How do I add Directory.AccessAsUser.All to my app registration?

Go to Azure Portal > App registrations > Your app > API permissions > Add permission > Microsoft Graph, then search for Directory.AccessAsUser.All and select it.

Directory.AccessAsUser.All Permission - Microsoft Graph API

Permission Details

Delegated Permission

Access directory as the signed in user

Allows the app to have the same access to information in the directory as the signed-in user.

Permission ID: 0e263e50-5827-48a4-b97c-d940288653c7

Properties

Property	Type	Description
`id`	`string`	The unique identifier for an entity. Read-only.
`contactInsights`	`object`	Contains the properties that are configured by an administrator as a tenant-level privacy control whether to identify duplicate contacts among a user's contacts list and suggest the user to merge those contacts to have a cleaner contacts list. List contactInsights returns the settings to display or return contact insights in an organization.
`microsoftApplicationDataAccess`	`object`
`peopleInsights`	`object`	Contains the properties that are configured by an administrator for the visibility of a list of people relevant and working with a user in Microsoft 365. List peopleInsights returns the settings to display or return people insights in an organization.
`itemInsights`	`object`	Contains the properties that are configured by an administrator for the visibility of Microsoft Graph-derived insights, between a user and other items in Microsoft 365, such as documents or sites. List itemInsights returns the settings to display or return item insights in an organization.

Relationships

Relationship	Type	Description
`administrativeUnits`	`administrativeUnit collection`	Conceptual container for user and group directory objects.
`attributeSets`	`attributeSet collection`	Group of related custom security attribute definitions.
`customSecurityAttributeDefinitions`	`customSecurityAttributeDefinition collection`	Schema of a custom security attribute.
`deletedItems`	`directoryObject collection`	Recently deleted items. Read-only. Nullable.
`federationConfigurations`	`identityProviderBase collection`	Configure domain federation with organizations whose identity provider (IdP) supports either the SAML or WS-Fed protocol.
`onPremisesSynchronization`	`onPremisesDirectorySynchronization collection`	A container for on-premises directory synchronization functionalities.

