ESC
Type to search...
Navigate Open ESC Close

Directory.ReadWrite.All

Export JSON
Export CSV
Copy URL
Print
ApplicationDelegated Read/Write All Resources

Allows the app to read and write data in your organization's directory, such as users, and groups, without a signed-in user. Does not allow user or group deletion.

Permission data: April 6, 2026 at 4:06 AM UTC
Delegated Access App-Only Access

Permission Details

Application Permission

Read and write directory data

Allows the app to read and write data in your organization's directory, such as users, and groups, without a signed-in user. Does not allow user or group deletion.

Permission ID: 19dbc75e-c2e2-444c-a770-ec69d8559fc7
Delegated Permission Admin consent required

Read and write directory data

Allows the app to read and write data in your organization's directory, such as users, and groups. It does not allow the app to delete users or groups, or reset user passwords.

User sees: Allows the app to read and write data in your organization's directory, such as other users, groups. It does not allow the app to delete users or groups, or reset user passwords.
Permission ID: c5366453-9fb0-48a5-a156-24f0c49a4b84

Properties

Microsoft Graph v1.0 exact-category-docs

Properties is shown from stable Microsoft Graph v1.0 metadata.

Property Type Description
id String A unique identifier for the object; for example, 12345678-9abc-def0-1234-56789abcde. Key. Not nullable. Read-only. Inherited from entity.
administrativeUnits administrativeUnit collection Conceptual container for user and group directory objects.
attributeSets attributeSet collection Group of related custom security attribute definitions.
customSecurityAttributeDefinitions customSecurityAttributeDefinition collection Schema of a custom security attributes (key-value pairs).
deletedItems directoryObject collection Recently deleted items. Read-only. Nullable.
deviceLocalCredentials deviceLocalCredentialInfo collection The credentials of the device's local administrator account backed up to Microsoft Entra ID.
federationConfigurations identityProviderBase collection Configure domain federation with organizations whose identity provider (IdP) supports either the SAML or WS-Fed protocol.
onPremisesSynchronization onPremisesDirectorySynchronization collection A container for on-premises directory synchronization functionalities that are available for the organization.
publicKeyInfrastructure object The collection of public key infrastructure instances for the certificate-based authentication feature for users in a Microsoft Entra tenant.
subscriptions companySubscription collection List of commercial subscriptions that an organization acquired.

JSON Representation

Microsoft Graph v1.0 exact-category-docs

JSON representation is shown from stable Microsoft Graph v1.0 metadata.

JSON representation 
{
  "@odata.type": "#microsoft.graph.directory"
}

Relationships

Microsoft Graph v1.0 exact-category-docs

Relationships is shown from stable Microsoft Graph v1.0 metadata.

Relationship Type Description
administrativeUnits administrativeUnit collection Conceptual container for user and group directory objects.
attributeSets attributeSet collection Group of related custom security attribute definitions.
customSecurityAttributeDefinitions customSecurityAttributeDefinition collection Schema of a custom security attributes (key-value pairs).
deletedItems directoryObject collection Recently deleted items. Read-only. Nullable.
deviceLocalCredentials deviceLocalCredential collection The credentials of the device's local administrator account backed up to Microsoft Entra ID.
federationConfigurations identityProviderBase collection Configure domain federation with organizations whose identity provider (IdP) supports either the SAML or WS-Fed protocol.
onPremisesSynchronization onPremisesDirectorySynchronization A container for on-premises directory synchronization functionalities that are available for the organization.
publicKeyInfrastructure publicKeyInfrastructureRoot The collection of public key infrastructure instances for the certificate-based authentication feature for users in a Microsoft Entra tenant.
subscriptions companySubscription collection List of commercial subscriptions that an organization acquired.
externalUserProfiles externalUserProfile collection Collection of external user profiles that represent collaborators in the directory.
featureRolloutPolicies featureRolloutPolicy collection Related featureRolloutPolicies data exposed by this resource.
impactedResources impactedResource collection Related impactedResources data exposed by this resource.
inboundSharedUserProfiles inboundSharedUserProfile collection A collection of external users whose profile data is shared with the Microsoft Entra tenant. Nullable.
outboundSharedUserProfiles outboundSharedUserProfile collection Related outboundSharedUserProfiles data exposed by this resource.
pendingExternalUserProfiles pendingExternalUserProfile collection Collection of pending external user profiles representing collaborators in the directory that are unredeemed.
recommendations recommendation collection List of recommended improvements to improve tenant posture.
sharedEmailDomains sharedEmailDomain collection Related sharedEmailDomains data exposed by this resource.

