last sync: 2025-Aug-13 17:10:16 Etc/UTC

Global Administrator - 62e90394-69f5-4237-9190-012177145e10
Entra Id Role definition

Display name Global Administrator
Id 62e90394-69f5-4237-9190-012177145e10
Description Can manage all aspects of Microsoft Entra ID and Microsoft services that use Microsoft Entra identities.
Detailed description Users with this role have access to all administrative features in Microsoft Entra ID, as well as services that federate to Microsoft Entra ID like Exchange Online, SharePoint Online, and Skype for Business Online. The person who signs up for the Microsoft Entra tenant becomes a global administrator. Only global administrators can assign other administrator roles. There can be more than one global administrator at your company. Global admins can reset the password for any user and all other administrators. Note: In Microsoft Graph API, Azure AD Graph API, and Azure AD PowerShell, this role is identified as "Company Administrator". It is "Global Administrator" in the Azure portal.
Categories global
isPrivileged True Privileged
EntraOps Tier Level ControlPlane
#Resource Actions unique 268
#Resource Actions Operations unique 274
#Resource Actions privileged 20
#Resource Actions direct 214
Resource Actions inherited True
#Resource Actions inherited 54
Resource Actions inherited from Directory Readers (88d8e3e3-8f55-4a1e-953a-9b9898b8876b)
#Resource Actions overlap direct&inherited 0
Resource Actions overlap direct&inherited
#Resource Actions inherited to 0 other Entra Id Roles
Resource Actions inherited to n/a
#Resource Actions conditioned 0
#Resource Actions unconditioned 268
#NameSpaces 51
NameSpaces microsoft.azure.advancedThreatProtection: 1
microsoft.azure.informationProtection: 1
microsoft.azure.serviceHealth: 1
microsoft.azure.supportTickets: 1
microsoft.backup: 1
microsoft.cloudPC: 1
microsoft.commerce.billing: 2
microsoft.directory: 207
microsoft.dynamics365: 1
microsoft.edge: 1
microsoft.flow: 1
microsoft.graph.dataConnect: 1
microsoft.hardware.support: 3
microsoft.insights: 1
microsoft.intune: 1
microsoft.microsoft365.organizationalData: 1
microsoft.networkAccess: 2
microsoft.office365.complianceManager: 1
microsoft.office365.copilot: 1
microsoft.office365.desktopAnalytics: 1
microsoft.office365.exchange: 1
microsoft.office365.fileStorageContainers: 1
microsoft.office365.knowledge: 5
microsoft.office365.lockbox: 1
microsoft.office365.messageCenter: 2
microsoft.office365.migrations: 1
microsoft.office365.network: 1
microsoft.office365.organizationalMessages: 1
microsoft.office365.protectionCenter: 1
microsoft.office365.search: 1
microsoft.office365.securityComplianceCenter: 1
microsoft.office365.serviceHealth: 1
microsoft.office365.sharePoint: 1
microsoft.office365.skypeForBusiness: 1
microsoft.office365.supportTickets: 1
microsoft.office365.usageReports: 1
microsoft.office365.userCommunication: 1
microsoft.office365.webPortal: 1
microsoft.office365.yammer: 1
microsoft.people: 2
microsoft.peopleAdmin: 2
microsoft.permissionsManagement: 1
microsoft.powerApps: 1
microsoft.powerApps.powerBI: 1
microsoft.teams: 1
microsoft.virtualVisits: 1
microsoft.viva.glint: 1
microsoft.viva.goals: 1
microsoft.viva.pulse: 1
microsoft.windows.defenderAdvancedThreatProtection: 1
microsoft.windows.updatesDeployments: 1
Actions allTasks: 80
assignLicense: 1
create: 17
delete: 13
manage: 7
managePermissionGrantsForAll: 1
other: 9
read: 101
reprocessLicenseAssignment: 1
restore: 2
update: 36
Operations actionVerbs DELETE: 16
GET: 101
n/a: 82
PATCH: 36
POST: 38
PUT: 1
Resource Actions where Consent Policy applies 1
Resource Actions / Consent Policy Resource Action: microsoft.directory/servicePrincipals/managePermissionGrantsForAll.microsoft-company-admin
Consent Policy: microsoft-company-admin
displayName: Company Admin Policy
description:Permissions consentable by Company Administrators.