Graph Methods

Delegated access App-only access

Methods
GET `/directory`
GET `/directory/administrativeUnits`
GET `/directory/administrativeUnits/{administrativeUnit-id}`
GET `/directory/administrativeUnits/{administrativeUnit-id}/extensions`
GET `/directory/administrativeUnits/{administrativeUnit-id}/extensions/{extension-id}`
GET `/directory/administrativeUnits/{administrativeUnit-id}/members`
GET `/directory/administrativeUnits/{administrativeUnit-id}/members/{directoryObject-id}/graph.application`
GET `/directory/administrativeUnits/{administrativeUnit-id}/members/{directoryObject-id}/graph.device`
GET `/directory/administrativeUnits/{administrativeUnit-id}/members/{directoryObject-id}/graph.group`
GET `/directory/administrativeUnits/{administrativeUnit-id}/members/{directoryObject-id}/graph.orgContact`
GET `/directory/administrativeUnits/{administrativeUnit-id}/members/{directoryObject-id}/graph.servicePrincipal`
GET `/directory/administrativeUnits/{administrativeUnit-id}/members/{directoryObject-id}/graph.user`
GET `/directory/administrativeUnits/{administrativeUnit-id}/members/graph.application`
GET `/directory/administrativeUnits/{administrativeUnit-id}/members/graph.device`
GET `/directory/administrativeUnits/{administrativeUnit-id}/members/graph.group`
GET `/directory/administrativeUnits/{administrativeUnit-id}/members/graph.orgContact`
GET `/directory/administrativeUnits/{administrativeUnit-id}/members/graph.servicePrincipal`
GET `/directory/administrativeUnits/{administrativeUnit-id}/members/graph.user`
GET `/directory/administrativeUnits/{administrativeUnit-id}/scopedRoleMembers`
GET `/directory/administrativeUnits/{administrativeUnit-id}/scopedRoleMembers/{scopedRoleMembership-id}`
GET `/directory/attributeSets`
GET `/directory/attributeSets/{attributeSet-id}`
GET `/directory/customSecurityAttributeDefinitions`
GET `/directory/customSecurityAttributeDefinitions/{customSecurityAttributeDefinition-id}`
GET `/directory/customSecurityAttributeDefinitions/{customSecurityAttributeDefinition-id}/allowedValues`
GET `/directory/customSecurityAttributeDefinitions/{customSecurityAttributeDefinition-id}/allowedValues/{allowedValue-id}`
GET `/directory/federationConfigurations`
GET `/directory/federationConfigurations/{identityProviderBase-id}`
GET `/directory/onPremisesSynchronization`
GET `/directory/onPremisesSynchronization/{onPremisesDirectorySynchronization-id}`
GET `/directory/subscriptions`
GET `/directory/subscriptions/{companySubscription-id}`
POST `/devices`
POST `/devices(deviceId='{deviceId}')/registeredOwners/$ref`
POST `/devices(deviceId='{deviceId}')/registeredUsers/$ref`
POST `/devices/{id}/registeredOwners/$ref`
POST `/devices/{id}/registeredUsers/$ref`
POST `/directory/administrativeUnits`
POST `/directory/administrativeUnits/{administrativeUnit-id}/extensions`
POST `/directory/administrativeUnits/{administrativeUnit-id}/members`
POST `/directory/administrativeUnits/{administrativeUnit-id}/members/{directoryObject-id}/graph.user`
POST `/directory/administrativeUnits/{administrativeUnit-id}/scopedRoleMembers`
POST `/directory/attributeSets`
POST `/directory/customSecurityAttributeDefinitions`
POST `/directory/customSecurityAttributeDefinitions/{customSecurityAttributeDefinition-id}/allowedValues`
POST `/directory/customSecurityAttributeDefinitions/{customSecurityAttributeDefinition-id}/allowedValues/{allowedValue-id}`
POST `/directory/federationConfigurations`
POST `/directory/onPremisesSynchronization`
POST `/directory/subscriptions`
POST `/groups/{id}/events`
POST `/groups/{id}/threads/{id}/posts/{id}/reply`
POST `/users/{id\|userPrincipalName}/contacts`
POST `/users/{id\|userPrincipalName}/events`
POST `/users/{id\|userPrincipalName}/messages`
POST `/users/{id\|userPrincipalName}/todo/lists`
POST `/users/{id\|userPrincipalName}/todo/lists/{id}/tasks`
PATCH `/devices(deviceId='{deviceId}')`
PATCH `/devices/{id}`
PATCH `/devices/{Id}/extensions/{extensionId}`
PATCH `/directory`
PATCH `/directory/administrativeUnits/{administrativeUnit-id}`
PATCH `/directory/administrativeUnits/{administrativeUnit-id}/extensions/{extension-id}`
PATCH `/directory/administrativeUnits/{administrativeUnit-id}/scopedRoleMembers/{scopedRoleMembership-id}`
PATCH `/directory/attributeSets/{attributeSet-id}`
PATCH `/directory/customSecurityAttributeDefinitions/{customSecurityAttributeDefinition-id}`
PATCH `/directory/customSecurityAttributeDefinitions/{customSecurityAttributeDefinition-id}/allowedValues/{allowedValue-id}`
PATCH `/directory/federationConfigurations/{identityProviderBase-id}`
PATCH `/directory/onPremisesSynchronization/{onPremisesDirectorySynchronization-id}`
PATCH `/directory/subscriptions/{companySubscription-id}`
PATCH `/groups/{id}/events/{id}/extensions/{extensionId}`
PATCH `/groups/{id}/extensions/{extensionId}`
PATCH `/groups/{id}/threads/{id}/posts/{id}/extensions/{extensionId}`
PATCH `/organization/{Id}/extensions/{extensionId}`
PATCH `/users/{id\|userPrincipalName}/contacts/{id}/extensions/{extensionId}`
PATCH `/users/{id\|userPrincipalName}/events/{id}/extensions/{extensionId}`
PATCH `/users/{id\|userPrincipalName}/extensions/{extensionId}`
PATCH `/users/{id\|userPrincipalName}/messages/{id}/extensions/{extensionId}`
PATCH `/users/me/todo/lists/{todoTaskListId}/extensions/{extensionId}`
PATCH `/users/me/todo/lists/{todoTaskListId}/tasks/{taskId}/extensions/{extensionId}`
DELETE `/devices(deviceId='{deviceId}')`
DELETE `/devices/{id}`
DELETE `/devices/{Id}/extensions/{extensionId}`
DELETE `/devices/{id}/registeredOwners/{id}/$ref`
DELETE `/devices/{id}/registeredUsers/{id}/$ref`
DELETE `/directory/administrativeUnits/{administrativeUnit-id}`
DELETE `/directory/administrativeUnits/{administrativeUnit-id}/extensions/{extension-id}`
DELETE `/directory/administrativeUnits/{administrativeUnit-id}/members`
DELETE `/directory/administrativeUnits/{administrativeUnit-id}/members/{directoryObject-id}/graph.user`
DELETE `/directory/administrativeUnits/{administrativeUnit-id}/scopedRoleMembers/{scopedRoleMembership-id}`
DELETE `/directory/attributeSets/{attributeSet-id}`
DELETE `/directory/customSecurityAttributeDefinitions/{customSecurityAttributeDefinition-id}`
DELETE `/directory/customSecurityAttributeDefinitions/{customSecurityAttributeDefinition-id}/allowedValues/{allowedValue-id}`
DELETE `/directory/federationConfigurations/{identityProviderBase-id}`
DELETE `/directory/onPremisesSynchronization/{onPremisesDirectorySynchronization-id}`
DELETE `/directory/subscriptions/{companySubscription-id}`
DELETE `/groups/{id}/events/{id}/extensions/{extensionId}`
DELETE `/groups/{id}/extensions/{extensionId}`
DELETE `/groups/{id}/threads/{id}/posts/{id}/extensions/{extensionId}`
DELETE `/me/extensions/{extensionId}`
DELETE `/me/todo/lists/{todoTaskListId}/extensions/{extensionId}`
DELETE `/me/todo/lists/{todoTaskListId}/tasks/{taskId}/extensions/{extensionId}`
DELETE `/organization/{Id}/extensions/{extensionId}`
DELETE `/users/{id\|userPrincipalName}/contacts/{id}/extensions/{extensionId}`
DELETE `/users/{id\|userPrincipalName}/events/{id}/extensions/{extensionId}`
DELETE `/users/{id\|userPrincipalName}/extensions/{extensionId}`
DELETE `/users/{id\|userPrincipalName}/messages/{id}/extensions/{extensionId}`
DELETE `/users/{userId}/todo/lists/{todoTaskListId}/extensions/{extensionId}`
DELETE `/users/{userId}/todo/lists/{todoTaskListId}/tasks/{taskId}/extensions/{extensionId}`