Graph Methods

Delegated access App-only access
Exact Microsoft Learn match

Microsoft Graph v1.0 endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

Methods
GET /appCatalogs/teamsApps
GET /applications
GET /applications(appId='{appId}')
GET /applications(appId='{appId}')/extensionProperties
GET /applications(appId='{appId}')/owners
GET /applications/{application ObjectId}/extensionProperties
GET /applications/{applicationObjectId}
GET /applications/{id}/owners
GET /applications/delta
GET /applications/microsoft.graph.agentIdentityBlueprint
GET /contacts
GET /contacts/{id}
GET /contacts/{id}/directReports
GET /contacts/{id}/manager
GET /contacts/{id}/memberOf
GET /contacts/delta
GET /contracts
GET /contracts/{id}
GET /devices
GET /devices(deviceId='{deviceId}')
GET /devices(deviceId='{deviceId}')/memberOf
GET /devices(deviceId='{deviceId}')/registeredOwners
GET /devices(deviceId='{deviceId}')/registeredUsers
GET /devices(deviceId='{deviceId}')/transitiveMemberOf
GET /devices/{id | userPrincipalName}/transitiveMemberOf
GET /devices/{id}
GET /devices/{id}/memberOf
GET /devices/{id}/registeredOwners
GET /devices/{id}/registeredUsers
GET /directory/administrativeUnits
GET /directory/administrativeUnits/{id}
GET /directory/administrativeUnits/{id}/members
GET /directory/administrativeUnits/{id}/members/{id}
GET /directory/administrativeUnits/{id}/members/$ref
GET /directory/administrativeUnits/{id}/scopedRoleMembers
GET /directory/administrativeUnits/{id}/scopedRoleMembers/{id}
GET /directoryRoles
GET /directoryRoles(roleTemplateId='{roleTemplateId}')
GET /directoryRoles(roleTemplateId='{roleTemplateId}')/members
GET /directoryRoles(roleTemplateId='{roleTemplateId}')/scopedMembers
GET /directoryRoles/{role-id}
GET /directoryRoles/{role-id}/members
GET /directoryroles/{role-id}/scopedMembers
GET /directoryRoles/delta
GET /directoryRoleTemplates
GET /directoryRoleTemplates/{id}
GET /groupLifecyclePolicies
GET /groupLifecyclePolicies/{id}
GET /groups
GET /groups/{groupId}/settings
GET /groups/{groupId}/settings/{groupSettingId}
GET /groups/{id}
GET /groups/{id}/appRoleAssignments
GET /groups/{id}/groupLifecyclePolicies
GET /groups/{id}/memberOf
GET /groups/{id}/transitiveMemberOf
GET /groups/delta
GET /groupSettings
GET /groupSettings/{groupSettingId}
GET /groupSettingTemplates
GET /groupSettingTemplates/{id}
GET /me
GET /me?$expand=directReports
GET /me/createdObjects
GET /me/directReports
GET /me/joinedTeams
GET /me/licenseDetails
GET /me/manager
GET /me/memberOf
GET /me/ownedDevices
GET /me/ownedObjects
GET /me/registeredDevices
GET /me/transitiveMemberOf
GET /oauth2PermissionGrants
GET /oauth2PermissionGrants/{id}
GET /oauth2PermissionGrants/delta
GET /organization
GET /organization/{organizationId}
GET /policies/adminConsentRequestPolicy
GET /policies/featureRolloutPolicies
GET /policies/featureRolloutPolicies/{id}
GET /roleManagement/directory/roleAssignments
GET /roleManagement/directory/roleAssignments/{id}
GET /roleManagement/directory/roleDefinitions
GET /roleManagement/directory/roleDefinitions/{id}
GET /roleManagement/entitlementManagement/roleAssignments
GET /roleManagement/entitlementManagement/roleAssignments/{id}
GET /roleManagement/entitlementManagement/roleDefinitions
GET /roleManagement/entitlementManagement/roleDefinitions/{id}
GET /servicePrincipals
GET /servicePrincipals(appId='{appId}')
GET /servicePrincipals(appId='{appId}')/appRoleAssignedTo
GET /servicePrincipals(appId='{appId}')/appRoleAssignments
GET /servicePrincipals(appId='{appId}')/createdObjects
GET /servicePrincipals(appId='{appId}')/memberOf
GET /servicePrincipals(appId='{appId}')/oauth2PermissionGrants
GET /servicePrincipals(appId='{appId}')/ownedObjects
GET /servicePrincipals(appId='{appId}')/owners
GET /servicePrincipals(appId='{appId}')/transitiveMemberOf
GET /servicePrincipals/{id}
GET /servicePrincipals/{id}/appRoleAssignedTo
GET /servicePrincipals/{id}/appRoleAssignments
GET /servicePrincipals/{id}/createdObjects
GET /servicePrincipals/{id}/memberOf
GET /servicePrincipals/{id}/microsoft.graph.agentIdentityBlueprintPrincipal/ownedObjects
GET /servicePrincipals/{id}/oauth2PermissionGrants
GET /servicePrincipals/{id}/ownedObjects
GET /servicePrincipals/{id}/owners
GET /servicePrincipals/{id}/transitiveMemberOf
GET /servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration
GET /servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration/targetDeviceGroups
GET /servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration/targetDeviceGroups/{targetDeviceGroupId}
GET /servicePrincipals/delta