includes: 2
excludes: 0
JSON enriched
{29 items}
JSON raw (v1.0 endpoint)
GET /roleManagement/directory/roleDefinitions/{id}
{12 items
  • @odata.context: "https://graph.microsoft.com/v1.0/$metadata#roleManagement/directory/roleDefinitions/$entity",
  • id: "62e90394-69f5-4237-9190-012177145e10",
  • description: "Can manage all aspects of Microsoft Entra ID and Microsoft services that use Microsoft Entra identities.",
  • displayName: "Global Administrator",
  • isBuiltIn: true,
  • isEnabled: true,
  • resourceScopes: [1 item
    • "/"
    ],
  • templateId: "62e90394-69f5-4237-9190-012177145e10",
  • version: "1",
  • rolePermissions: [1 item
    • {2 items
      • allowedResourceActions: [214 items
        • "microsoft.azure.advancedThreatProtection/allEntities/allTasks",
        • "microsoft.azure.informationProtection/allEntities/allTasks",
        • "microsoft.azure.serviceHealth/allEntities/allTasks",
        • "microsoft.azure.supportTickets/allEntities/allTasks",
        • "microsoft.backup/allEntities/allProperties/allTasks",
        • "microsoft.cloudPC/allEntities/allProperties/allTasks",
        • "microsoft.commerce.billing/allEntities/allProperties/allTasks",
        • "microsoft.commerce.billing/purchases/standard/read",
        • "microsoft.directory/accessReviews/allProperties/allTasks",
        • "microsoft.directory/accessReviews/definitions/allProperties/allTasks",
        • "microsoft.directory/adminConsentRequestPolicy/allProperties/allTasks",
        • "microsoft.directory/administrativeUnits/allProperties/allTasks",
        • "microsoft.directory/appConsent/appConsentRequests/allProperties/read",
        • "microsoft.directory/applications/allProperties/allTasks",
        • "microsoft.directory/applications/synchronization/standard/read",
        • "microsoft.directory/applicationTemplates/instantiate",
        • "microsoft.directory/auditLogs/allProperties/read",
        • "microsoft.directory/authorizationPolicy/allProperties/allTasks",
        • "microsoft.directory/bitlockerKeys/key/read",
        • "microsoft.directory/bulkJobs/basic/update",
        • "microsoft.directory/bulkJobs/create",
        • "microsoft.directory/bulkJobs/standard/read",
        • "microsoft.directory/cloudAppSecurity/allProperties/allTasks",
        • "microsoft.directory/conditionalAccessPolicies/allProperties/allTasks",
        • "microsoft.directory/connectorGroups/allProperties/read",
        • "microsoft.directory/connectorGroups/allProperties/update",
        • "microsoft.directory/connectorGroups/create",
        • "microsoft.directory/connectorGroups/delete",
        • "microsoft.directory/connectors/allProperties/read",
        • "microsoft.directory/connectors/create",
        • "microsoft.directory/contacts/allProperties/allTasks",
        • "microsoft.directory/contracts/allProperties/allTasks",
        • "microsoft.directory/crossTenantAccessPolicy/allowedCloudEndpoints/update",
        • "microsoft.directory/crossTenantAccessPolicy/basic/update",
        • "microsoft.directory/crossTenantAccessPolicy/default/b2bCollaboration/update",
        • "microsoft.directory/crossTenantAccessPolicy/default/b2bDirectConnect/update",
        • "microsoft.directory/crossTenantAccessPolicy/default/crossCloudMeetings/update",
        • "microsoft.directory/crossTenantAccessPolicy/default/standard/read",
        • "microsoft.directory/crossTenantAccessPolicy/default/tenantRestrictions/update",
        • "microsoft.directory/crossTenantAccessPolicy/partners/b2bCollaboration/update",
        • "microsoft.directory/crossTenantAccessPolicy/partners/b2bDirectConnect/update",
        • "microsoft.directory/crossTenantAccessPolicy/partners/create",
        • "microsoft.directory/crossTenantAccessPolicy/partners/crossCloudMeetings/update",
        • "microsoft.directory/crossTenantAccessPolicy/partners/delete",
        • "microsoft.directory/crossTenantAccessPolicy/partners/identitySynchronization/basic/update",
        • "microsoft.directory/crossTenantAccessPolicy/partners/identitySynchronization/create",
        • "microsoft.directory/crossTenantAccessPolicy/partners/identitySynchronization/standard/read",
        • "microsoft.directory/crossTenantAccessPolicy/partners/standard/read",
        • "microsoft.directory/crossTenantAccessPolicy/partners/templates/multiTenantOrganizationIdentitySynchronization/basic/update",
        • "microsoft.directory/crossTenantAccessPolicy/partners/templates/multiTenantOrganizationIdentitySynchronization/resetToDefaultSettings",
        • "microsoft.directory/crossTenantAccessPolicy/partners/templates/multiTenantOrganizationIdentitySynchronization/standard/read",
        • "microsoft.directory/crossTenantAccessPolicy/partners/templates/multiTenantOrganizationPartnerConfiguration/basic/update",
        • "microsoft.directory/crossTenantAccessPolicy/partners/templates/multiTenantOrganizationPartnerConfiguration/resetToDefaultSettings",
        • "microsoft.directory/crossTenantAccessPolicy/partners/templates/multiTenantOrganizationPartnerConfiguration/standard/read",