Methods
GET `/directory`
GET `/directory/administrativeUnits`
GET `/directory/administrativeUnits/{administrativeUnit-id}`
GET `/directory/administrativeUnits/{administrativeUnit-id}/deletedMembers`
GET `/directory/administrativeUnits/{administrativeUnit-id}/deletedMembers/{directoryObject-id}`
GET `/directory/administrativeUnits/{administrativeUnit-id}/extensions`
GET `/directory/administrativeUnits/{administrativeUnit-id}/extensions/{extension-id}`
GET `/directory/administrativeUnits/{administrativeUnit-id}/members`
GET `/directory/administrativeUnits/{administrativeUnit-id}/members/{directoryObject-id}/graph.application`
GET `/directory/administrativeUnits/{administrativeUnit-id}/members/{directoryObject-id}/graph.device`
GET `/directory/administrativeUnits/{administrativeUnit-id}/members/{directoryObject-id}/graph.group`
GET `/directory/administrativeUnits/{administrativeUnit-id}/members/{directoryObject-id}/graph.orgContact`
GET `/directory/administrativeUnits/{administrativeUnit-id}/members/{directoryObject-id}/graph.servicePrincipal`
GET `/directory/administrativeUnits/{administrativeUnit-id}/members/{directoryObject-id}/graph.user`
GET `/directory/administrativeUnits/{administrativeUnit-id}/members/graph.application`
GET `/directory/administrativeUnits/{administrativeUnit-id}/members/graph.device`
GET `/directory/administrativeUnits/{administrativeUnit-id}/members/graph.group`
GET `/directory/administrativeUnits/{administrativeUnit-id}/members/graph.orgContact`
GET `/directory/administrativeUnits/{administrativeUnit-id}/members/graph.servicePrincipal`
GET `/directory/administrativeUnits/{administrativeUnit-id}/members/graph.user`
GET `/directory/administrativeUnits/{administrativeUnit-id}/scopedRoleMembers`
GET `/directory/administrativeUnits/{administrativeUnit-id}/scopedRoleMembers/{scopedRoleMembership-id}`
GET `/directory/attributeSets`
GET `/directory/attributeSets/{attributeSet-id}`
GET `/directory/authenticationMethodDevices`
GET `/directory/authenticationMethodDevices/hardwareOathDevices`
GET `/directory/authenticationMethodDevices/hardwareOathDevices/{hardwareOathTokenAuthenticationMethodDevice-id}`
GET `/directory/authenticationMethodDevices/hardwareOathDevices/{hardwareOathTokenAuthenticationMethodDevice-id}/assignTo`
GET `/directory/authenticationMethodDevices/hardwareOathDevices/{hardwareOathTokenAuthenticationMethodDevice-id}/assignTo/mailboxSettings`
GET `/directory/authenticationMethodDevices/hardwareOathDevices/{hardwareOathTokenAuthenticationMethodDevice-id}/assignTo/serviceProvisioningErrors`
GET `/directory/certificateAuthorities`
GET `/directory/certificateAuthorities/certificateBasedApplicationConfigurations`
GET `/directory/certificateAuthorities/certificateBasedApplicationConfigurations/{certificateBasedApplicationConfiguration-id}`
GET `/directory/certificateAuthorities/certificateBasedApplicationConfigurations/{certificateBasedApplicationConfiguration-id}/trustedCertificateAuthorities`
GET `/directory/certificateAuthorities/certificateBasedApplicationConfigurations/{certificateBasedApplicationConfiguration-id}/trustedCertificateAuthorities/{certificateAuthorityAsEntity-id}`
GET `/directory/certificateAuthorities/mutualTlsOauthConfigurations`
GET `/directory/certificateAuthorities/mutualTlsOauthConfigurations/{mutualTlsOauthConfiguration-id}`
GET `/directory/customSecurityAttributeDefinitions`
GET `/directory/customSecurityAttributeDefinitions/{customSecurityAttributeDefinition-id}`
GET `/directory/customSecurityAttributeDefinitions/{customSecurityAttributeDefinition-id}/allowedValues`
GET `/directory/customSecurityAttributeDefinitions/{customSecurityAttributeDefinition-id}/allowedValues/{allowedValue-id}`
GET `/directory/externalUserProfiles`
GET `/directory/externalUserProfiles/{externalUserProfile-id}`
GET `/directory/featureRolloutPolicies`
GET `/directory/featureRolloutPolicies/{featureRolloutPolicy-id}`
GET `/directory/featureRolloutPolicies/{featureRolloutPolicy-id}/appliesTo`
GET `/directory/federationConfigurations`
GET `/directory/federationConfigurations/{identityProviderBase-id}`
