "Create and delete scopedRoleMemberships, and read and update all properties" , id: "microsoft.directory-scopedRoleMemberships-allProperties-allTasks" , name: "microsoft.directory/scopedRoleMemberships/allProperties/allTasks" , resourceScopeId: null , isPrivileged: false } } } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item microsoft.directory/servicePrincipals/allProperties/allTasks: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "allTasks" } , permissionDetails: { 6 items actionVerb: "n/a" , description: "Create and delete service principals, and read and update all properties" , id: "microsoft.directory-servicePrincipals-allProperties-allTasks" , name: "microsoft.directory/servicePrincipals/allProperties/allTasks" , resourceScopeId: null , isPrivileged: true } } } , { 1 item microsoft.directory/servicePrincipals/appRoleAssignedTo/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read service principal role assignments" , id: "microsoft.directory-servicePrincipals-appRoleAssignedTo-read-get" , name: "microsoft.directory/servicePrincipals/appRoleAssignedTo/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/servicePrincipals/appRoleAssignments/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read role assignments assigned to service principals" , id: "microsoft.directory-servicePrincipals-appRoleAssignments-read-get" , name: "microsoft.directory/servicePrincipals/appRoleAssignments/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/servicePrincipals/managePermissionGrantsForAll.microsoft-company-admin: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "managePermissionGrantsForAll" } , permissionDetails: [ 2 items { 6 items actionVerb: "n/a" , description: "Grant consent for any permission to any application" , id: "microsoft.directory-servicePrincipals-managePermissionGrantsForAll.microsoft-company-admin" , name: "microsoft.directory/servicePrincipals/managePermissionGrantsForAll.microsoft-company-admin" , resourceScopeId: null , isPrivileged: false } , { 6 items actionVerb: "POST" , description: "Grant consent to delegated permissions on behalf of any user or all users" , id: "microsoft.directory-servicePrincipals-managePermissionGrantsForAll.microsoft-company-admin-post" , name: "microsoft.directory/servicePrincipals/managePermissionGrantsForAll.microsoft-company-admin" , resourceScopeId: null , isPrivileged: false } ] } } , { 1 item microsoft.directory/servicePrincipals/memberOf/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read the group memberships on service principals" , id: "microsoft.directory-servicePrincipals-memberOf-read-get" , name: "microsoft.directory/servicePrincipals/memberOf/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/servicePrincipals/oAuth2PermissionGrants/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read delegated permission grants on service principals" , id: "microsoft.directory-servicePrincipals-oAuth2PermissionGrants-read-get" , name: "microsoft.directory/servicePrincipals/oAuth2PermissionGrants/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/servicePrincipals/ownedObjects/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read owned objects of service principals" , id: "microsoft.directory-servicePrincipals-ownedObjects-read-get" , name: "microsoft.directory/servicePrincipals/ownedObjects/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/servicePrincipals/owners/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read owners of service principals" , id: "microsoft.directory-servicePrincipals-owners-read-get" , name: "microsoft.directory/servicePrincipals/owners/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/servicePrincipals/policies/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read policies of service principals" , id: "microsoft.directory-servicePrincipals-policies-read-get" , name: "microsoft.directory/servicePrincipals/policies/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/servicePrincipals/standard/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read basic properties of service principals" , id: "microsoft.directory-servicePrincipals-standard-read-get" , name: "microsoft.directory/servicePrincipals/standard/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item } , { 1 item microsoft.directory/servicePrincipals/synchronization.cloudTenantToCloudTenant/jobs/manage: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "manage" } , permissionDetails: { 6 items actionVerb: "POST" , description: "Start, restart, and pause cloud tenant to cloud tenant application provisioning synchronization jobs." , id: "microsoft.directory-servicePrincipals-synchronization.cloudTenantToCloudTenant-jobs-manage-post" , name: "microsoft.directory/servicePrincipals/synchronization.cloudTenantToCloudTenant/jobs/manage" , resourceScopeId: null , isPrivileged: false } } } , { 1 item } , { 1 item } , { 1 item microsoft.directory/servicePrincipals/synchronization.cloudTenantToExternalSystem/jobs/manage: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "manage" } , permissionDetails: { 6 items actionVerb: "POST" , description: "Start, restart, and pause application provisioning synchronization jobs." , id: "microsoft.directory-servicePrincipals-synchronization.cloudTenantToExternalSystem-jobs-manage-post" , name: "microsoft.directory/servicePrincipals/synchronization.cloudTenantToExternalSystem/jobs/manage" , resourceScopeId: null , isPrivileged: false } } } , { 1 item } , { 1 item } , { 1 item microsoft.directory/signInReports/allProperties/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read all properties on sign-in reports, including privileged properties" , id: "microsoft.directory-signInReports-allProperties-read-get" , name: "microsoft.directory/signInReports/allProperties/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item } , { 1 item microsoft.directory/subscribedSkus/standard/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read basic properties on subscriptions" , id: "microsoft.directory-subscribedSkus-standard-read-get" , name: "microsoft.directory/subscribedSkus/standard/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item } , { 1 item microsoft.directory/users/allProperties/allTasks: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "allTasks" } , permissionDetails: { 6 items actionVerb: "n/a" , description: "Create and delete users, and read and update all properties" , id: "microsoft.directory-users-allProperties-allTasks" , name: "microsoft.directory/users/allProperties/allTasks" , resourceScopeId: null , isPrivileged: true } } } , { 1 item microsoft.directory/users/appRoleAssignments/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read application role assignments for users" , id: "microsoft.directory-users-appRoleAssignments-read-get" , name: "microsoft.directory/users/appRoleAssignments/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item microsoft.directory/users/deviceForResourceAccount/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read deviceForResourceAccount of users" , id: "microsoft.directory-users-deviceForResourceAccount-read-get" , name: "microsoft.directory/users/deviceForResourceAccount/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/users/directReports/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read the direct reports for users" , id: "microsoft.directory-users-directReports-read-get" , name: "microsoft.directory/users/directReports/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/users/invitedBy/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read the user that invited an external user to a tenant" , id: "microsoft.directory-users-invitedBy-read-get" , name: "microsoft.directory/users/invitedBy/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/users/licenseDetails/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read license details of users" , id: "microsoft.directory-users-licenseDetails-read-get" , name: "microsoft.directory/users/licenseDetails/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/users/manager/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read manager of users" , id: "microsoft.directory-users-manager-read-get" , name: "microsoft.directory/users/manager/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/users/memberOf/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read the group memberships of users" , id: "microsoft.directory-users-memberOf-read-get" , name: "microsoft.directory/users/memberOf/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/users/oAuth2PermissionGrants/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read delegated permission grants on users" , id: "microsoft.directory-users-oAuth2PermissionGrants-read-get" , name: "microsoft.directory/users/oAuth2PermissionGrants/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/users/ownedDevices/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read owned devices of users" , id: "microsoft.directory-users-ownedDevices-read-get" , name: "microsoft.directory/users/ownedDevices/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/users/ownedObjects/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read owned objects of users" , id: "microsoft.directory-users-ownedObjects-read-get" , name: "microsoft.directory/users/ownedObjects/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/users/photo/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read photo of users" , id: "microsoft.directory-users-photo-read-get" , name: "microsoft.directory/users/photo/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/users/registeredDevices/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read registered devices of users" , id: "microsoft.directory-users-registeredDevices-read-get" , name: "microsoft.directory/users/registeredDevices/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/users/scopedRoleMemberOf/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read user's membership of a Microsoft Entra role, that is scoped to an administrative unit" , id: "microsoft.directory-users-scopedRoleMemberOf-read-get" , name: "microsoft.directory/users/scopedRoleMemberOf/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/users/sponsors/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read sponsors of users" , id: "microsoft.directory-users-sponsors-read-get" , name: "microsoft.directory/users/sponsors/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/users/standard/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read basic properties on users" , id: "microsoft.directory-users-standard-read-get" , name: "microsoft.directory/users/standard/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item microsoft.hardware.support/shippingAddress/allProperties/allTasks: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "allTasks" } , permissionDetails: { 6 items actionVerb: "n/a" , description: "Create, read, update, and delete shipping addresses for Microsoft hardware warranty claims, including shipping addresses created by others" , id: "microsoft.hardware.support-shippingAddress-allProperties-allTasks" , name: "microsoft.hardware.support/shippingAddress/allProperties/allTasks" , resourceScopeId: null , isPrivileged: false } } } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item microsoft.networkAccess/trafficLogs/standard/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read standard properties of traffic logs such as DeviceId, DestinationIp and PolicyRuleId" , id: "microsoft.networkAccess-trafficLogs-standard-read-get" , name: "microsoft.networkAccess/trafficLogs/standard/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item microsoft.office365.messageCenter/messages/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read messages in Message Center in the Microsoft 365 admin center, excluding security messages" , id: "microsoft.office365.messageCenter-messages-read-get" , name: "microsoft.office365.messageCenter/messages/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item microsoft.office365.search/content/manage: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "manage" } , permissionDetails: { 6 items actionVerb: "n/a" , description: "Create and delete content, and read and update all properties in Microsoft Search" , id: "microsoft.office365.search-content-manage" , name: "microsoft.office365.search/content/manage" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.office365.securityComplianceCenter/allEntities/allTasks: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "allTasks" } , permissionDetails: { 6 items actionVerb: "n/a" , description: "Create and delete all resources, and read and update standard properties in the Microsoft 365 Security and Compliance Center" , id: "microsoft.office365.securityComplianceCenter-allEntities-allTasks" , name: "microsoft.office365.securityComplianceCenter/allEntities/allTasks" , resourceScopeId: null , isPrivileged: false } } } , { 1 item } , { 1 item microsoft.office365.sharePoint/allEntities/allTasks: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "allTasks" } , permissionDetails: { 6 items actionVerb: "n/a" , description: "Create and delete all resources, and read and update standard properties in SharePoint" , id: "microsoft.office365.sharePoint-allEntities-allTasks" , name: "microsoft.office365.sharePoint/allEntities/allTasks" , resourceScopeId: null , isPrivileged: false } } } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item microsoft.people/users/photo/update: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "update" } , permissionDetails: [ 3 items { 6 items actionVerb: "DELETE" , description: "Update profile photo of user" , id: "microsoft.people-users-photo-update-delete" , name: "microsoft.people/users/photo/update" , resourceScopeId: null , isPrivileged: false } , { 6 items actionVerb: "PATCH" , description: "Update profile photo of user" , id: "microsoft.people-users-photo-update-patch" , name: "microsoft.people/users/photo/update" , resourceScopeId: null , isPrivileged: false } , { 6 items actionVerb: "PUT" , description: "Update profile photo of user" , id: "microsoft.people-users-photo-update-put" , name: "microsoft.people/users/photo/update" , resourceScopeId: null , isPrivileged: false } ] } } , { 1 item microsoft.peopleAdmin/organization/allProperties/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read people settings for users, such as pronouns, name pronunciation, and profile card settings" , id: "microsoft.peopleAdmin-organization-allProperties-read-get" , name: "microsoft.peopleAdmin/organization/allProperties/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.peopleAdmin/organization/allProperties/update: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "update" } , permissionDetails: { 6 items actionVerb: "PATCH" , description: "Update people settings for users, such as pronouns, name pronunciation, and profile card settings" , id: "microsoft.peopleAdmin-organization-allProperties-update-patch" , name: "microsoft.peopleAdmin/organization/allProperties/update" , resourceScopeId: null , isPrivileged: false } } } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } ] }