ESC
Type to search...
Navigate Open ESC Close

Directory.Read.All

Export JSON
Export CSV
Copy URL
Print
ApplicationDelegated Read All Resources

Allows the app to read data in your organization's directory, such as users, groups and apps, without a signed-in user.

Permission data: April 6, 2026 at 4:06 AM UTC
Delegated Access App-Only Access

Permission Details

Application Permission

Read directory data

Allows the app to read data in your organization's directory, such as users, groups and apps, without a signed-in user.

Permission ID: 7ab1d382-f21e-4acd-a863-ba3e13f7da61
Delegated Permission Admin consent required

Read directory data

Allows the app to read data in your organization's directory, such as users, groups and apps.

User sees: Allows the app to read data in your organization's directory.
Permission ID: 06da0dbc-49e2-44d2-8312-53f166ab848a

Properties

Microsoft Graph v1.0 exact-category-docs

Properties is shown from stable Microsoft Graph v1.0 metadata.

Property Type Description
id String A unique identifier for the object; for example, 12345678-9abc-def0-1234-56789abcde. Key. Not nullable. Read-only. Inherited from entity.
administrativeUnits administrativeUnit collection Conceptual container for user and group directory objects.
attributeSets attributeSet collection Group of related custom security attribute definitions.
customSecurityAttributeDefinitions customSecurityAttributeDefinition collection Schema of a custom security attributes (key-value pairs).
deletedItems directoryObject collection Recently deleted items. Read-only. Nullable.
deviceLocalCredentials deviceLocalCredentialInfo collection The credentials of the device's local administrator account backed up to Microsoft Entra ID.
federationConfigurations identityProviderBase collection Configure domain federation with organizations whose identity provider (IdP) supports either the SAML or WS-Fed protocol.
onPremisesSynchronization onPremisesDirectorySynchronization collection A container for on-premises directory synchronization functionalities that are available for the organization.
publicKeyInfrastructure object The collection of public key infrastructure instances for the certificate-based authentication feature for users in a Microsoft Entra tenant.
subscriptions companySubscription collection List of commercial subscriptions that an organization acquired.

JSON Representation

Microsoft Graph v1.0 exact-category-docs

JSON representation is shown from stable Microsoft Graph v1.0 metadata.

JSON representation 
{
  "@odata.type": "#microsoft.graph.directory"
}

Relationships

Microsoft Graph v1.0 exact-category-docs

Relationships is shown from stable Microsoft Graph v1.0 metadata.

Relationship Type Description
administrativeUnits administrativeUnit collection Conceptual container for user and group directory objects.
attributeSets attributeSet collection Group of related custom security attribute definitions.
customSecurityAttributeDefinitions customSecurityAttributeDefinition collection Schema of a custom security attributes (key-value pairs).
deletedItems directoryObject collection Recently deleted items. Read-only. Nullable.
deviceLocalCredentials deviceLocalCredential collection The credentials of the device's local administrator account backed up to Microsoft Entra ID.
federationConfigurations identityProviderBase collection Configure domain federation with organizations whose identity provider (IdP) supports either the SAML or WS-Fed protocol.
onPremisesSynchronization onPremisesDirectorySynchronization A container for on-premises directory synchronization functionalities that are available for the organization.
publicKeyInfrastructure publicKeyInfrastructureRoot The collection of public key infrastructure instances for the certificate-based authentication feature for users in a Microsoft Entra tenant.
subscriptions companySubscription collection List of commercial subscriptions that an organization acquired.
externalUserProfiles externalUserProfile collection Collection of external user profiles that represent collaborators in the directory.
featureRolloutPolicies featureRolloutPolicy collection Related featureRolloutPolicies data exposed by this resource.
impactedResources impactedResource collection Related impactedResources data exposed by this resource.
inboundSharedUserProfiles inboundSharedUserProfile collection A collection of external users whose profile data is shared with the Microsoft Entra tenant. Nullable.
outboundSharedUserProfiles outboundSharedUserProfile collection Related outboundSharedUserProfiles data exposed by this resource.
pendingExternalUserProfiles pendingExternalUserProfile collection Collection of pending external user profiles representing collaborators in the directory that are unredeemed.
recommendations recommendation collection List of recommended improvements to improve tenant posture.
sharedEmailDomains sharedEmailDomain collection Related sharedEmailDomains data exposed by this resource.