GET `/directory/impactedResources`
GET `/directory/impactedResources/{impactedResource-id}`
GET `/directory/impactedResources/{impactedResource-id}/reactivate`
GET `/directory/inboundSharedUserProfiles`
GET `/directory/onPremisesSynchronization`
GET `/directory/onPremisesSynchronization/{onPremisesDirectorySynchronization-id}`
GET `/directory/outboundSharedUserProfiles`
GET `/directory/pendingExternalUserProfiles`
GET `/directory/pendingExternalUserProfiles/{pendingExternalUserProfile-id}`
GET `/directory/recommendationConfiguration`
GET `/directory/recommendations`
GET `/directory/recommendations/{recommendation-id}`
GET `/directory/recommendations/{recommendation-id}/impactedResources`
GET `/directory/recommendations/{recommendation-id}/impactedResources/{impactedResource-id}`
GET `/directory/recommendations/{recommendation-id}/impactedResources/{impactedResource-id}/reactivate`
GET `/directory/recommendations/{recommendation-id}/reactivate`
GET `/directory/sharedEmailDomains`
GET `/directory/sharedEmailDomains/{sharedEmailDomain-id}`
GET `/directory/subscriptions`
GET `/directory/subscriptions/{companySubscription-id}`
GET `/directory/templates`
GET `/directory/templates/deviceTemplates`
GET `/directory/templates/deviceTemplates/{deviceTemplate-id}`
GET `/directory/templates/deviceTemplates/{deviceTemplate-id}/owners`
GET `/directory/templates/deviceTemplates/{deviceTemplate-id}/owners/{directoryObject-id}`
POST `/devices`
POST `/devices(deviceId='{deviceId}')/registeredOwners/$ref`
POST `/devices(deviceId='{deviceId}')/registeredUsers/$ref`
POST `/devices/{id}/registeredOwners/$ref`
POST `/devices/{id}/registeredUsers/$ref`
POST `/directory/administrativeUnits`
POST `/directory/administrativeUnits/{administrativeUnit-id}/extensions`
POST `/directory/administrativeUnits/{administrativeUnit-id}/members`
POST `/directory/administrativeUnits/{administrativeUnit-id}/members/{directoryObject-id}/graph.user`
POST `/directory/administrativeUnits/{administrativeUnit-id}/scopedRoleMembers`
POST `/directory/attributeSets`
POST `/directory/authenticationMethodDevices/hardwareOathDevices`
POST `/directory/certificateAuthorities/certificateBasedApplicationConfigurations`
POST `/directory/certificateAuthorities/certificateBasedApplicationConfigurations/{certificateBasedApplicationConfiguration-id}/trustedCertificateAuthorities`
POST `/directory/certificateAuthorities/mutualTlsOauthConfigurations`
POST `/directory/customSecurityAttributeDefinitions`
POST `/directory/customSecurityAttributeDefinitions/{customSecurityAttributeDefinition-id}/allowedValues`
POST `/directory/customSecurityAttributeDefinitions/{customSecurityAttributeDefinition-id}/allowedValues/{allowedValue-id}`
POST `/directory/externalUserProfiles`
POST `/directory/featureRolloutPolicies`
POST `/directory/featureRolloutPolicies/{featureRolloutPolicy-id}/appliesTo`
POST `/directory/federationConfigurations`
POST `/directory/impactedResources`
POST `/directory/impactedResources/{impactedResource-id}/complete`
POST `/directory/impactedResources/{impactedResource-id}/dismiss`
POST `/directory/impactedResources/{impactedResource-id}/postpone`
POST `/directory/impactedResources/{impactedResource-id}/reactivate`
POST `/directory/inboundSharedUserProfiles`
POST `/directory/onPremisesSynchronization`
POST `/directory/outboundSharedUserProfiles`
POST `/directory/pendingExternalUserProfiles`
POST `/directory/recommendations`
POST `/directory/recommendations/{recommendation-id}/complete`
POST `/directory/recommendations/{recommendation-id}/dismiss`
POST `/directory/recommendations/{recommendation-id}/impactedResources`
POST `/directory/recommendations/{recommendation-id}/impactedResources/{impactedResource-id}/complete`
POST `/directory/recommendations/{recommendation-id}/impactedResources/{impactedResource-id}/dismiss`
POST `/directory/recommendations/{recommendation-id}/impactedResources/{impactedResource-id}/postpone`
POST `/directory/recommendations/{recommendation-id}/impactedResources/{impactedResource-id}/reactivate`
POST `/directory/recommendations/{recommendation-id}/postpone`
