DeviceManagementRBAC.Read.All
Export JSON
Export CSV
Copy URL
Print
ApplicationDelegated
Full Control
All Resources
Allows the app to read the properties relating to the Microsoft Intune Role-Based Access Control (RBAC) settings, without a signed-in user.
Permission data: April 6, 2026 at 4:06 AM UTC
Delegated Access
App-Only Access
Permission Details
Application Permission
Read Microsoft Intune RBAC settings
Allows the app to read the properties relating to the Microsoft Intune Role-Based Access Control (RBAC) settings, without a signed-in user.
Permission ID:
58ca0d9a-1575-47e1-a3cb-007ef2e4583b
Delegated Permission
Admin consent required
Read Microsoft Intune RBAC settings
Allows the app to read the properties relating to the Microsoft Intune Role-Based Access Control (RBAC) settings.
User sees: Allows the app to read the properties relating to the Microsoft Intune Role-Based Access Control (RBAC) settings.
Permission ID:
49f0cc30-024c-4dfd-ab3e-82e137ee5431
Properties
Microsoft Graph v1.0
endpoint-derived-docs
Properties is shown from stable Microsoft Graph v1.0 metadata.
| Property | Type | Description |
|---|---|---|
applePushNotificationCertificate |
object |
Apple push notification certificate. |
auditEvents |
auditEvent collection |
The Audit Events |
complianceManagementPartners |
complianceManagementPartner collection |
The list of Compliance Management Partners configured by the tenant. |
conditionalAccessSettings |
object |
The Exchange on premises conditional access settings. On premises conditional access will require devices to be both enrolled and compliant for mail access |
detectedApps |
detectedApp collection |
The list of detected apps associated with a device. |
deviceCategories |
deviceCategory collection |
The list of device categories with the tenant. |
deviceCompliancePolicies |
deviceCompliancePolicy collection |
The device compliance policies. |
deviceCompliancePolicyDeviceStateSummary |
object |
The device compliance state summary for this account. |
deviceCompliancePolicySettingStateSummaries |
deviceCompliancePolicySettingStateSummary collection |
The summary states of compliance policy settings for this account. |
deviceConfigurationDeviceStateSummaries |
object |
The device configuration device state summary for this account. |
deviceConfigurations |
deviceConfiguration collection |
The device configurations. |
deviceEnrollmentConfigurations |
deviceEnrollmentConfiguration collection |
The list of device enrollment configurations |
deviceManagementPartners |
deviceManagementPartner collection |
The list of Device Management Partners configured by the tenant. |
deviceProtectionOverview |
object |
Device protection overview. |
exchangeConnectors |
deviceManagementExchangeConnector collection |
The list of Exchange Connectors configured by the tenant. |
Showing 15 of 65 properties.
JSON Representation
Microsoft Graph v1.0
endpoint-derived-docs
JSON representation is shown from stable Microsoft Graph v1.0 metadata.
JSON representation
{
"@odata.type": "#microsoft.graph.roleManagement"
}Relationships
Microsoft Graph v1.0
endpoint-derived-docs
Relationships is shown from stable Microsoft Graph v1.0 metadata.
| Relationship | Type | Description |
|---|---|---|
directory |
rbacApplication |
Read-only. Nullable. |
entitlementManagement |
rbacApplication |
Container for roles and assignments for entitlement management resources. |
auditEvents |
auditEvent collection |
The Audit Events |
complianceManagementPartners |
complianceManagementPartner collection |
The list of Compliance Management Partners configured by the tenant. |
detectedApps |
detectedApp collection |
The list of detected apps associated with a device. |
deviceCategories |
deviceCategory collection |
The list of device categories with the tenant. |
deviceCompliancePolicies |
deviceCompliancePolicy collection |
The device compliance policies. |
deviceCompliancePolicySettingStateSummaries |
deviceCompliancePolicySettingStateSummary collection |
The summary states of compliance policy settings for this account. |
deviceConfigurations |
deviceConfiguration collection |
The device configurations. |
deviceEnrollmentConfigurations |
deviceEnrollmentConfiguration collection |
The list of device enrollment configurations |
deviceManagementPartners |
deviceManagementPartner collection |
The list of Device Management Partners configured by the tenant. |
exchangeConnectors |
deviceManagementExchangeConnector collection |
The list of Exchange Connectors configured by the tenant. |
importedWindowsAutopilotDeviceIdentities |
importedWindowsAutopilotDeviceIdentity collection |
Collection of imported Windows autopilot devices. |
intuneAccountId |
uuid |
Intune Account Id for given tenant |
iosUpdateStatuses |
iosUpdateDeviceStatus collection |
The IOS software update installation statuses for this account. |
managedDevices |
managedDevice collection |
The list of managed devices. |
mobileAppTroubleshootingEvents |
mobileAppTroubleshootingEvent collection |
The collection property of MobileAppTroubleshootingEvent. |
mobileThreatDefenseConnectors |
mobileThreatDefenseConnector collection |
The list of Mobile threat Defense connectors configured by the tenant. |
notificationMessageTemplates |
notificationMessageTemplate collection |
The Notification Message Templates. |
remoteAssistancePartners |
remoteAssistancePartner collection |
The remote assist partners. |
resourceOperations |
resourceOperation collection |
The Resource Operations. |
roleAssignments |
deviceAndAppManagementRoleAssignment collection |
The Role Assignments. |
Graph Methods
Delegated access
App-only access
Exact Microsoft Learn match
Microsoft Graph v1.0 endpoints are mapped directly from refreshed Microsoft Learn permissions tables.
Exact Microsoft Learn match
Microsoft Graph beta endpoints are mapped directly from refreshed Microsoft Learn permissions tables.
Exact Microsoft Learn PowerShell match
Microsoft Graph PowerShell v1.0 commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.
No deterministic PowerShell command map is available for this permission.
Browse PowerShell docs
Exact Microsoft Learn PowerShell match
Microsoft Graph PowerShell beta commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.
Code Examples
C# / .NET SDK
Get unifiedRoleDefinition
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.RoleManagement.Directory.RoleDefinitions["{unifiedRoleDefinition-id}"].GetAsync();
JavaScript
Get unifiedRoleDefinition
const options = {
authProvider,
};
const client = Client.init(options);
let unifiedRoleDefinition = await client.api('/roleManagement/directory/roleDefinitions/f189965f-f560-4c59-9101-933d4c87a91a')
.version('beta')
.get();
PowerShell
Get unifiedRoleDefinition
Import-Module Microsoft.Graph.Beta.Identity.Governance
Get-MgBetaRoleManagementDirectoryRoleDefinition -UnifiedRoleDefinitionId $unifiedRoleDefinitionId
Python
Get unifiedRoleDefinition
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
result = await graph_client.role_management.directory.role_definitions.by_unified_role_definition_id('unifiedRoleDefinition-id').get()App Registration
1
Navigate to Azure Portal
Go to App registrations in Microsoft Entra admin center
2
Add API Permission
Select your app → API permissions → Add a permission → Microsoft Graph
3
Select Permission Type
Choose Application permissions or delegated permissions and search for DeviceManagementRBAC.Read.All
4
Grant Admin Consent
Application permissions always require admin consent.