        • "microsoft.directory/crossTenantAccessPolicy/partners/tenantRestrictions/update",
        • "microsoft.directory/crossTenantAccessPolicy/standard/read",
        • "microsoft.directory/customAuthenticationExtensions/allProperties/allTasks",
        • "microsoft.directory/deletedItems/delete",
        • "microsoft.directory/deletedItems/restore",
        • "microsoft.directory/deviceLocalCredentials/password/read",
        • "microsoft.directory/deviceManagementPolicies/basic/update",
        • "microsoft.directory/deviceManagementPolicies/standard/read",
        • "microsoft.directory/deviceRegistrationPolicy/basic/update",
        • "microsoft.directory/deviceRegistrationPolicy/standard/read",
        • "microsoft.directory/devices/allProperties/allTasks",
        • "microsoft.directory/devices/permissions/update",
        • "microsoft.directory/deviceTemplates/owners/read",
        • "microsoft.directory/deviceTemplates/owners/update",
        • "microsoft.directory/directoryRoles/allProperties/allTasks",
        • "microsoft.directory/directoryRoleTemplates/allProperties/allTasks",
        • "microsoft.directory/domains/allProperties/allTasks",
        • "microsoft.directory/domains/federationConfiguration/basic/update",
        • "microsoft.directory/domains/federationConfiguration/create",
        • "microsoft.directory/domains/federationConfiguration/delete",
        • "microsoft.directory/domains/federationConfiguration/standard/read",
        • "microsoft.directory/entitlementManagement/allProperties/allTasks",
        • "microsoft.directory/externalUserProfiles/basic/update",
        • "microsoft.directory/externalUserProfiles/delete",
        • "microsoft.directory/externalUserProfiles/standard/read",
        • "microsoft.directory/groups/allProperties/allTasks",
        • "microsoft.directory/groupsAssignableToRoles/allProperties/update",
        • "microsoft.directory/groupsAssignableToRoles/assignLicense",
        • "microsoft.directory/groupsAssignableToRoles/create",
        • "microsoft.directory/groupsAssignableToRoles/delete",
        • "microsoft.directory/groupsAssignableToRoles/reprocessLicenseAssignment",
        • "microsoft.directory/groupsAssignableToRoles/restore",
        • "microsoft.directory/groupSettings/allProperties/allTasks",
        • "microsoft.directory/groupSettingTemplates/allProperties/allTasks",
        • "microsoft.directory/hybridAuthenticationPolicy/allProperties/allTasks",
        • "microsoft.directory/identityProtection/allProperties/allTasks",
        • "microsoft.directory/lifecycleWorkflows/workflows/allProperties/allTasks",
        • "microsoft.directory/loginOrganizationBranding/allProperties/allTasks",
        • "microsoft.directory/multiTenantOrganization/basic/update",
        • "microsoft.directory/multiTenantOrganization/create",
        • "microsoft.directory/multiTenantOrganization/joinRequest/organizationDetails/update",
        • "microsoft.directory/multiTenantOrganization/joinRequest/standard/read",
        • "microsoft.directory/multiTenantOrganization/standard/read",
        • "microsoft.directory/multiTenantOrganization/tenants/create",
        • "microsoft.directory/multiTenantOrganization/tenants/delete",
        • "microsoft.directory/multiTenantOrganization/tenants/organizationDetails/read",
        • "microsoft.directory/multiTenantOrganization/tenants/organizationDetails/update",
        • "microsoft.directory/multiTenantOrganization/tenants/standard/read",
        • "microsoft.directory/namedLocations/basic/update",
        • "microsoft.directory/namedLocations/create",
        • "microsoft.directory/namedLocations/delete",
        • "microsoft.directory/namedLocations/standard/read",
        • "microsoft.directory/oAuth2PermissionGrants/allProperties/allTasks",
        • "microsoft.directory/onPremisesSynchronization/basic/update",
        • "microsoft.directory/onPremisesSynchronization/standard/read",
        • "microsoft.directory/organization/allProperties/allTasks",
        • "microsoft.directory/passwordHashSync/allProperties/allTasks",
        • "microsoft.directory/pendingExternalUserProfiles/basic/update",
        • "microsoft.directory/pendingExternalUserProfiles/create",
        • "microsoft.directory/pendingExternalUserProfiles/delete",
        • "microsoft.directory/pendingExternalUserProfiles/standard/read",
        • "microsoft.directory/permissionGrantPolicies/basic/update",
        • "microsoft.directory/permissionGrantPolicies/create",
        • "microsoft.directory/permissionGrantPolicies/delete",
        • "microsoft.directory/permissionGrantPolicies/standard/read",
        • "microsoft.directory/policies/allProperties/allTasks",
        • "microsoft.directory/privilegedIdentityManagement/allProperties/read",
        • "microsoft.directory/provisioningLogs/allProperties/read",
        • "microsoft.directory/resourceNamespaces/resourceActions/authenticationContext/update",
        • "microsoft.directory/roleAssignments/allProperties/allTasks",