POST `/directory/recommendations/{recommendation-id}/reactivate`
POST `/directory/sharedEmailDomains`
POST `/directory/subscriptions`
POST `/directory/templates/deviceTemplates`
POST `/directory/templates/deviceTemplates/{deviceTemplate-id}/createDeviceFromTemplate`
POST `/drive/items/{itemId}/children`
POST `/groups/{groupsId}/deletePasswordSingleSignOnCredentials`
POST `/groups/{groupsId}/getPasswordSingleSignOnCredentials`
POST `/groups/{userId}/events`
POST `/groups/{userId}/threads/{threadId}/posts/{postId}/reply`
POST `/users/{userId\|userPrincipalName}/contacts`
POST `/users/{userId\|userPrincipalName}/events`
POST `/users/{userId\|userPrincipalName}/messages`
POST `/users/{userId\|userPrincipalName}/tasks/lists`
POST `/users/{userId\|userPrincipalName}/tasks/lists/{listId}/tasks`
POST `/users/{userId\|userPrincipalName}/todo/lists`
POST `/users/{userId\|userPrincipalName}/todo/lists/{listId}/tasks`
POST `/users/{usersId}/deletePasswordSingleSignOnCredentials`
POST `/users/{usersId}/getPasswordSingleSignOnCredentials`
PATCH `/administrativeUnits/{administrativeUnitId}/extensions/{extensionId}`
PATCH `/devices(deviceId='{deviceId}')`
PATCH `/devices/{deviceId}/extensions/{extensionId}`
PATCH `/devices/{id}`
PATCH `/directory`
PATCH `/directory/administrativeUnits/{administrativeUnit-id}`
PATCH `/directory/administrativeUnits/{administrativeUnit-id}/extensions/{extension-id}`
PATCH `/directory/administrativeUnits/{administrativeUnit-id}/scopedRoleMembers/{scopedRoleMembership-id}`
PATCH `/directory/attributeSets/{attributeSet-id}`
PATCH `/directory/authenticationMethodDevices`
PATCH `/directory/authenticationMethodDevices/hardwareOathDevices/{hardwareOathTokenAuthenticationMethodDevice-id}`
PATCH `/directory/authenticationMethodDevices/hardwareOathDevices/{hardwareOathTokenAuthenticationMethodDevice-id}/assignTo/mailboxSettings`
PATCH `/directory/certificateAuthorities`
PATCH `/directory/certificateAuthorities/certificateBasedApplicationConfigurations/{certificateBasedApplicationConfiguration-id}`
PATCH `/directory/certificateAuthorities/certificateBasedApplicationConfigurations/{certificateBasedApplicationConfiguration-id}/trustedCertificateAuthorities/{certificateAuthorityAsEntity-id}`
PATCH `/directory/certificateAuthorities/mutualTlsOauthConfigurations/{mutualTlsOauthConfiguration-id}`
PATCH `/directory/customSecurityAttributeDefinitions/{customSecurityAttributeDefinition-id}`
PATCH `/directory/customSecurityAttributeDefinitions/{customSecurityAttributeDefinition-id}/allowedValues/{allowedValue-id}`
PATCH `/directory/externalUserProfiles/{externalUserProfile-id}`
PATCH `/directory/featureRolloutPolicies/{featureRolloutPolicy-id}`
PATCH `/directory/federationConfigurations/{identityProviderBase-id}`
PATCH `/directory/impactedResources/{impactedResource-id}`
PATCH `/directory/inboundSharedUserProfiles`
PATCH `/directory/onPremisesSynchronization/{onPremisesDirectorySynchronization-id}`
PATCH `/directory/outboundSharedUserProfiles`
PATCH `/directory/pendingExternalUserProfiles/{pendingExternalUserProfile-id}`
PATCH `/directory/recommendationConfiguration`
PATCH `/directory/recommendations/{recommendation-id}`
PATCH `/directory/recommendations/{recommendation-id}/impactedResources/{impactedResource-id}`
PATCH `/directory/sharedEmailDomains/{sharedEmailDomain-id}`
PATCH `/directory/subscriptions/{companySubscription-id}`
PATCH `/directory/templates`
PATCH `/directory/templates/deviceTemplates/{deviceTemplate-id}`
PATCH `/drive/items/{itemId}/extensions/{extensionId}`
PATCH `/groups/{groupId}/events/{eventId}/extensions/{extensionId}`
PATCH `/groups/{groupId}/extensions/{extensionId}`
PATCH `/groups/{groupId}/threads/{threadId}/posts/{postId}/extensions/{extensionId}`
PATCH `/me/authentication/qrCodePinMethod/pin/updatepin`
PATCH `/organization/{organizationId}/extensions/{extensionId}`
PATCH `/sites/{siteId}/extensions/{extensionId}`
PATCH `/users/{userId\|userPrincipalName}/contacts/{contactId}/extensions/{extensionId}`
PATCH `/users/{userId\|userPrincipalName}/events/{eventId}/extensions/{extensionId}`