Graph Methods

Delegated access App-only access
Exact Microsoft Learn match

Microsoft Graph v1.0 endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

Methods
GET /appCatalogs/teamsApps
GET /applications
GET /applications(appId='{appId}')
GET /applications(appId='{appId}')/extensionProperties
GET /applications(appId='{appId}')/extensionProperties/{extensionPropertyId}
GET /applications(appId='{appId}')/owners
GET /applications/{application ObjectId}/extensionProperties
GET /applications/{application ObjectId}/extensionProperties/{extensionPropertyId}
GET /applications/{applicationObjectId}
GET /applications/{id}/microsoft.graph.agentIdentityBlueprint/inheritablePermissions/{resourceAppId}
GET /applications/{id}/owners
GET /applications/delta
GET /applications/microsoft.graph.agentIdentityBlueprint
GET /auditLogs/directoryaudits
GET /auditLogs/directoryAudits/{id}
GET /auditLogs/provisioning
GET /auditLogs/signIns
GET /auditLogs/signIns/{id}
GET /contacts
GET /contacts/{id}
GET /contacts/{id}/directReports
GET /contacts/{id}/manager
GET /contacts/{id}/memberOf
GET /contacts/{id}/transitiveMemberOf
GET /contacts/delta
GET /contracts
GET /contracts/{id}
GET /devices
GET /devices(deviceId='{deviceId}')
GET /devices(deviceId='{deviceId}')/memberOf
GET /devices(deviceId='{deviceId}')/registeredOwners
GET /devices(deviceId='{deviceId}')/registeredUsers
GET /devices(deviceId='{deviceId}')/transitiveMemberOf
GET /devices/{id | userPrincipalName}/transitiveMemberOf
GET /devices/{id}
GET /devices/{id}/memberOf
GET /devices/{id}/registeredOwners
GET /devices/{id}/registeredUsers
GET /directory/administrativeUnits
GET /directory/administrativeUnits/{id}
GET /directory/administrativeUnits/{id}/members
GET /directory/administrativeUnits/{id}/members/{id}
GET /directory/administrativeUnits/{id}/members/$ref
GET /directory/administrativeUnits/{id}/scopedRoleMembers
GET /directory/administrativeUnits/{id}/scopedRoleMembers/{id}
GET /directory/subscriptions
GET /directory/subscriptions(commerceSubscriptionId='{commerceSubscriptionId}')
GET /directory/subscriptions/{id}
GET /directoryObjects/{id}
GET /directoryRoles
GET /directoryRoles(roleTemplateId='{roleTemplateId}')
GET /directoryRoles(roleTemplateId='{roleTemplateId}')/members
GET /directoryRoles(roleTemplateId='{roleTemplateId}')/scopedMembers
GET /directoryRoles/{role-id}
GET /directoryRoles/{role-id}/members
GET /directoryroles/{role-id}/scopedMembers
GET /directoryRoles/delta
GET /directoryRoleTemplates
GET /directoryRoleTemplates/{id}
GET /domains
GET /domains/{id}
GET /domains/{id}/rootDomain
GET /education/me/user
GET /education/schools/{educationSchoolId}/administrativeUnit
GET /education/users/{id}/user
GET /groupLifecyclePolicies
GET /groupLifecyclePolicies/{id}
GET /groups
GET /groups/{groupId}/settings
GET /groups/{groupId}/settings/{groupSettingId}
GET /groups/{id}
GET /groups/{id}/appRoleAssignments
GET /groups/{id}/groupLifecyclePolicies
GET /groups/{id}/memberOf
GET /groups/{id}/members
GET /groups/{id}/owners
GET /groups/{id}/transitiveMemberOf
GET /groups/{id}/transitiveMembers
GET /groups/delta
GET /groupSettings
GET /groupSettings/{groupSettingId}
GET /groupSettingTemplates
GET /groupSettingTemplates/{id}
GET /me
GET /me?$expand=directReports
GET /me/appRoleAssignments
GET /me/createdObjects
GET /me/directReports
GET /me/joinedTeams
GET /me/licenseDetails
GET /me/manager
GET /me/memberOf
GET /me/oauth2PermissionGrants
GET /me/ownedDevices
GET /me/ownedObjects
GET /me/registeredDevices
GET /me/transitiveMemberOf
GET /oauth2PermissionGrants
GET /oauth2PermissionGrants/{id}
GET /oauth2PermissionGrants/delta
GET /organization
GET /organization/{organizationId}
GET /policies/adminConsentRequestPolicy
GET /policies/claimsMappingPolicies/{id}/appliesTo
GET /policies/homeRealmDiscoveryPolicies/{id}/appliesTo
GET /policies/permissionGrantPolicies/{id}/excludes
GET /policies/permissionGrantPolicies/{id}/includes
GET /policies/tokenIssuancePolicies/{id}/appliesTo
GET /policies/tokenLifetimePolicies/{id}/appliesTo
GET /roleManagement/directory/roleAssignments
GET /roleManagement/directory/roleAssignments/{id}
GET /roleManagement/directory/roleDefinitions
GET /roleManagement/directory/roleDefinitions/{id}
GET /roleManagement/entitlementManagement/roleAssignments
GET /roleManagement/entitlementManagement/roleAssignments/{id}
GET /roleManagement/entitlementManagement/roleDefinitions
GET /roleManagement/entitlementManagement/roleDefinitions/{id}
GET /servicePrincipals
GET /servicePrincipals(appId='{appId}')
GET /servicePrincipals(appId='{appId}')/appRoleAssignedTo
GET /servicePrincipals(appId='{appId}')/appRoleAssignments
GET /servicePrincipals(appId='{appId}')/createdObjects
GET /servicePrincipals(appId='{appId}')/delegatedPermissionClassifications
GET /servicePrincipals(appId='{appId}')/memberOf
GET /servicePrincipals(appId='{appId}')/oauth2PermissionGrants
GET /servicePrincipals(appId='{appId}')/ownedObjects
GET /servicePrincipals(appId='{appId}')/owners
GET /servicePrincipals(appId='{appId}')/transitiveMemberOf
GET /servicePrincipals/{id}
GET /servicePrincipals/{id}/appRoleAssignedTo
GET /servicePrincipals/{id}/appRoleAssignments
GET /servicePrincipals/{id}/createdObjects
GET /servicePrincipals/{id}/delegatedPermissionClassifications
GET /servicePrincipals/{id}/memberOf
GET /servicePrincipals/{id}/microsoft.graph.agentIdentityBlueprintPrincipal/ownedObjects
GET /servicePrincipals/{id}/oauth2PermissionGrants
GET /servicePrincipals/{id}/ownedObjects
GET /servicePrincipals/{id}/owners
GET /servicePrincipals/{id}/transitiveMemberOf
GET /servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration
GET /servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration/targetDeviceGroups
GET /servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration/targetDeviceGroups/{targetDeviceGroupId}
GET /servicePrincipals/delta
GET /servicePrincipals/microsoft.graph.agentIdentity
GET /servicePrincipals/microsoft.graph.agentIdentityBlueprintPrincipal
GET /subscribedSkus
GET /subscribedSkus/{id}
GET /teams/{id}/channels/{id}/tabs
GET /teams/{id}/installedApps/{id}
GET /teams/{team-id}
GET /teams/{team-id}/channels
GET /teams/{team-id}/channels/{channel-id}
GET /teams/{team-id}/channels/{channel-id}/tabs/{tab-id}
GET /teams/{team-id}/installedApps
GET /users
GET /users?$expand=manager
GET /users/{id | user-principal-name}/joinedTeams
GET /users/{id | userPrincipalName}
GET /users/{id | userPrincipalName}?$expand=directReports
GET /users/{id | userPrincipalName}/?$expand=manager($levels=n)
GET /users/{id | userPrincipalName}/appRoleAssignments
GET /users/{id | userPrincipalName}/createdObjects
GET /users/{id | userPrincipalName}/directReports
GET /users/{id | userPrincipalName}/manager
GET /users/{id | userPrincipalName}/memberOf
GET /users/{id | userPrincipalName}/oauth2PermissionGrants
GET /users/{id | userPrincipalName}/ownedDevices
GET /users/{id | userPrincipalName}/ownedObjects
GET /users/{id | userPrincipalName}/registeredDevices
GET /users/{id | userPrincipalName}/transitiveMemberOf
GET /users/{id}/licenseDetails
GET /users/{user-id}/licenseDetails/getTeamsLicensingDetails
GET /users/delta
POST /applications(appId='{appId}')/owners/$ref
POST /applications/{id}/owners/$ref
POST /contacts/{id}/checkMemberGroups
POST /contacts/{id}/checkMemberObjects
POST /contacts/{id}/getMemberGroups
POST /contacts/{id}/getMemberObjects
POST /contacts/{id}/retryServiceProvisioning
POST /devices/{id}/checkMemberGroups
POST /devices/{id}/checkMemberObjects
POST /devices/{id}/getMemberGroups
POST /devices/{id}/getMemberObjects
POST /directoryObjects/{id}/checkMemberGroups
POST /directoryObjects/{id}/checkMemberObjects
POST /directoryObjects/{id}/getMemberGroups
POST /directoryObjects/{id}/getMemberObjects
POST /directoryObjects/getAvailableExtensionProperties
POST /directoryObjects/getByIds
POST /directoryObjects/validateProperties
POST /groups/{id}/checkMemberGroups
POST /groups/{id}/checkMemberObjects
POST /groups/{id}/getMemberGroups
POST /groups/{id}/getMemberObjects
POST /me/checkMemberGroups
POST /me/checkMemberObjects
POST /me/getMemberGroups
POST /me/getMemberObjects
POST /servicePrincipals(appId='{appId}')/appRoleAssignedTo
POST /servicePrincipals(appId='{appId}')/appRoleAssignments
POST /servicePrincipals(appId='{appId}')/owners/$ref
POST /servicePrincipals/{id}/appRoleAssignedTo
POST /servicePrincipals/{id}/appRoleAssignments
POST /servicePrincipals/{id}/checkMemberGroups
POST /servicePrincipals/{id}/checkMemberObjects
POST /servicePrincipals/{id}/getMemberGroups
POST /servicePrincipals/{id}/getMemberObjects
POST /servicePrincipals/{id}/owners/$ref
POST /users/{id | userPrincipalName}/checkMemberGroups
POST /users/{id | userPrincipalName}/checkMemberObjects
POST /users/{id | userPrincipalName}/getMemberGroups
POST /users/{id | userPrincipalName}/getMemberObjects
Exact Microsoft Learn match