        • "microsoft.directory/roleDefinitions/allProperties/allTasks",
        • "microsoft.directory/scopedRoleMemberships/allProperties/allTasks",
        • "microsoft.directory/serviceAction/activateService",
        • "microsoft.directory/serviceAction/disableDirectoryFeature",
        • "microsoft.directory/serviceAction/enableDirectoryFeature",
        • "microsoft.directory/serviceAction/getAvailableExtentionProperties",
        • "microsoft.directory/servicePrincipalCreationPolicies/basic/update",
        • "microsoft.directory/servicePrincipalCreationPolicies/create",
        • "microsoft.directory/servicePrincipalCreationPolicies/delete",
        • "microsoft.directory/servicePrincipalCreationPolicies/standard/read",
        • "microsoft.directory/servicePrincipals/allProperties/allTasks",
        • "microsoft.directory/servicePrincipals/managePermissionGrantsForAll.microsoft-company-admin",
        • "microsoft.directory/servicePrincipals/synchronization.cloudTenantToCloudTenant/credentials/manage",
        • "microsoft.directory/servicePrincipals/synchronization.cloudTenantToCloudTenant/jobs/manage",
        • "microsoft.directory/servicePrincipals/synchronization.cloudTenantToCloudTenant/schema/manage",
        • "microsoft.directory/servicePrincipals/synchronization.cloudTenantToExternalSystem/credentials/manage",
        • "microsoft.directory/servicePrincipals/synchronization.cloudTenantToExternalSystem/jobs/manage",
        • "microsoft.directory/servicePrincipals/synchronization.cloudTenantToExternalSystem/schema/manage",
        • "microsoft.directory/servicePrincipals/synchronization/standard/read",
        • "microsoft.directory/signInReports/allProperties/read",
        • "microsoft.directory/subscribedSkus/allProperties/allTasks",
        • "microsoft.directory/tenantManagement/tenants/create",
        • "microsoft.directory/users/allProperties/allTasks",
        • "microsoft.directory/users/authenticationMethods/basic/update",
        • "microsoft.directory/users/authenticationMethods/create",
        • "microsoft.directory/users/authenticationMethods/delete",
        • "microsoft.directory/users/authenticationMethods/standard/read",
        • "microsoft.directory/users/convertExternalToInternalMemberUser",
        • "microsoft.directory/verifiableCredentials/configuration/allProperties/read",
        • "microsoft.directory/verifiableCredentials/configuration/allProperties/update",
        • "microsoft.directory/verifiableCredentials/configuration/contracts/allProperties/read",
        • "microsoft.directory/verifiableCredentials/configuration/contracts/allProperties/update",
        • "microsoft.directory/verifiableCredentials/configuration/contracts/cards/allProperties/read",
        • "microsoft.directory/verifiableCredentials/configuration/contracts/cards/revoke",
        • "microsoft.directory/verifiableCredentials/configuration/contracts/create",
        • "microsoft.directory/verifiableCredentials/configuration/create",
        • "microsoft.directory/verifiableCredentials/configuration/delete",
        • "microsoft.dynamics365/allEntities/allTasks",
        • "microsoft.edge/allEntities/allProperties/allTasks",
        • "microsoft.flow/allEntities/allTasks",
        • "microsoft.graph.dataConnect/allEntities/allProperties/allTasks",
        • "microsoft.hardware.support/shippingAddress/allProperties/allTasks",
        • "microsoft.hardware.support/shippingStatus/allProperties/read",
        • "microsoft.hardware.support/warrantyClaims/allProperties/allTasks",
        • "microsoft.insights/allEntities/allProperties/allTasks",
        • "microsoft.intune/allEntities/allTasks",
        • "microsoft.microsoft365.organizationalData/allEntities/allProperties/allTasks",
        • "microsoft.networkAccess/allEntities/allProperties/allTasks",
        • "microsoft.networkAccess/trafficLogs/standard/read",
        • "microsoft.office365.complianceManager/allEntities/allTasks",
        • "microsoft.office365.copilot/allEntities/allProperties/allTasks",
        • "microsoft.office365.desktopAnalytics/allEntities/allTasks",
        • "microsoft.office365.exchange/allEntities/basic/allTasks",
        • "microsoft.office365.fileStorageContainers/allEntities/allProperties/allTasks",
        • "microsoft.office365.knowledge/contentUnderstanding/allProperties/allTasks",
        • "microsoft.office365.knowledge/contentUnderstanding/analytics/allProperties/read",
        • "microsoft.office365.knowledge/knowledgeNetwork/allProperties/allTasks",
        • "microsoft.office365.knowledge/knowledgeNetwork/topicVisibility/allProperties/allTasks",
        • "microsoft.office365.knowledge/learningSources/allProperties/allTasks",
        • "microsoft.office365.lockbox/allEntities/allTasks",
        • "microsoft.office365.messageCenter/messages/read",
        • "microsoft.office365.messageCenter/securityMessages/read",
        • "microsoft.office365.migrations/allEntities/allProperties/allTasks",
        • "microsoft.office365.network/performance/allProperties/read",