PATCH `/users/{userId\|userPrincipalName}/extensions/{extensionId}`
PATCH `/users/{userId\|userPrincipalName}/messages/{messageId}/extensions/{extensionId}`
PATCH `/users/me/tasks/lists/{listId}/extensions/{extensionId}`
PATCH `/users/me/tasks/lists/{listId}/tasks/{taskId}/extensions/{extensionId}`
PATCH `/users/me/todo/lists/{listId}/extensions/{extensionId}`
PATCH `/users/me/todo/lists/{listId}/tasks/{taskId}/extensions/{extensionId}`
DELETE `/administrativeUnits/{administrativeUnitId}/extensions/{extensionId}`
DELETE `/devices(deviceId='{deviceId}')`
DELETE `/devices/{deviceId}/extensions/{extensionId}`
DELETE `/devices/{id}`
DELETE `/devices/{id}/registeredOwners/{id}/$ref`
DELETE `/devices/{id}/registeredUsers/{id}/$ref`
DELETE `/directory/administrativeUnits/{administrativeUnit-id}`
DELETE `/directory/administrativeUnits/{administrativeUnit-id}/extensions/{extension-id}`
DELETE `/directory/administrativeUnits/{administrativeUnit-id}/members`
DELETE `/directory/administrativeUnits/{administrativeUnit-id}/members/{directoryObject-id}/graph.user`
DELETE `/directory/administrativeUnits/{administrativeUnit-id}/scopedRoleMembers/{scopedRoleMembership-id}`
DELETE `/directory/attributeSets/{attributeSet-id}`
DELETE `/directory/authenticationMethodDevices`
DELETE `/directory/authenticationMethodDevices/hardwareOathDevices/{hardwareOathTokenAuthenticationMethodDevice-id}`
DELETE `/directory/certificateAuthorities`
DELETE `/directory/certificateAuthorities/certificateBasedApplicationConfigurations/{certificateBasedApplicationConfiguration-id}`
DELETE `/directory/certificateAuthorities/certificateBasedApplicationConfigurations/{certificateBasedApplicationConfiguration-id}/trustedCertificateAuthorities/{certificateAuthorityAsEntity-id}`
DELETE `/directory/certificateAuthorities/mutualTlsOauthConfigurations/{mutualTlsOauthConfiguration-id}`
DELETE `/directory/customSecurityAttributeDefinitions/{customSecurityAttributeDefinition-id}`
DELETE `/directory/customSecurityAttributeDefinitions/{customSecurityAttributeDefinition-id}/allowedValues/{allowedValue-id}`
DELETE `/directory/externalUserProfiles/{externalUserProfile-id}`
DELETE `/directory/featureRolloutPolicies/{featureRolloutPolicy-id}`
DELETE `/directory/featureRolloutPolicies/{featureRolloutPolicy-id}/appliesTo`
DELETE `/directory/federationConfigurations/{identityProviderBase-id}`
DELETE `/directory/impactedResources/{impactedResource-id}`
DELETE `/directory/inboundSharedUserProfiles`
DELETE `/directory/onPremisesSynchronization/{onPremisesDirectorySynchronization-id}`
DELETE `/directory/outboundSharedUserProfiles`
DELETE `/directory/pendingExternalUserProfiles/{pendingExternalUserProfile-id}`
DELETE `/directory/recommendationConfiguration`
DELETE `/directory/recommendations/{recommendation-id}`
DELETE `/directory/recommendations/{recommendation-id}/impactedResources/{impactedResource-id}`
DELETE `/directory/sharedEmailDomains/{sharedEmailDomain-id}`
DELETE `/directory/subscriptions/{companySubscription-id}`
DELETE `/directory/templates`
DELETE `/directory/templates/deviceTemplates/{deviceTemplate-id}`
DELETE `/drive/items/{itemId}/extensions/{extensionId}`
DELETE `/groups/{groupId}/events/{eventId}/extensions/{extensionId}`
DELETE `/groups/{groupId}/extensions/{extensionId}`
DELETE `/groups/{groupId}/threads/{threadIid}/posts/{postId}/extensions/{extensionId}`
DELETE `/organization/{organizationId}/extensions/{extensionId}`
DELETE `/sites/{site-id}/extensions/{extensionId}`
DELETE `/users/{userId\|userPrincipalName}/contacts/{contactId}/extensions/{extensionId}`
DELETE `/users/{userId\|userPrincipalName}/events/{eventId}/extensions/{extensionId}`
DELETE `/users/{userId\|userPrincipalName}/extensions/{extensionId}`
DELETE `/users/{userIid\|userPrincipalName}/messages/{messageId}/extensions/{extensionId}`
DELETE `/users/me/tasks/lists/{listId}/extensions/{extensionId}`
DELETE `/users/me/tasks/lists/{listId}/tasks/{taskId}/extensions/{extensionId}`
DELETE `/users/me/todo/lists/{listId}/extensions/{extensionId}`
DELETE `/users/me/todo/lists/{listId}/tasks/{taskId}/extensions/{extensionId}`