Microsoft Graph beta endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

Methods
GET /admin/cloudLicensing/allotments
GET /admin/cloudLicensing/allotments/{allotmentId}
GET /admin/cloudLicensing/allotments/{allotmentId}/assignments
GET /admin/cloudLicensing/allotments/{allotmentId}/assignments/{assignmentId}
GET /admin/cloudLicensing/allotments/{allotmentId}/waitingMembers
GET /admin/cloudLicensing/allotments/{allotmentId}/waitingMembers/{waitingMemberId}
GET /admin/cloudLicensing/assignmentErrors
GET /admin/cloudLicensing/assignmentErrors/{assignmentErrorId}
GET /admin/cloudLicensing/assignmentErrors/{assignmentErrorId}/assignedTo
GET /admin/cloudLicensing/assignmentErrors/{assignmentErrorId}/usageRight
GET /admin/cloudLicensing/assignments
GET /admin/cloudLicensing/assignments/{assignmentId}
GET /admin/cloudLicensing/assignments/{assignmentId}/allotment
GET /admin/cloudLicensing/assignments/{assignmentId}/assignedTo
GET /administrativeUnits
GET /administrativeUnits/{id}
GET /administrativeUnits/{id}/members
GET /administrativeUnits/{id}/members/{id}
GET /administrativeUnits/{id}/members/$ref
GET /administrativeUnits/{id}/scopedRoleMembers
GET /administrativeUnits/{id}/scopedRoleMembers/{id}
GET /administrativeUnits/delta
GET /appCatalogs/teamsApps
GET /applications
GET /applications(appId='{appId}')
GET /applications(appId='{appId}')/extensionProperties
GET /applications(appId='{appId}')/extensionProperties/{extensionPropertyId}
GET /applications(appId='{appId}')/federatedIdentityCredentials
GET /applications(appId='{appId}')/federatedIdentityCredentials/{federatedIdentityCredentialId}
GET /applications(appId='{appId}')/federatedIdentityCredentials/{federatedIdentityCredentialName}
GET /applications(appId='{appId}')/owners
GET /applications/{application ObjectId}/extensionProperties
GET /applications/{application ObjectId}/extensionProperties/{extensionPropertyId}
GET /applications/{applicationObjectId}
GET /applications/{id}/federatedIdentityCredentials
GET /applications/{id}/federatedIdentityCredentials/{federatedIdentityCredentialId}
GET /applications/{id}/federatedIdentityCredentials/{federatedIdentityCredentialName}
GET /applications/{id}/microsoft.graph.agentIdentityBlueprint/federatedIdentityCredentials
GET /applications/{id}/microsoft.graph.agentIdentityBlueprint/federatedIdentityCredentials/{federatedIdentityCredentialId}
GET /applications/{id}/microsoft.graph.agentIdentityBlueprint/federatedIdentityCredentials/{federatedIdentityCredentialName}
GET /applications/{id}/microsoft.graph.agentIdentityBlueprint/inheritablePermissions/{resourceAppId}
GET /applications/{id}/owners
GET /applications/delta
GET /applications/microsoft.graph.agentIdentityBlueprint
GET /auditLogs/directoryAudits
GET /auditLogs/directoryAudits/{id}
GET /auditLogs/provisioning
GET /auditLogs/signIns
GET /auditLogs/signIns/{id}
GET /certificateAuthorities/mutualTlsOauthConfigurations
GET /contacts
GET /contacts/{id}
GET /contacts/{id}/directReports
GET /contacts/{id}/manager
GET /contacts/{id}/memberOf
GET /contacts/{id}/transitiveMemberOf
GET /contacts/{id}/transitiveReports/$count
GET /contacts/delta
GET /contracts
GET /contracts/{id}
GET /devices
GET /devices(deviceId='{deviceId}')
GET /devices(deviceId='{deviceId}')/memberOf
GET /devices(deviceId='{deviceId}')/registeredOwners
GET /devices(deviceId='{deviceId}')/registeredUsers
GET /devices(deviceId='{deviceId}')/transitiveMemberOf
GET /devices(deviceId='{deviceId}')/usageRights
GET /devices/{id}
GET /devices/{id}/memberOf
GET /devices/{id}/registeredOwners
GET /devices/{id}/registeredUsers
GET /devices/{id}/transitiveMemberOf
GET /devices/{objectId}/usageRights
GET /directory/administrativeUnits
GET /directory/administrativeUnits/{id}
GET /directory/subscriptions
GET /directory/subscriptions(commerceSubscriptionId='{commerceSubscriptionId}')
GET /directory/subscriptions/{id}
GET /directoryObjects/{id}
GET /directoryRoles
GET /directoryRoles(roleTemplateId='{roleTemplateId}')
GET /directoryRoles(roleTemplateId='{roleTemplateId}')/members
GET /directoryRoles(roleTemplateId='{roleTemplateId}')/scopedMembers
GET /directoryRoles/{role-id}
GET /directoryRoles/{role-id}/members
GET /directoryroles/{role-id}/scopedMembers
GET /directoryRoles/delta
GET /directoryRoleTemplates
GET /directoryRoleTemplates/{id}
GET /directorySettingTemplates
GET /directorySettingTemplates/{id}
GET /domains
GET /domains/{id}
GET /domains/contoso.com/rootDomain
GET /education/classes/{id}/group
GET /education/me/user
GET /education/schools/{id}/administrativeUnit
GET /education/users/{id}/user
GET /groupLifecyclePolicies
GET /groupLifecyclePolicies/{id}
GET /groups
GET /groups/{groupId}/cloudLicensing/assignments
GET /groups/{groupId}/cloudLicensing/assignments/{assignmentId}
GET /groups/{groupId}/cloudLicensing/assignments/{assignmentId}/allotment
GET /groups/{groupId}/cloudLicensing/usageRights
GET /groups/{groupId}/cloudLicensing/usageRights/{usageRightId}
GET /groups/{groupId}/cloudLicensing/usageRights/{usageRightId}/assignments
GET /groups/{groupId}/settings
GET /groups/{groupId}/settings/{directorySettingId}
GET /groups/{id}
GET /groups/{id}/appRoleAssignments
GET /groups/{id}/groupLifecyclePolicies
GET /groups/{id}/memberOf
GET /groups/{id}/members
GET /groups/{id}/owners
GET /groups/{id}/transitiveMemberOf
GET /groups/{id}/transitiveMembers
GET /groups/delta
GET /me
GET /me?$expand=directReports
GET /me/appRoleAssignedResources
GET /me/appRoleAssignments
GET /me/cloudLicensing/assignmentErrors
GET /me/cloudLicensing/assignmentErrors/{assignmentErrorId}
GET /me/cloudLicensing/assignments/{assignmentId}
GET /me/cloudLicensing/assignments/{assignmentId}/allotment
GET /me/cloudLicensing/usageRights
GET /me/cloudLicensing/usageRights/{usageRightId}
GET /me/cloudLicensing/usageRights/{usageRightId}/assignments
GET /me/cloudLicensing/waitingMembers
GET /me/cloudLicensing/waitingMembers/{waitingMemberId}
GET /me/cloudLicensing/waitingMembers/{waitingMemberId}/allotment
GET /me/createdObjects
GET /me/directReports
GET /me/joinedTeams
GET /me/licenseDetails
GET /me/manager
GET /me/memberOf
GET /me/oauth2PermissionGrants
GET /me/ownedObjects
GET /me/registeredDevices
GET /me/scopedRoleMemberOf
GET /me/transitiveMemberOf
GET /oauth2PermissionGrants
GET /oauth2PermissionGrants/{id}
GET /oauth2PermissionGrants/delta
GET /organization
GET /organization/{organizationId}
GET /policies/adminConsentRequestPolicy
GET /policies/claimsMappingPolicies/{id}/appliesTo
GET /policies/homeRealmDiscoveryPolicies/{id}/appliesTo
GET /policies/permissionGrantPolicies/{id}/excludes
GET /policies/permissionGrantPolicies/{id}/includes
GET /policies/tokenIssuancePolicies/{id}/appliesTo
GET /policies/tokenLifetimePolicies/{id}/appliesTo
GET /reports/appCredentialSignInActivities