        • "microsoft.office365.organizationalMessages/allEntities/allProperties/allTasks",
        • "microsoft.office365.protectionCenter/allEntities/allProperties/allTasks",
        • "microsoft.office365.search/content/manage",
        • "microsoft.office365.securityComplianceCenter/allEntities/allTasks",
        • "microsoft.office365.serviceHealth/allEntities/allTasks",
        • "microsoft.office365.sharePoint/allEntities/allTasks",
        • "microsoft.office365.skypeForBusiness/allEntities/allTasks",
        • "microsoft.office365.supportTickets/allEntities/allTasks",
        • "microsoft.office365.usageReports/allEntities/allProperties/read",
        • "microsoft.office365.userCommunication/allEntities/allTasks",
        • "microsoft.office365.webPortal/allEntities/standard/read",
        • "microsoft.office365.yammer/allEntities/allProperties/allTasks",
        • "microsoft.peopleAdmin/organization/allProperties/read",
        • "microsoft.peopleAdmin/organization/allProperties/update",
        • "microsoft.people/users/photo/read",
        • "microsoft.people/users/photo/update",
        • "microsoft.permissionsManagement/allEntities/allProperties/allTasks",
        • "microsoft.powerApps/allEntities/allTasks",
        • "microsoft.powerApps.powerBI/allEntities/allTasks",
        • "microsoft.teams/allEntities/allProperties/allTasks",
        • "microsoft.virtualVisits/allEntities/allProperties/allTasks",
        • "microsoft.viva.glint/allEntities/allProperties/allTasks",
        • "microsoft.viva.goals/allEntities/allProperties/allTasks",
        • "microsoft.viva.pulse/allEntities/allProperties/allTasks",
        • "microsoft.windows.defenderAdvancedThreatProtection/allEntities/allTasks",
        • "microsoft.windows.updatesDeployments/allEntities/allProperties/allTasks"
        ],
      • condition: null
      }
    ],
  • inheritsPermissionsFrom@odata.context: "https://graph.microsoft.com/v1.0/$metadata#roleManagement/directory/roleDefinitions('62e90394-69f5-4237-9190-012177145e10')/inheritsPermissionsFrom",
  • inheritsPermissionsFrom: [1 item
    • {1 item
      • id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b"
      }
    ]
}
JSON raw (beta endpoint)
GET /roleManagement/directory/roleDefinitions/{id}
{16 items
  • @odata.context: "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/roleDefinitions/$entity",
  • id: "62e90394-69f5-4237-9190-012177145e10",
  • assignmentMode: "allowed",
  • categories: "global",
  • description: "Can manage all aspects of Microsoft Entra ID and Microsoft services that use Microsoft Entra identities.",
  • displayName: "Global Administrator",
  • isBuiltIn: true,
  • isEnabled: true,
  • isPrivileged: true,
  • resourceScopes: [1 item
    • "/"
    ],
  • richDescription: "Users with this role have access to all administrative features in Microsoft Entra ID, as well as services that federate to Microsoft Entra ID like Exchange Online, SharePoint Online, and Skype for Business Online. The person who signs up for the Microsoft Entra tenant becomes a global administrator. Only global administrators can assign other administrator roles. There can be more than one global administrator at your company. Global admins can reset the password for any user and all other administrators. Note: In Microsoft Graph API, Azure AD Graph API, and Azure AD PowerShell, this role is identified as "Company Administrator". It is "Global Administrator" in the Azure portal.",
  • templateId: "62e90394-69f5-4237-9190-012177145e10",
  • version: "1",
  • rolePermissions: [1 item
    • {2 items
      • allowedResourceActions: [214 items
        • "microsoft.azure.advancedThreatProtection/allEntities/allTasks",
        • "microsoft.azure.informationProtection/allEntities/allTasks",
        • "microsoft.azure.serviceHealth/allEntities/allTasks",
        • "microsoft.azure.supportTickets/allEntities/allTasks",
        • "microsoft.backup/allEntities/allProperties/allTasks",
        • "microsoft.cloudPC/allEntities/allProperties/allTasks",
        • "microsoft.commerce.billing/allEntities/allProperties/allTasks",
        • "microsoft.commerce.billing/purchases/standard/read",
        • "microsoft.directory/accessReviews/allProperties/allTasks",
        • "microsoft.directory/accessReviews/definitions/allProperties/allTasks",
        • "microsoft.directory/adminConsentRequestPolicy/allProperties/allTasks",
        • "microsoft.directory/administrativeUnits/allProperties/allTasks",
        • "microsoft.directory/appConsent/appConsentRequests/allProperties/read",
        • "microsoft.directory/applications/allProperties/allTasks",
        • "microsoft.directory/applications/synchronization/standard/read",
        • "microsoft.directory/applicationTemplates/instantiate",
        • "microsoft.directory/auditLogs/allProperties/read",
        • "microsoft.directory/authorizationPolicy/allProperties/allTasks",
        • "microsoft.directory/bitlockerKeys/key/read",
        • "microsoft.directory/bulkJobs/basic/update",
        • "microsoft.directory/bulkJobs/create",