Commands
`New-MgDevice`
`New-MgDeviceRegisteredOwnerByRef`
`New-MgDeviceRegisteredUserByRef`
`New-MgGroupConversation`
`Remove-MgDevice`
`Remove-MgDeviceRegisteredOwnerDirectoryObjectByRef`
`Remove-MgDeviceRegisteredUserDirectoryObjectByRef`
`Remove-MgUserMessageExtension`
`Update-MgDevice`
`Update-MgGroupThreadPostExtension`

Commands
`Get-MgBetaGroupPasswordSingleSignOnCredential`
`Get-MgBetaUserPasswordSingleSignOnCredential`
`New-MgBetaDevice`
`New-MgBetaDeviceRegisteredOwnerByRef`
`New-MgBetaDeviceRegisteredUserByRef`
`New-MgBetaDriveItemChild`
`Remove-MgBetaDevice`
`Remove-MgBetaDeviceRegisteredOwnerDirectoryObjectByRef`
`Remove-MgBetaDeviceRegisteredUserDirectoryObjectByRef`
`Remove-MgBetaDriveItemExtension`
`Remove-MgBetaGroupPasswordSingleSignOnCredential`
`Remove-MgBetaUserPasswordSingleSignOnCredential`
`Update-MgBetaDevice`
`Update-MgBetaDriveItemExtension`