GET /reports/appCredentialSignInActivities/{appCredentialSignInActivityId}
GET /reports/servicePrincipalSignInActivities
GET /reports/servicePrincipalSignInActivities/{servicePrincipalSignInActivityId}
GET /roleManagement/cloudPC/roleDefinitions
GET /roleManagement/cloudPC/roleDefinitions/{id}
GET /roleManagement/defender/roleDefinitions
GET /roleManagement/defender/roleDefinitions/{id}
GET /roleManagement/deviceManagement/roleDefinitions
GET /roleManagement/deviceManagement/roleDefinitions/{id}
GET /roleManagement/directory/roleAssignments
GET /roleManagement/directory/roleAssignments/{id}
GET /roleManagement/directory/roleDefinitions
GET /roleManagement/directory/roleDefinitions/{id}
GET /roleManagement/directory/roleDefinitions/{unifiedRoleDefinitionId}/assignedPrincipals(transitive=@transitive,directoryScopeType='@directoryScopeType',directoryScopeId='@directoryScopeId')
GET /roleManagement/directory/transitiveRoleAssignments?$filter=principalId eq '{principalId}'
GET /roleManagement/entitlementManagement/roleAssignments?
GET /roleManagement/entitlementManagement/roleAssignments/{id}
GET /roleManagement/entitlementManagement/roleDefinitions
GET /roleManagement/entitlementManagement/roleDefinitions/{id}
GET /roleManagement/exchange/roleAssignments
GET /roleManagement/exchange/roleAssignments/{id}
GET /roleManagement/exchange/roleDefinitions
GET /roleManagement/exchange/roleDefinitions/{id}
GET /servicePrincipals
GET /servicePrincipals(appId='{appId}')
GET /servicePrincipals/{id}
GET /servicePrincipals/{id}/appRoleAssignedTo
GET /servicePrincipals/{id}/appRoleAssignments
GET /servicePrincipals/{id}/createdObjects
GET /servicePrincipals/{id}/delegatedPermissionClassifications
GET /servicePrincipals/{id}/memberOf
GET /servicePrincipals/{id}/oauth2PermissionGrants
GET /servicePrincipals/{id}/ownedObjects
GET /servicePrincipals/{id}/owners
GET /servicePrincipals/{id}/transitiveMemberOf
GET /servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration
GET /servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration/targetDeviceGroups
GET /servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration/targetDeviceGroups/{targetDeviceGroupId}
GET /servicePrincipals/delta
GET /servicePrincipals/microsoft.graph.agentIdentity
GET /servicePrincipals/microsoft.graph.agentIdentityBlueprintPrincipal
GET /settings
GET /settings/{directorySettingId}
GET /subscribedSkus
GET /subscribedSkus/{id}
GET /teams/{id}/installedApps/{id}
GET /teams/{team-id}
GET /teams/{team-id}/channels
GET /teams/{team-id}/channels/{channel-id}
GET /teams/{team-id}/channels/{channel-id}/tabs
GET /teams/{team-id}/channels/{channel-id}/tabs/{tab-id}
GET /teams/{team-id}/installedApps
GET /users
GET /users?$expand=manager
GET /users/{id | user-principal-name}/joinedTeams
GET /users/{id | userPrincipalName}?$expand=directReports
GET /users/{id | userPrincipalName}/?$expand=manager($levels=n)
GET /users/{id | userPrincipalName}/appRoleAssignments
GET /users/{id | userPrincipalName}/createdObjects
GET /users/{id | userPrincipalName}/directReports
GET /users/{id | userPrincipalName}/manager
GET /users/{id | userPrincipalName}/memberOf
GET /users/{id | userPrincipalName}/oauth2PermissionGrants
GET /users/{id | userPrincipalName}/ownedDevices
GET /users/{id | userPrincipalName}/ownedObjects
GET /users/{id | userPrincipalName}/registeredDevices
GET /users/{id | userPrincipalName}/transitiveMemberOf
GET /users/{id}/licenseDetails
GET /users/{id}/scopedRoleMemberOf
GET /users/{id}/transitiveReports/$count
GET /users/{user-id}/licenseDetails/getTeamsLicensingDetails
GET /users/{userId}/appRoleAssignedResources
GET /users/{userId}/cloudLicensing/assignmentErrors
GET /users/{userId}/cloudLicensing/assignmentErrors/{assignmentErrorId}
GET /users/{userId}/cloudLicensing/assignments
GET /users/{userId}/cloudLicensing/assignments/{assignmentId}
GET /users/{userId}/cloudLicensing/assignments/{assignmentId}/allotment
GET /users/{userId}/cloudLicensing/usageRights
GET /users/{userId}/cloudLicensing/usageRights/{usageRightId}
GET /users/{userId}/cloudLicensing/usageRights/{usageRightId}/assignments
GET /users/{userId}/cloudLicensing/waitingMembers
GET /users/{userId}/cloudLicensing/waitingMembers/{waitingMemberId}
GET /users/{userId}/cloudLicensing/waitingMembers/{waitingMemberId}/allotment
GET /users/{userId}/usageRights
GET /users/{usersId}/appRoleAssignments
GET /users/delta
POST /applications(appId='{appId}')/owners/$ref
POST /applications/{id}/owners/$ref
POST /contacts/{id}/checkMemberGroups
POST /contacts/{id}/checkMemberObjects
POST /contacts/{id}/getMemberGroups
POST /contacts/{id}/getMemberObjects
POST /contacts/{id}/retryServiceProvisioning
POST /devices/{id}/checkMemberGroups
POST /devices/{id}/checkMemberObjects
POST /devices/{id}/getMemberGroups
POST /devices/{id}/getMemberObjects
POST /directoryObjects/{id}/checkMemberGroups
POST /directoryObjects/{id}/checkMemberObjects
POST /directoryObjects/{id}/getMemberGroups
POST /directoryObjects/{id}/getMemberObjects
POST /directoryObjects/getByIds
POST /directoryObjects/validateProperties
POST /groups/{id}/checkMemberGroups
POST /groups/{id}/checkMemberObjects
POST /groups/{id}/getMemberGroups
POST /groups/{id}/getMemberObjects
POST /me/checkMemberGroups
POST /me/checkMemberObjects
POST /me/getMemberGroups
POST /me/getMemberObjects
POST /servicePrincipals(appId='{appId}')/appRoleAssignedTo
POST /servicePrincipals(appId='{appId}')/appRoleAssignments
POST /servicePrincipals(appId='{appId}')/createPasswordSingleSignOnCredentials
POST /servicePrincipals(appId='{appId}')/deletePasswordSingleSignOnCredentials
POST /servicePrincipals(appId='{appId}')/getPasswordSingleSignOnCredentials
POST /servicePrincipals(appId='{appId}')/owners/$ref
POST /servicePrincipals(appId='{appId}')/updatePasswordSingleSignOnCredentials
POST /servicePrincipals/{id}/appRoleAssignedTo
POST /servicePrincipals/{id}/appRoleAssignments
POST /servicePrincipals/{id}/checkMemberGroups
POST /servicePrincipals/{id}/checkMemberObjects
POST /servicePrincipals/{id}/createPasswordSingleSignOnCredentials
POST /servicePrincipals/{id}/deletePasswordSingleSignOnCredentials
POST /servicePrincipals/{id}/getMemberGroups
POST /servicePrincipals/{id}/getMemberObjects
POST /servicePrincipals/{id}/getPasswordSingleSignOnCredentials
POST /servicePrincipals/{id}/owners/$ref
POST /servicePrincipals/{id}/updatePasswordSingleSignOnCredentials
POST /users/{id | userPrincipalName}/checkMemberGroups
POST /users/{id | userPrincipalName}/checkMemberObjects
POST /users/{id | userPrincipalName}/getMemberGroups
POST /users/{id | userPrincipalName}/getMemberObjects
Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell v1.0 commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