        • "microsoft.directory/bulkJobs/standard/read",
        • "microsoft.directory/cloudAppSecurity/allProperties/allTasks",
        • "microsoft.directory/conditionalAccessPolicies/allProperties/allTasks",
        • "microsoft.directory/connectorGroups/allProperties/read",
        • "microsoft.directory/connectorGroups/allProperties/update",
        • "microsoft.directory/connectorGroups/create",
        • "microsoft.directory/connectorGroups/delete",
        • "microsoft.directory/connectors/allProperties/read",
        • "microsoft.directory/connectors/create",
        • "microsoft.directory/contacts/allProperties/allTasks",
        • "microsoft.directory/contracts/allProperties/allTasks",
        • "microsoft.directory/crossTenantAccessPolicy/allowedCloudEndpoints/update",
        • "microsoft.directory/crossTenantAccessPolicy/basic/update",
        • "microsoft.directory/crossTenantAccessPolicy/default/b2bCollaboration/update",
        • "microsoft.directory/crossTenantAccessPolicy/default/b2bDirectConnect/update",
        • "microsoft.directory/crossTenantAccessPolicy/default/crossCloudMeetings/update",
        • "microsoft.directory/crossTenantAccessPolicy/default/standard/read",
        • "microsoft.directory/crossTenantAccessPolicy/default/tenantRestrictions/update",
        • "microsoft.directory/crossTenantAccessPolicy/partners/b2bCollaboration/update",
        • "microsoft.directory/crossTenantAccessPolicy/partners/b2bDirectConnect/update",
        • "microsoft.directory/crossTenantAccessPolicy/partners/create",
        • "microsoft.directory/crossTenantAccessPolicy/partners/crossCloudMeetings/update",
        • "microsoft.directory/crossTenantAccessPolicy/partners/delete",
        • "microsoft.directory/crossTenantAccessPolicy/partners/identitySynchronization/basic/update",
        • "microsoft.directory/crossTenantAccessPolicy/partners/identitySynchronization/create",
        • "microsoft.directory/crossTenantAccessPolicy/partners/identitySynchronization/standard/read",
        • "microsoft.directory/crossTenantAccessPolicy/partners/standard/read",
        • "microsoft.directory/crossTenantAccessPolicy/partners/templates/multiTenantOrganizationIdentitySynchronization/basic/update",
        • "microsoft.directory/crossTenantAccessPolicy/partners/templates/multiTenantOrganizationIdentitySynchronization/resetToDefaultSettings",
        • "microsoft.directory/crossTenantAccessPolicy/partners/templates/multiTenantOrganizationIdentitySynchronization/standard/read",
        • "microsoft.directory/crossTenantAccessPolicy/partners/templates/multiTenantOrganizationPartnerConfiguration/basic/update",
        • "microsoft.directory/crossTenantAccessPolicy/partners/templates/multiTenantOrganizationPartnerConfiguration/resetToDefaultSettings",
        • "microsoft.directory/crossTenantAccessPolicy/partners/templates/multiTenantOrganizationPartnerConfiguration/standard/read",
        • "microsoft.directory/crossTenantAccessPolicy/partners/tenantRestrictions/update",
        • "microsoft.directory/crossTenantAccessPolicy/standard/read",
        • "microsoft.directory/customAuthenticationExtensions/allProperties/allTasks",
        • "microsoft.directory/deletedItems/delete",
        • "microsoft.directory/deletedItems/restore",
        • "microsoft.directory/deviceLocalCredentials/password/read",
        • "microsoft.directory/deviceManagementPolicies/basic/update",
        • "microsoft.directory/deviceManagementPolicies/standard/read",
        • "microsoft.directory/deviceRegistrationPolicy/basic/update",
        • "microsoft.directory/deviceRegistrationPolicy/standard/read",
        • "microsoft.directory/devices/allProperties/allTasks",
        • "microsoft.directory/devices/permissions/update",
        • "microsoft.directory/deviceTemplates/owners/read",
        • "microsoft.directory/deviceTemplates/owners/update",
        • "microsoft.directory/directoryRoles/allProperties/allTasks",
        • "microsoft.directory/directoryRoleTemplates/allProperties/allTasks",
        • "microsoft.directory/domains/allProperties/allTasks",
        • "microsoft.directory/domains/federationConfiguration/basic/update",
        • "microsoft.directory/domains/federationConfiguration/create",
        • "microsoft.directory/domains/federationConfiguration/delete",
        • "microsoft.directory/domains/federationConfiguration/standard/read",
        • "microsoft.directory/entitlementManagement/allProperties/allTasks",
        • "microsoft.directory/externalUserProfiles/basic/update",
        • "microsoft.directory/externalUserProfiles/delete",
        • "microsoft.directory/externalUserProfiles/standard/read",
        • "microsoft.directory/groups/allProperties/allTasks",
        • "microsoft.directory/groupsAssignableToRoles/allProperties/update",
        • "microsoft.directory/groupsAssignableToRoles/assignLicense",
        • "microsoft.directory/groupsAssignableToRoles/create",
        • "microsoft.directory/groupsAssignableToRoles/delete",
        • "microsoft.directory/groupsAssignableToRoles/reprocessLicenseAssignment",