Code Examples

C# / .NET SDK

// Install: dotnet add package Microsoft.Graph
// Install: dotnet add package Azure.Identity
using Microsoft.Graph;
using Azure.Identity;

// Delegated permissions - interactive user sign-in
var scopes = new[] { "Directory.AccessAsUser.All" };
var options = new InteractiveBrowserCredentialOptions
{
    ClientId = "YOUR_CLIENT_ID",
    TenantId = "YOUR_TENANT_ID",
    RedirectUri = new Uri("http://localhost")
};
var credential = new InteractiveBrowserCredential(options);
var graphClient = new GraphServiceClient(credential, scopes);

// Example: GET /me
var result = await graphClient.Me.GetAsync();
Console.WriteLine($"User: {result?.DisplayName}");

JavaScript / TypeScript

// npm install @azure/msal-browser @microsoft/microsoft-graph-client
import { PublicClientApplication } from "@azure/msal-browser";
import { Client } from "@microsoft/microsoft-graph-client";
import { AuthCodeMSALBrowserAuthenticationProvider } from 
    "@microsoft/microsoft-graph-client/authProviders/authCodeMsalBrowser";

const msalConfig = {
    auth: {
        clientId: "YOUR_CLIENT_ID",
        authority: "https://login.microsoftonline.com/YOUR_TENANT_ID"
    }
};

const pca = new PublicClientApplication(msalConfig);
await pca.initialize();

// Delegated: Login with required scope
const loginResponse = await pca.loginPopup({
    scopes: ["Directory.AccessAsUser.All"]
});

const authProvider = new AuthCodeMSALBrowserAuthenticationProvider(pca, {
    account: loginResponse.account,
    scopes: ["Directory.AccessAsUser.All"],
    interactionType: "popup"
});

const graphClient = Client.initWithMiddleware({ authProvider });

// Example: GET /me
const result = await graphClient.api("/me").get();
console.log(result);

PowerShell

# Install Microsoft Graph PowerShell module
Install-Module Microsoft.Graph -Scope CurrentUser

# Delegated access - interactive sign-in
Connect-MgGraph -Scopes "Directory.AccessAsUser.All"

# Verify connection
Get-MgContext | Select-Object Account, TenantId, Scopes

# Example: GET /me
$result = Invoke-MgGraphRequest -Method GET -Uri "https://graph.microsoft.com/v1.0/me"
$result | ConvertTo-Json -Depth 5


# Always disconnect when done
Disconnect-MgGraph

Python

# pip install msgraph-sdk azure-identity
from azure.identity import InteractiveBrowserCredential, ClientSecretCredential
from msgraph import GraphServiceClient
import asyncio

# Delegated permissions - interactive browser sign-in
credential = InteractiveBrowserCredential(
    client_id="YOUR_CLIENT_ID",
    tenant_id="YOUR_TENANT_ID"
)
scopes = ["Directory.AccessAsUser.All"]
client = GraphServiceClient(credential, scopes)

async def get_data():
    # Example: GET /me
    result = await client.me.get()
    print(f"User: {result.display_name}")
    return result

asyncio.run(get_data())

App Registration

Navigate to Azure Portal

Go to App registrations in Microsoft Entra admin center

Add API Permission

Select your app → API permissions → Add a permission → Microsoft Graph

Select Permission Type

Choose Delegated permissions and search for Directory.AccessAsUser.All

Grant Admin Consent

This permission requires admin consent. Grant consent in the Azure portal.