Commands
Get-MgAppCatalogTeamApp /appCatalogs/teamsApps
List teamsApp
Get-MgApplication /applications
List applications
Get-MgApplication /applications/{applicationObjectId}
Get application
Get-MgApplication /applications/microsoft.graph.agentIdentityBlueprint
List agentIdentityBlueprint objects
Get-MgApplicationByAppId /applications/{applicationObjectId}
Get application
Get-MgApplicationCount /applications
List applications
Get-MgApplicationDelta /applications/delta
application: delta
Get-MgApplicationExtensionProperty /applications/{application ObjectId}/extensionProperties
List extensionProperties (directory extensions)
Get-MgApplicationExtensionProperty /applications/{application ObjectId}/extensionProperties/{extensionPropertyId}
Get extensionProperty (directory extension)
Get-MgApplicationOwner /applications/{id}/owners
List owners of an application
Get-MgAuditLogDirectoryAudit /auditLogs/directoryaudits
List directoryAudits
Get-MgAuditLogDirectoryAudit /auditLogs/directoryAudits/{id}
Get directoryAudit
Get-MgAuditLogProvisioning /auditLogs/provisioning
List provisioningObjectSummary
Get-MgAuditLogSignIn /auditLogs/signIns
List signIns
Get-MgAuditLogSignIn /auditLogs/signIns/{id}
Get signIn
Get-MgContact /contacts
List orgContacts
Get-MgContact /contacts/{id}
Get orgContact
Get-MgContactDelta /contacts/delta
orgContact: delta
Get-MgContactDirectReport /contacts/{id}/directReports
List directReports
Get-MgContactManager /contacts/{id}/manager
Get manager
Get-MgContactMemberOf /contacts/{id}/memberOf
List memberOf
Get-MgContactTransitiveMemberOf /contacts/{id}/transitiveMemberOf
List transitiveMemberOf
Get-MgContract /contracts
List contracts
Get-MgContract /contracts/{id}
Get Contract
Get-MgDevice /devices
List devices
Get-MgDevice /devices/{id}
Get device
Get-MgDeviceMemberOf /devices/{id}/memberOf
List device memberships
Get-MgDeviceMemberOfAsGroup /devices/{id}/memberOf
List device memberships
Get-MgDeviceRegisteredOwner /devices/{id}/registeredOwners
List registeredOwners
Get-MgDeviceRegisteredUser /devices/{id}/registeredUsers
List registeredUsers
Get-MgDeviceTransitiveMemberOf /devices/{id | userPrincipalName}/transitiveMemberOf
List device transitive memberships
Get-MgDeviceTransitiveMemberOfAsGroup /devices/{id | userPrincipalName}/transitiveMemberOf
List device transitive memberships
Get-MgDirectoryAdministrativeUnit /directory/administrativeUnits
List administrativeUnits
Get-MgDirectoryAdministrativeUnit /directory/administrativeUnits/{id}
Get administrativeUnit
Get-MgDirectoryAdministrativeUnitMember /directory/administrativeUnits/{id}/members
List members
Get-MgDirectoryAdministrativeUnitMemberByRef /directory/administrativeUnits/{id}/members
List members
Get-MgDirectoryAdministrativeUnitScopedRoleMember /directory/administrativeUnits/{id}/scopedRoleMembers
List scopedRoleMembers
Get-MgDirectoryAdministrativeUnitScopedRoleMember /directory/administrativeUnits/{id}/scopedRoleMembers/{id}
Get a scopedRoleMember
Get-MgDirectoryObject /directoryObjects/{id}
Get directoryObject
Get-MgDirectoryObjectAvailableExtensionProperty /directoryObjects/getAvailableExtensionProperties
directoryObject: getAvailableExtensionProperties
Get-MgDirectoryObjectById /directoryObjects/getByIds
directoryObject: getByIds
Get-MgDirectoryObjectMemberGroup /directoryObjects/{id}/getMemberGroups
directoryObject: getMemberGroups
Get-MgDirectoryObjectMemberObject /directoryObjects/{id}/getMemberObjects
directoryObject: getMemberObjects
Get-MgDirectoryRole /directoryRoles
List directoryRoles
Get-MgDirectoryRole /directoryRoles/{role-id}
Get directoryRole
Get-MgDirectoryRoleDelta /directoryRoles/delta
directoryRole: delta
Get-MgDirectoryRoleMember /directoryRoles/{role-id}/members
List members of a directory role
Get-MgDirectoryRoleScopedMember /directoryroles/{role-id}/scopedMembers
List scopedMembers for a directory role
Get-MgDirectoryRoleTemplate /directoryRoleTemplates
List directoryRoleTemplates
Get-MgDirectoryRoleTemplate /directoryRoleTemplates/{id}
Get directoryRoleTemplate
Get-MgDirectorySubscription /directory/subscriptions
List subscriptions
Get-MgDirectorySubscription /directory/subscriptions/{id}
Get companySubscription
Get-MgDomain /domains
List domains
Get-MgDomain /domains/{id}
Get domain
Get-MgDomainRootDomain /domains/{id}/rootDomain
Get rootDomain
Get-MgEducationMeUser /education/me/user
Get educationUser
Get-MgGroup /groups
List groups
Get-MgGroup /groups/{id}
Get group
Get-MgGroupAppRoleAssignment /groups/{id}/appRoleAssignments
List appRoleAssignments granted to a group
Get-MgGroupDelta /groups/delta
group: delta
Get-MgGroupLifecyclePolicy /groupLifecyclePolicies
List groupLifecyclePolicies
Get-MgGroupLifecyclePolicy /groupLifecyclePolicies/{id}
Get groupLifecyclePolicy
Get-MgGroupLifecyclePolicyByGroup /groups/{id}/groupLifecyclePolicies
List groupLifecyclePolicies
Get-MgGroupMember /groups/{id}/members
List group members
Get-MgGroupMemberAsUser /groups/{id}/members
List group members
Get-MgGroupMemberCount /groups/{id}/members
List group members
Get-MgGroupMemberCountAsUser /groups/{id}/members
List group members
Get-MgGroupMemberOf /groups/{id}/memberOf
List group memberships
Get-MgGroupMemberOfAsGroup /groups/{id}/memberOf
List group memberships
Get-MgGroupOwner /groups/{id}/owners
List group owners
Get-MgGroupSetting /groupSettings
List settings
Get-MgGroupSetting /groupSettings/{groupSettingId}
Get groupSetting
Get-MgGroupSettingTemplateGroupSettingTemplate /groupSettingTemplates
List groupSettingTemplates
Get-MgGroupSettingTemplateGroupSettingTemplate /groupSettingTemplates/{id}
Get a group setting template
Get-MgGroupTransitiveMember /groups/{id}/transitiveMembers
List group transitive members
Get-MgGroupTransitiveMemberAsGroup /groups/{id}/transitiveMembers
List group transitive members
Get-MgGroupTransitiveMemberAsUser /groups/{id}/transitiveMembers
List group transitive members
Get-MgGroupTransitiveMemberOf /groups/{id}/transitiveMemberOf
List group transitive memberOf
Get-MgOauth2PermissionGrant /oauth2PermissionGrants
List oAuth2PermissionGrants (delegated permission grants)
Get-MgOauth2PermissionGrant /oauth2PermissionGrants/{id}
Get oAuth2PermissionGrant (a delegated permission grant)
Get-MgOauth2PermissionGrantDelta /oauth2PermissionGrants/delta
oauth2permissiongrant: delta
Get-MgOrganization /organization
List organizations
Get-MgOrganization /organization/{organizationId}
Get organization
Get-MgPolicyAdminConsentRequestPolicy /policies/adminConsentRequestPolicy
Get adminConsentRequestPolicy
Get-MgPolicyClaimMappingPolicyApplyTo /policies/claimsMappingPolicies/{id}/appliesTo
List appliesTo
Get-MgPolicyHomeRealmDiscoveryPolicyApplyTo /policies/homeRealmDiscoveryPolicies/{id}/appliesTo
List appliesTo
Get-MgPolicyPermissionGrantPolicyExclude /policies/permissionGrantPolicies/{id}/excludes
List excludes collection of permissionGrantPolicy
Get-MgPolicyPermissionGrantPolicyInclude /policies/permissionGrantPolicies/{id}/includes
List includes collection of permissionGrantPolicy
Get-MgPolicyTokenIssuancePolicyApplyTo /policies/tokenIssuancePolicies/{id}/appliesTo
List appliesTo
Get-MgPolicyTokenLifetimePolicyApplyTo /policies/tokenLifetimePolicies/{id}/appliesTo
List appliesTo
Get-MgRoleManagementDirectoryRoleAssignment /roleManagement/directory/roleAssignments
List unifiedRoleAssignments
Get-MgRoleManagementDirectoryRoleAssignment /roleManagement/directory/roleAssignments/{id}
Get unifiedRoleAssignment
Get-MgRoleManagementDirectoryRoleDefinition /roleManagement/directory/roleDefinitions
List roleDefinitions
Get-MgRoleManagementDirectoryRoleDefinition /roleManagement/directory/roleDefinitions/{id}
Get unifiedRoleDefinition
Get-MgRoleManagementEntitlementManagementRoleAssignment /roleManagement/directory/roleAssignments
List unifiedRoleAssignments
Get-MgRoleManagementEntitlementManagementRoleDefinition /roleManagement/directory/roleDefinitions
List roleDefinitions
Get-MgServicePrincipal /servicePrincipals
List servicePrincipals
Get-MgServicePrincipal /servicePrincipals/{id}
Get servicePrincipal
Get-MgServicePrincipal /servicePrincipals/microsoft.graph.agentIdentity
List agentIdentity objects
Get-MgServicePrincipal /servicePrincipals/microsoft.graph.agentIdentityBlueprintPrincipal
List agentIdentityBlueprintPrincipal objects
Get-MgServicePrincipalAppRoleAssignedTo /servicePrincipals/{id}/appRoleAssignedTo
List appRoleAssignments granted for a service principal
Get-MgServicePrincipalAppRoleAssignment /servicePrincipals/{id}/appRoleAssignments
List appRoleAssignments granted to a service principal
Get-MgServicePrincipalCount /servicePrincipals
List servicePrincipals
Get-MgServicePrincipalCreatedObject /servicePrincipals/{id}/createdObjects
servicePrincipal: List createdObjects
Get-MgServicePrincipalDelegatedPermissionClassification /servicePrincipals/{id}/delegatedPermissionClassifications
List delegatedPermissionClassifications collection of servicePrincipal
Get-MgServicePrincipalDelta /servicePrincipals/delta
servicePrincipal: delta
Get-MgServicePrincipalMemberOf /servicePrincipals/{id}/memberOf
List servicePrincipal memberOf
Get-MgServicePrincipalOauth2PermissionGrant /servicePrincipals/{id}/oauth2PermissionGrants
List a service principal's oauth2PermissionGrants
Get-MgServicePrincipalOwnedObject /servicePrincipals/{id}/ownedObjects
servicePrincipals: List ownedObjects
Get-MgServicePrincipalOwner /servicePrincipals/{id}/owners
List owners of a service principal
Get-MgServicePrincipalRemoteDesktopSecurityConfiguration /servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration
Get remoteDesktopSecurityConfiguration
Get-MgServicePrincipalRemoteDesktopSecurityConfigurationTargetDeviceGroup /servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration/targetDeviceGroups
List targetDeviceGroups
Get-MgServicePrincipalRemoteDesktopSecurityConfigurationTargetDeviceGroup /servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration/targetDeviceGroups/{targetDeviceGroupId}
Get targetDeviceGroup
Get-MgServicePrincipalTransitiveMemberOf /servicePrincipals/{id}/transitiveMemberOf
List servicePrincipal transitive memberOf
Get-MgSubscribedSku /subscribedSkus
List subscribedSkus
Get-MgSubscribedSku /subscribedSkus/{id}
Get subscribedSku
Get-MgTeam /teams/{team-id}
Get team
Get-MgTeamChannel /teams/{team-id}/channels
List channels
Get-MgTeamChannel /teams/{team-id}/channels/{channel-id}
Get channel
Get-MgTeamChannelTab /teams/{id}/channels/{id}/tabs
List tabs in channel
Get-MgTeamChannelTab /teams/{team-id}/channels/{channel-id}/tabs/{tab-id}
Get tab in channel
Get-MgTeamInstalledApp /teams/{id}/installedApps/{id}
Get installed app in team
Get-MgTeamInstalledApp /teams/{team-id}/installedApps
List apps in team
Get-MgUser /me
Get user
Get-MgUser /me/manager
List manager
Get-MgUser /users
List users
Get-MgUserAppRoleAssignment /users/{id | userPrincipalName}/appRoleAssignments
List appRoleAssignments granted to a user
Get-MgUserCount /users
List users
Get-MgUserCreatedObject /users/{id | userPrincipalName}/createdObjects
List createdObjects
Get-MgUserDelta /users/delta
user: delta
Get-MgUserDirectReport /me/directReports
List directReports
Get-MgUserJoinedTeam /me/joinedTeams
List joinedTeams
Get-MgUserLicenseDetail /me/licenseDetails
List licenseDetails
Get-MgUserLicenseDetailTeamLicensingDetail /users/{user-id}/licenseDetails/getTeamsLicensingDetails
licenseDetails: getTeamsLicensingDetails
Get-MgUserManager /me/manager
List manager
Get-MgUserMemberGroup /directoryObjects/{id}/getMemberGroups
directoryObject: getMemberGroups
Get-MgUserMemberOf /me/memberOf
List a user's direct memberships
Get-MgUserMemberOfAsGroup /me/memberOf
List a user's direct memberships
Get-MgUserOauth2PermissionGrant /me/oauth2PermissionGrants
List a user's oauth2PermissionGrants
Get-MgUserOwnedDevice /me/ownedDevices
List ownedDevices
Get-MgUserOwnedObject /me/ownedObjects
List ownedObjects
Get-MgUserRegisteredDevice /me/registeredDevices
List registeredDevices
Get-MgUserTransitiveMemberOf /me/transitiveMemberOf
List a user's memberships (direct and transitive)
Invoke-MgRetryContactServiceProvisioning /contacts/{id}/retryServiceProvisioning
orgContact: retryServiceProvisioning
New-MgApplicationOwnerByRef /applications/{id}/owners/$ref
Add owner
New-MgServicePrincipalAppRoleAssignedTo /servicePrincipals/{id}/appRoleAssignedTo
Grant an appRoleAssignment for a service principal
New-MgServicePrincipalAppRoleAssignment /servicePrincipals/{id}/appRoleAssignments
Grant an appRoleAssignment to a service principal
New-MgServicePrincipalOwnerByRef /servicePrincipals/{id}/owners/$ref
servicePrincipal: Add owner
Test-MgDirectoryObjectProperty /directoryObjects/validateProperties
directoryObject: validateProperties
Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell beta commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