        • "microsoft.directory/groupsAssignableToRoles/restore",
        • "microsoft.directory/groupSettings/allProperties/allTasks",
        • "microsoft.directory/groupSettingTemplates/allProperties/allTasks",
        • "microsoft.directory/hybridAuthenticationPolicy/allProperties/allTasks",
        • "microsoft.directory/identityProtection/allProperties/allTasks",
        • "microsoft.directory/lifecycleWorkflows/workflows/allProperties/allTasks",
        • "microsoft.directory/loginOrganizationBranding/allProperties/allTasks",
        • "microsoft.directory/multiTenantOrganization/basic/update",
        • "microsoft.directory/multiTenantOrganization/create",
        • "microsoft.directory/multiTenantOrganization/joinRequest/organizationDetails/update",
        • "microsoft.directory/multiTenantOrganization/joinRequest/standard/read",
        • "microsoft.directory/multiTenantOrganization/standard/read",
        • "microsoft.directory/multiTenantOrganization/tenants/create",
        • "microsoft.directory/multiTenantOrganization/tenants/delete",
        • "microsoft.directory/multiTenantOrganization/tenants/organizationDetails/read",
        • "microsoft.directory/multiTenantOrganization/tenants/organizationDetails/update",
        • "microsoft.directory/multiTenantOrganization/tenants/standard/read",
        • "microsoft.directory/namedLocations/basic/update",
        • "microsoft.directory/namedLocations/create",
        • "microsoft.directory/namedLocations/delete",
        • "microsoft.directory/namedLocations/standard/read",
        • "microsoft.directory/oAuth2PermissionGrants/allProperties/allTasks",
        • "microsoft.directory/onPremisesSynchronization/basic/update",
        • "microsoft.directory/onPremisesSynchronization/standard/read",
        • "microsoft.directory/organization/allProperties/allTasks",
        • "microsoft.directory/passwordHashSync/allProperties/allTasks",
        • "microsoft.directory/pendingExternalUserProfiles/basic/update",
        • "microsoft.directory/pendingExternalUserProfiles/create",
        • "microsoft.directory/pendingExternalUserProfiles/delete",
        • "microsoft.directory/pendingExternalUserProfiles/standard/read",
        • "microsoft.directory/permissionGrantPolicies/basic/update",
        • "microsoft.directory/permissionGrantPolicies/create",
        • "microsoft.directory/permissionGrantPolicies/delete",
        • "microsoft.directory/permissionGrantPolicies/standard/read",
        • "microsoft.directory/policies/allProperties/allTasks",
        • "microsoft.directory/privilegedIdentityManagement/allProperties/read",
        • "microsoft.directory/provisioningLogs/allProperties/read",
        • "microsoft.directory/resourceNamespaces/resourceActions/authenticationContext/update",
        • "microsoft.directory/roleAssignments/allProperties/allTasks",
        • "microsoft.directory/roleDefinitions/allProperties/allTasks",
        • "microsoft.directory/scopedRoleMemberships/allProperties/allTasks",
        • "microsoft.directory/serviceAction/activateService",
        • "microsoft.directory/serviceAction/disableDirectoryFeature",
        • "microsoft.directory/serviceAction/enableDirectoryFeature",
        • "microsoft.directory/serviceAction/getAvailableExtentionProperties",
        • "microsoft.directory/servicePrincipalCreationPolicies/basic/update",
        • "microsoft.directory/servicePrincipalCreationPolicies/create",
        • "microsoft.directory/servicePrincipalCreationPolicies/delete",
        • "microsoft.directory/servicePrincipalCreationPolicies/standard/read",
        • "microsoft.directory/servicePrincipals/allProperties/allTasks",
        • "microsoft.directory/servicePrincipals/managePermissionGrantsForAll.microsoft-company-admin",
        • "microsoft.directory/servicePrincipals/synchronization.cloudTenantToCloudTenant/credentials/manage",
        • "microsoft.directory/servicePrincipals/synchronization.cloudTenantToCloudTenant/jobs/manage",
        • "microsoft.directory/servicePrincipals/synchronization.cloudTenantToCloudTenant/schema/manage",
        • "microsoft.directory/servicePrincipals/synchronization.cloudTenantToExternalSystem/credentials/manage",
        • "microsoft.directory/servicePrincipals/synchronization.cloudTenantToExternalSystem/jobs/manage",
        • "microsoft.directory/servicePrincipals/synchronization.cloudTenantToExternalSystem/schema/manage",
        • "microsoft.directory/servicePrincipals/synchronization/standard/read",
        • "microsoft.directory/signInReports/allProperties/read",
        • "microsoft.directory/subscribedSkus/allProperties/allTasks",
        • "microsoft.directory/tenantManagement/tenants/create",
        • "microsoft.directory/users/allProperties/allTasks",
        • "microsoft.directory/users/authenticationMethods/basic/update",
        • "microsoft.directory/users/authenticationMethods/create",
        • "microsoft.directory/users/authenticationMethods/delete",
        • "microsoft.directory/users/authenticationMethods/standard/read",