Commands
Get-MgBetaAdministrativeUnit /administrativeUnits
List administrativeUnits
Get-MgBetaAdministrativeUnit /administrativeUnits/{id}
Get administrativeUnit
Get-MgBetaAdministrativeUnitDelta /administrativeUnits/delta
administrativeUnit: delta
Get-MgBetaAdministrativeUnitScopedRoleMember /administrativeUnits/{id}/scopedRoleMembers
List scopedRoleMembers
Get-MgBetaAdministrativeUnitScopedRoleMember /administrativeUnits/{id}/scopedRoleMembers/{id}
Get a scopedRoleMember
Get-MgBetaAppCatalogTeamApp /appCatalogs/teamsApps
List teamsApp
Get-MgBetaApplication /applications
List applications
Get-MgBetaApplication /applications/{applicationObjectId}
Get application
Get-MgBetaApplication /applications/microsoft.graph.agentIdentityBlueprint
List agentIdentityBlueprint objects
Get-MgBetaApplicationByAppId /applications/{applicationObjectId}
Get application
Get-MgBetaApplicationCount /applications
List applications
Get-MgBetaApplicationDelta /applications/delta
application: delta
Get-MgBetaApplicationExtensionProperty /applications/{application ObjectId}/extensionProperties
List extensionProperties (directory extensions)
Get-MgBetaApplicationExtensionProperty /applications/{application ObjectId}/extensionProperties/{extensionPropertyId}
Get extensionProperty (directory extension)
Get-MgBetaApplicationFederatedIdentityCredential /applications/{id}/federatedIdentityCredentials
List federatedIdentityCredential objects
Get-MgBetaApplicationFederatedIdentityCredential /applications/{id}/federatedIdentityCredentials/{federatedIdentityCredentialId}
Get federatedIdentityCredential
Get-MgBetaApplicationOwner /applications/{id}/owners
List owners of an application
Get-MgBetaAuditLogDirectoryAudit /auditLogs/directoryAudits
List directoryAudits
Get-MgBetaAuditLogDirectoryAudit /auditLogs/directoryAudits/{id}
Get directoryAudit
Get-MgBetaAuditLogProvisioning /auditLogs/provisioning
List provisioningObjectSummary
Get-MgBetaAuditLogSignIn /auditLogs/signIns
List signIns
Get-MgBetaAuditLogSignIn /auditLogs/signIns/{id}
Get signIn
Get-MgBetaContact /contacts
List orgContacts
Get-MgBetaContact /contacts/{id}
Get orgContact
Get-MgBetaContactDelta /contacts/delta
orgContact: delta
Get-MgBetaContactDirectReport /contacts/{id}/directReports
orgContact: List directReports
Get-MgBetaContactManager /contacts/{id}/manager
orgContact: Get manager
Get-MgBetaContactMemberOf /contacts/{id}/memberOf
orgContact: List memberOf
Get-MgBetaContactTransitiveMemberOf /contacts/{id}/transitiveMemberOf
List transitiveMemberOf
Get-MgBetaContactTransitiveReportCount /contacts/{id}/transitiveReports/$count
Get transitiveReports for orgContact
Get-MgBetaContract /contracts
List contracts
Get-MgBetaContract /contracts/{id}
Get Contract
Get-MgBetaDevice /devices
List devices
Get-MgBetaDevice /devices/{id}
Get device
Get-MgBetaDeviceMemberOf /devices/{id}/memberOf
List memberOf
Get-MgBetaDeviceMemberOfAsGroup /devices/{id}/memberOf
List memberOf
Get-MgBetaDeviceRegisteredOwner /devices/{id}/registeredOwners
List registeredOwners
Get-MgBetaDeviceRegisteredUser /devices/{id}/registeredUsers
List registeredUsers
Get-MgBetaDeviceTransitiveMemberOf /devices/{id}/transitiveMemberOf
List device transitive memberships
Get-MgBetaDeviceTransitiveMemberOfAsGroup /devices/{id}/transitiveMemberOf
List device transitive memberships
Get-MgBetaDeviceUsageRights /devices/{objectId}/usageRights
List device usageRights
Get-MgBetaDirectoryCertificateAuthorityMutualTlOauthConfiguration /certificateAuthorities/mutualTlsOauthConfigurations
List mutualTlsOauthConfigurations
Get-MgBetaDirectoryObject /directoryObjects/{id}
Get directoryObject
Get-MgBetaDirectoryObjectById /directoryObjects/getByIds
directoryObject: getByIds
Get-MgBetaDirectoryObjectMemberGroup /directoryObjects/{id}/getMemberGroups
directoryObject: getMemberGroups
Get-MgBetaDirectoryRole /directoryRoles
List directoryRoles
Get-MgBetaDirectoryRole /directoryRoles/{role-id}
Get directoryRole
Get-MgBetaDirectoryRoleByRoleTemplateId /directoryRoles/{role-id}
Get directoryRole
Get-MgBetaDirectoryRoleDelta /directoryRoles/delta
directoryRole: delta
Get-MgBetaDirectoryRoleMember /directoryRoles/{role-id}/members
List members
Get-MgBetaDirectoryRoleScopedMember /directoryroles/{role-id}/scopedMembers
List scopedMembers for a directory role
Get-MgBetaDirectoryRoleTemplate /directoryRoleTemplates
List directoryRoleTemplates
Get-MgBetaDirectoryRoleTemplate /directoryRoleTemplates/{id}
Get directoryRoleTemplate
Get-MgBetaDirectorySetting /settings
List settings
Get-MgBetaDirectorySetting /settings/{directorySettingId}
Get directorySetting
Get-MgBetaDirectorySettingTemplate /directorySettingTemplates
List directorySettingTemplates
Get-MgBetaDirectorySettingTemplate /directorySettingTemplates/{id}
Get a directory setting template
Get-MgBetaDirectorySubscription /directory/subscriptions
List subscriptions
Get-MgBetaDirectorySubscription /directory/subscriptions/{id}
Get companySubscription
Get-MgBetaDomain /domains
List domains
Get-MgBetaDomain /domains/{id}
Get domain
Get-MgBetaDomainRootDomain /domains/contoso.com/rootDomain
Get rootDomain
Get-MgBetaEducationClassGroup /education/classes/{id}/group
Get group
Get-MgBetaEducationMeUser /education/me/user
Get user
Get-MgBetaEducationSchoolAdministrativeUnit /education/schools/{id}/administrativeUnit
Get administrativeUnit
Get-MgBetaGroup /groups
List groups
Get-MgBetaGroup /groups/{id}
Get group
Get-MgBetaGroupAppRoleAssignment /groups/{id}/appRoleAssignments
List appRoleAssignments granted to a group
Get-MgBetaGroupDelta /groups/delta
group: delta
Get-MgBetaGroupLifecyclePolicy /groupLifecyclePolicies
List groupLifecyclePolicies
Get-MgBetaGroupLifecyclePolicy /groupLifecyclePolicies/{id}
Get groupLifecyclePolicy
Get-MgBetaGroupLifecyclePolicyByGroup /groups/{id}/groupLifecyclePolicies
List groupLifecyclePolicies
Get-MgBetaGroupMember /groups/{id}/members
List group members
Get-MgBetaGroupMemberAsServicePrincipal /groups/{id}/members
List group members
Get-MgBetaGroupMemberAsUser /groups/{id}/members
List group members
Get-MgBetaGroupMemberOf /groups/{id}/memberOf
List group memberships
Get-MgBetaGroupMemberOfAsGroup /groups/{id}/memberOf
List group memberships
Get-MgBetaGroupOwner /groups/{id}/owners
List group owners
Get-MgBetaGroupTransitiveMember /groups/{id}/transitiveMembers
List group transitive members
Get-MgBetaGroupTransitiveMemberAsGroup /groups/{id}/transitiveMembers
List group transitive members
Get-MgBetaGroupTransitiveMemberAsUser /groups/{id}/transitiveMembers
List group transitive members
Get-MgBetaGroupTransitiveMemberOf /groups/{id}/transitiveMemberOf
List group transitive memberOf
Get-MgBetaOauth2PermissionGrant /oauth2PermissionGrants
List oAuth2PermissionGrants (delegated permission grants)
Get-MgBetaOauth2PermissionGrant /oauth2PermissionGrants/{id}
Get oAuth2PermissionGrant (a delegated permission grant)
Get-MgBetaOauth2PermissionGrantDelta /oauth2PermissionGrants/delta
oauth2permissiongrant: delta
Get-MgBetaOrganization /organization
List organizations
Get-MgBetaOrganization /organization/{organizationId}
Get organization
Get-MgBetaPolicyAdminConsentRequestPolicy /policies/adminConsentRequestPolicy
Get adminConsentRequestPolicy
Get-MgBetaPolicyClaimMappingPolicyApplyTo /policies/claimsMappingPolicies/{id}/appliesTo
List appliesTo
Get-MgBetaPolicyHomeRealmDiscoveryPolicyApplyTo /policies/homeRealmDiscoveryPolicies/{id}/appliesTo
List appliesTo
Get-MgBetaPolicyPermissionGrantPolicyExclude /policies/permissionGrantPolicies/{id}/excludes
List excludes collection of permissionGrantPolicy
Get-MgBetaPolicyPermissionGrantPolicyInclude /policies/permissionGrantPolicies/{id}/includes
List includes collection of permissionGrantPolicy
Get-MgBetaPolicyTokenIssuancePolicyApplyTo /policies/tokenIssuancePolicies/{id}/appliesTo
List appliesTo
Get-MgBetaPolicyTokenLifetimePolicyApplyTo /policies/tokenLifetimePolicies/{id}/appliesTo
List appliesTo
Get-MgBetaReportAppCredentialSignInActivity /reports/appCredentialSignInActivities
List appCredentialSignInActivities
Get-MgBetaReportAppCredentialSignInActivity /reports/appCredentialSignInActivities/{appCredentialSignInActivityId}
Get appCredentialSignInActivity
Get-MgBetaReportServicePrincipalSignInActivity /reports/servicePrincipalSignInActivities
List servicePrincipalSignInActivities
Get-MgBetaReportServicePrincipalSignInActivity /reports/servicePrincipalSignInActivities/{servicePrincipalSignInActivityId}
Get servicePrincipalSignInActivity
Get-MgBetaRoleManagementCloudPcRoleDefinition /roleManagement/cloudPC/roleDefinitions
List roleDefinitions
Get-MgBetaRoleManagementCloudPcRoleDefinition /roleManagement/cloudPC/roleDefinitions/{id}
Get unifiedRoleDefinition
Get-MgBetaRoleManagementDirectoryRoleAssignment /roleManagement/directory/roleAssignments
List unifiedRoleAssignments
Get-MgBetaRoleManagementDirectoryRoleAssignment /roleManagement/directory/roleAssignments/{id}
Get unifiedRoleAssignment
Get-MgBetaRoleManagementDirectoryRoleDefinition /roleManagement/cloudPC/roleDefinitions
List roleDefinitions
Get-MgBetaRoleManagementDirectoryRoleDefinition /roleManagement/cloudPC/roleDefinitions/{id}
Get unifiedRoleDefinition
Get-MgBetaRoleManagementDirectoryTransitiveRoleAssignment /roleManagement/directory/transitiveRoleAssignments?$filter=principalId eq '{principalId}'
List transitiveRoleAssignment
Get-MgBetaRoleManagementEntitlementManagementRoleAssignment /roleManagement/directory/roleAssignments
List unifiedRoleAssignments
Get-MgBetaRoleManagementEntitlementManagementRoleDefinition /roleManagement/cloudPC/roleDefinitions
List roleDefinitions
Get-MgBetaRoleManagementEntitlementManagementRoleDefinition /roleManagement/cloudPC/roleDefinitions/{id}
Get unifiedRoleDefinition
Get-MgBetaRoleManagementExchangeRoleAssignment /roleManagement/directory/roleAssignments
List unifiedRoleAssignments
Get-MgBetaRoleManagementExchangeRoleAssignment /roleManagement/directory/roleAssignments/{id}
Get unifiedRoleAssignment
Get-MgBetaRoleManagementExchangeRoleDefinition /roleManagement/cloudPC/roleDefinitions
List roleDefinitions
Get-MgBetaRoleManagementExchangeRoleDefinition /roleManagement/cloudPC/roleDefinitions/{id}
Get unifiedRoleDefinition
Get-MgBetaServicePrincipal /servicePrincipals
List servicePrincipals
Get-MgBetaServicePrincipal /servicePrincipals/{id}
Get servicePrincipal
Get-MgBetaServicePrincipal /servicePrincipals/microsoft.graph.agentIdentity
List agentIdentity objects
Get-MgBetaServicePrincipal /servicePrincipals/microsoft.graph.agentIdentityBlueprintPrincipal
List agentIdentityBlueprintPrincipal objects
Get-MgBetaServicePrincipalAppRoleAssignedTo /servicePrincipals/{id}/appRoleAssignedTo
List appRoleAssignments granted for a service principal
Get-MgBetaServicePrincipalAppRoleAssignment /servicePrincipals/{id}/appRoleAssignments
List appRoleAssignments granted to a service principal
Get-MgBetaServicePrincipalByAppId /servicePrincipals/{id}
Get servicePrincipal
Get-MgBetaServicePrincipalCount /servicePrincipals
List servicePrincipals
Get-MgBetaServicePrincipalCreatedObject /servicePrincipals/{id}/createdObjects
servicePrincipal: List createdObjects
Get-MgBetaServicePrincipalDelegatedPermissionClassification /servicePrincipals/{id}/delegatedPermissionClassifications
List delegatedPermissionClassifications collection of servicePrincipal
Get-MgBetaServicePrincipalDelta /servicePrincipals/delta
servicePrincipal: delta
Get-MgBetaServicePrincipalMemberOf /servicePrincipals/{id}/memberOf
List servicePrincipal memberOf
Get-MgBetaServicePrincipalOauth2PermissionGrant /servicePrincipals/{id}/oauth2PermissionGrants
List a service principal's oauth2PermissionGrants
Get-MgBetaServicePrincipalOwnedObject /servicePrincipals/{id}/ownedObjects
servicePrincipals: List ownedObjects
Get-MgBetaServicePrincipalOwner /servicePrincipals/{id}/owners
List owners of a service principal
Get-MgBetaServicePrincipalPasswordSingleSignOnCredential /servicePrincipals/{id}/getPasswordSingleSignOnCredentials
servicePrincipal: getPasswordSingleSignOnCredentials
Get-MgBetaServicePrincipalRemoteDesktopSecurityConfiguration /servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration
Get remoteDesktopSecurityConfiguration
Get-MgBetaServicePrincipalRemoteDesktopSecurityConfigurationTargetDeviceGroup /servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration/targetDeviceGroups
List targetDeviceGroups
Get-MgBetaServicePrincipalRemoteDesktopSecurityConfigurationTargetDeviceGroup /servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration/targetDeviceGroups/{targetDeviceGroupId}
Get targetDeviceGroup
Get-MgBetaServicePrincipalTransitiveMemberOf /servicePrincipals/{id}/transitiveMemberOf
List servicePrincipal transitive memberOf
Get-MgBetaSubscribedSku /subscribedSkus
List subscribedSkus
Get-MgBetaSubscribedSku /subscribedSkus/{id}
Get subscribedSku
Get-MgBetaTeam /teams/{team-id}
Get team
Get-MgBetaTeamChannel /teams/{team-id}/channels
List channels
Get-MgBetaTeamChannel /teams/{team-id}/channels/{channel-id}
Get channel
Get-MgBetaTeamChannelTab /teams/{team-id}/channels/{channel-id}/tabs
List tabs in channel
Get-MgBetaTeamInstalledApp /teams/{id}/installedApps/{id}
Get installed app in team
Get-MgBetaTeamInstalledApp /teams/{team-id}/installedApps
List apps in team
Get-MgBetaUser /me
Get user
Get-MgBetaUser /me/manager
List manager
Get-MgBetaUser /users
List users
Get-MgBetaUserAppRoleAssignedResource /me/appRoleAssignedResources
List appRoleAssignedResources
Get-MgBetaUserAppRoleAssignment /users/{id | userPrincipalName}/appRoleAssignments
List appRoleAssignments granted to a user
Get-MgBetaUserAppRoleAssignment /users/{usersId}/appRoleAssignments
List appRoleAssignments (for agentUser)
Get-MgBetaUserCount /users
List users
Get-MgBetaUserCreatedObject /users/{id | userPrincipalName}/createdObjects
List createdObjects
Get-MgBetaUserDelta /users/delta
user: delta
Get-MgBetaUserDirectReport /me/directReports
List directReports
Get-MgBetaUserJoinedTeam /me/joinedTeams
List joinedTeams
Get-MgBetaUserLicenseDetail /me/licenseDetails
List licenseDetails
Get-MgBetaUserLicenseDetailTeamLicensingDetail /users/{user-id}/licenseDetails/getTeamsLicensingDetails
licenseDetails: getTeamsLicensingDetails
Get-MgBetaUserManager /me/manager
List manager
Get-MgBetaUserMemberGroup /directoryObjects/{id}/getMemberGroups
directoryObject: getMemberGroups
Get-MgBetaUserMemberObject /directoryObjects/{id}/getMemberObjects
directoryObject: getMemberObjects
Get-MgBetaUserMemberOf /me/memberOf
List a user's direct memberships
Get-MgBetaUserMemberOfAsGroup /me/memberOf
List a user's direct memberships
Get-MgBetaUserOauth2PermissionGrant /me/oauth2PermissionGrants
List a user's oauth2PermissionGrants
Get-MgBetaUserOwnedDevice /users/{id | userPrincipalName}/ownedDevices
List ownedDevices
Get-MgBetaUserOwnedObject /me/ownedObjects
List ownedObjects
Get-MgBetaUserRegisteredDevice /me/registeredDevices
List registeredDevices
Get-MgBetaUserScopedRoleMemberOf /me/scopedRoleMemberOf
List scopedAdministratorOf
Get-MgBetaUserTransitiveMemberOf /me/transitiveMemberOf
List a user's memberships (direct and transitive)
Get-MgBetaUserTransitiveReportCount /users/{id}/transitiveReports/$count
Get transitiveReports for a user
Get-MgUser /me
Get user
Invoke-MgBetaRetryContactServiceProvisioning /contacts/{id}/retryServiceProvisioning
orgContact: retryServiceProvisioning
New-MgBetaApplicationOwnerByRef /applications/{id}/owners/$ref
Add owner
New-MgBetaServicePrincipalAppRoleAssignedTo /servicePrincipals/{id}/appRoleAssignedTo
Grant an appRoleAssignment for a service principal
New-MgBetaServicePrincipalAppRoleAssignment /servicePrincipals/{id}/appRoleAssignments
Grant an appRoleAssignment to a service principal
New-MgBetaServicePrincipalOwnerByRef /servicePrincipals/{id}/owners/$ref
servicePrincipal: Add owner
New-MgBetaServicePrincipalPasswordSingleSignOnCredential /servicePrincipals/{id}/createPasswordSingleSignOnCredentials
servicePrincipal: createPasswordSingleSignOnCredentials
Remove-MgBetaServicePrincipalPasswordSingleSignOnCredential /servicePrincipals/{id}/deletePasswordSingleSignOnCredentials
servicePrincipal: deletePasswordSingleSignOnCredentials
Test-MgBetaDirectoryObjectProperty /directoryObjects/validateProperties
directoryObject: validateProperties
Update-MgBetaServicePrincipalPasswordSingleSignOnCredential /servicePrincipals/{id}/updatePasswordSingleSignOnCredentials
servicePrincipal: updatePasswordSingleSignOnCredentials