        • "microsoft.directory/users/convertExternalToInternalMemberUser",
        • "microsoft.directory/verifiableCredentials/configuration/allProperties/read",
        • "microsoft.directory/verifiableCredentials/configuration/allProperties/update",
        • "microsoft.directory/verifiableCredentials/configuration/contracts/allProperties/read",
        • "microsoft.directory/verifiableCredentials/configuration/contracts/allProperties/update",
        • "microsoft.directory/verifiableCredentials/configuration/contracts/cards/allProperties/read",
        • "microsoft.directory/verifiableCredentials/configuration/contracts/cards/revoke",
        • "microsoft.directory/verifiableCredentials/configuration/contracts/create",
        • "microsoft.directory/verifiableCredentials/configuration/create",
        • "microsoft.directory/verifiableCredentials/configuration/delete",
        • "microsoft.dynamics365/allEntities/allTasks",
        • "microsoft.edge/allEntities/allProperties/allTasks",
        • "microsoft.flow/allEntities/allTasks",
        • "microsoft.graph.dataConnect/allEntities/allProperties/allTasks",
        • "microsoft.hardware.support/shippingAddress/allProperties/allTasks",
        • "microsoft.hardware.support/shippingStatus/allProperties/read",
        • "microsoft.hardware.support/warrantyClaims/allProperties/allTasks",
        • "microsoft.insights/allEntities/allProperties/allTasks",
        • "microsoft.intune/allEntities/allTasks",
        • "microsoft.microsoft365.organizationalData/allEntities/allProperties/allTasks",
        • "microsoft.networkAccess/allEntities/allProperties/allTasks",
        • "microsoft.networkAccess/trafficLogs/standard/read",
        • "microsoft.office365.complianceManager/allEntities/allTasks",
        • "microsoft.office365.copilot/allEntities/allProperties/allTasks",
        • "microsoft.office365.desktopAnalytics/allEntities/allTasks",
        • "microsoft.office365.exchange/allEntities/basic/allTasks",
        • "microsoft.office365.fileStorageContainers/allEntities/allProperties/allTasks",
        • "microsoft.office365.knowledge/contentUnderstanding/allProperties/allTasks",
        • "microsoft.office365.knowledge/contentUnderstanding/analytics/allProperties/read",
        • "microsoft.office365.knowledge/knowledgeNetwork/allProperties/allTasks",
        • "microsoft.office365.knowledge/knowledgeNetwork/topicVisibility/allProperties/allTasks",
        • "microsoft.office365.knowledge/learningSources/allProperties/allTasks",
        • "microsoft.office365.lockbox/allEntities/allTasks",
        • "microsoft.office365.messageCenter/messages/read",
        • "microsoft.office365.messageCenter/securityMessages/read",
        • "microsoft.office365.migrations/allEntities/allProperties/allTasks",
        • "microsoft.office365.network/performance/allProperties/read",
        • "microsoft.office365.organizationalMessages/allEntities/allProperties/allTasks",
        • "microsoft.office365.protectionCenter/allEntities/allProperties/allTasks",
        • "microsoft.office365.search/content/manage",
        • "microsoft.office365.securityComplianceCenter/allEntities/allTasks",
        • "microsoft.office365.serviceHealth/allEntities/allTasks",
        • "microsoft.office365.sharePoint/allEntities/allTasks",
        • "microsoft.office365.skypeForBusiness/allEntities/allTasks",
        • "microsoft.office365.supportTickets/allEntities/allTasks",
        • "microsoft.office365.usageReports/allEntities/allProperties/read",
        • "microsoft.office365.userCommunication/allEntities/allTasks",
        • "microsoft.office365.webPortal/allEntities/standard/read",
        • "microsoft.office365.yammer/allEntities/allProperties/allTasks",
        • "microsoft.peopleAdmin/organization/allProperties/read",
        • "microsoft.peopleAdmin/organization/allProperties/update",
        • "microsoft.people/users/photo/read",
        • "microsoft.people/users/photo/update",
        • "microsoft.permissionsManagement/allEntities/allProperties/allTasks",
        • "microsoft.powerApps/allEntities/allTasks",
        • "microsoft.powerApps.powerBI/allEntities/allTasks",
        • "microsoft.teams/allEntities/allProperties/allTasks",
        • "microsoft.virtualVisits/allEntities/allProperties/allTasks",
        • "microsoft.viva.glint/allEntities/allProperties/allTasks",
        • "microsoft.viva.goals/allEntities/allProperties/allTasks",
        • "microsoft.viva.pulse/allEntities/allProperties/allTasks",
        • "microsoft.windows.defenderAdvancedThreatProtection/allEntities/allTasks",
        • "microsoft.windows.updatesDeployments/allEntities/allProperties/allTasks"
        ],
      • condition: null
      }
    ],
  • inheritsPermissionsFrom@odata.context: "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/roleDefinitions('62e90394-69f5-4237-9190-012177145e10')/inheritsPermissionsFrom",
  • inheritsPermissionsFrom: [1 item
    • {1 item
      • id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b"
      }
    ]
}