Code Examples

C# / .NET SDK
Add owner
View official example on Microsoft Learn
// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Models;

var requestBody = new ReferenceCreate
{
	OdataId = "https://graph.microsoft.com/v1.0/directoryObjects/{id}",
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
await graphClient.Applications["{application-id}"].Owners.Ref.PostAsync(requestBody);
JavaScript
Add owner
View official example on Microsoft Learn
const options = {
	authProvider,
};

const client = Client.init(options);

const directoryObject = {
    '@odata.id': 'https://graph.microsoft.com/v1.0/directoryObjects/{id}'
};

await client.api('/applications/{id}/owners/$ref')
	.post(directoryObject);
PowerShell
Add owner
View official example on Microsoft Learn
Import-Module Microsoft.Graph.Applications

$params = @{
	"@odata.id" = "https://graph.microsoft.com/v1.0/directoryObjects/{id}"
}

New-MgApplicationOwnerByRef -ApplicationId $applicationId -BodyParameter $params
Python
Add owner
View official example on Microsoft Learn
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.reference_create import ReferenceCreate
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = ReferenceCreate(
	odata_id = "https://graph.microsoft.com/v1.0/directoryObjects/{id}",
)

await graph_client.applications.by_application_id('application-id').owners.ref.post(request_body)

App Registration

1

Navigate to Azure Portal

Go to App registrations in Microsoft Entra admin center

2

Add API Permission

Select your app → API permissions → Add a permission → Microsoft Graph

3

Select Permission Type

Choose Application permissions or delegated permissions and search for Directory.Read.All

4

Grant Admin Consent

Application permissions always require admin consent.