GET /servicePrincipals/microsoft.graph.agentIdentity
GET /servicePrincipals/microsoft.graph.agentIdentityBlueprintPrincipal
GET /subscribedSkus
GET /subscribedSkus/{id}
GET /teams/{id}/channels/{id}/tabs
GET /teams/{id}/installedApps/{id}
GET /teams/{team-id}
GET /teams/{team-id}/channels
GET /teams/{team-id}/channels/{channel-id}
GET /teams/{team-id}/channels/{channel-id}/tabs/{tab-id}
GET /teams/{team-id}/installedApps
GET /users
GET /users?$expand=manager
GET /users/{id | user-principal-name}/joinedTeams
GET /users/{id | userPrincipalName}
GET /users/{id | userPrincipalName}?$expand=directReports
GET /users/{id | userPrincipalName}/?$expand=manager($levels=n)
GET /users/{id | userPrincipalName}/createdObjects
GET /users/{id | userPrincipalName}/directReports
GET /users/{id | userPrincipalName}/manager
GET /users/{id | userPrincipalName}/memberOf
GET /users/{id | userPrincipalName}/ownedDevices
GET /users/{id | userPrincipalName}/ownedObjects
GET /users/{id | userPrincipalName}/registeredDevices
GET /users/{id | userPrincipalName}/transitiveMemberOf
GET /users/{id}/licenseDetails
GET /users/{user-id}/licenseDetails/getTeamsLicensingDetails
GET /users/delta
POST /appCatalogs/teamsApps
POST /appCatalogs/teamsApps?requiresReview={Boolean}
POST /appCatalogs/teamsApps/{id}/appDefinitions
POST /applications(appId='{appId}')/addKey
POST /applications(appId='{appId}')/addPassword
POST /applications(appId='{appId}')/extensionProperties
POST /applications(appId='{appId}')/owners/$ref
POST /applications(appId='{appId}')/removeKey
POST /applications(appId='{appId}')/removePassword
POST /applications/{application ObjectId}/extensionProperties
POST /applications/{id}/addKey
POST /applications/{id}/addPassword
POST /applications/{id}/owners/$ref
POST /applications/{id}/removeKey
POST /applications/{id}/removePassword
POST /applicationTemplates/{applicationTemplate-id}/instantiate
POST /contacts/{id}/checkMemberGroups
POST /contacts/{id}/checkMemberObjects
POST /contacts/{id}/getMemberGroups
POST /contacts/{id}/getMemberObjects
POST /contacts/{id}/retryServiceProvisioning
POST /devices/{id}/checkMemberGroups
POST /devices/{id}/checkMemberObjects
POST /devices/{id}/getMemberGroups
POST /devices/{id}/getMemberObjects
POST /directory/administrativeUnits/{id}/members
POST /directory/administrativeUnits/{id}/members/$ref
POST /directoryObjects/{id}/checkMemberGroups
POST /directoryObjects/{id}/checkMemberObjects
POST /directoryObjects/{id}/getMemberGroups
POST /directoryObjects/{id}/getMemberObjects
POST /directoryObjects/validateProperties
POST /groupLifecyclePolicies
POST /groupLifecyclePolicies/{id}/addGroup
POST /groupLifecyclePolicies/{id}/removeGroup
POST /groups
POST /groups/{id}/assignLicense
POST /groups/{id}/checkMemberGroups
POST /groups/{id}/checkMemberObjects
POST /groups/{id}/getMemberGroups
POST /groups/{id}/getMemberObjects
POST /groups/{id}/owners/$ref
POST /groups/{id}/renew
POST /groups/{id}/retryServiceProvisioning
POST /groups/{id}/settings
POST /groupSettings
POST /invitations
POST /me/checkMemberGroups
POST /me/checkMemberObjects
POST /me/getMemberGroups
POST /me/getMemberObjects
POST /me/revokeSignInSessions
POST /oauth2PermissionGrants
POST /policies/featureRolloutPolicies
POST /policies/featureRolloutPolicies/{id}/appliesTo/$ref
POST /roleManagement/directory/roleDefinitions
POST /schemaExtensions
POST /servicePrincipals
POST /servicePrincipals(appId='{appId}')/addKey
POST /servicePrincipals(appId='{appId}')/addPassword
POST /servicePrincipals(appId='{appId}')/addTokenSigningCertificate
POST /servicePrincipals(appId='{appId}')/owners/$ref
POST /servicePrincipals(appId='{appId}')/removeKey
POST /servicePrincipals(appId='{appId}')/removePassword
POST /serviceprincipals/{id}/addKey
POST /servicePrincipals/{id}/addPassword
POST /servicePrincipals/{id}/addTokenSigningCertificate
POST /servicePrincipals/{id}/checkMemberGroups
POST /servicePrincipals/{id}/checkMemberObjects
POST /servicePrincipals/{id}/getMemberGroups
POST /servicePrincipals/{id}/getMemberObjects
POST /servicePrincipals/{id}/owners/$ref
POST /serviceprincipals/{id}/removeKey
POST /servicePrincipals/{id}/removePassword
POST /servicePrincipals/{id}/synchronization/jobs/{jobId}/schema/directories/{directoryId}/discover
POST /servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration
POST /servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration/targetDeviceGroups
POST /teams
POST /teams/{id}/archive
POST /teams/{id}/clone
POST /teams/{id}/unarchive
POST /teams/{team-id}/channels
POST /teams/{team-id}/channels/{channel-id}/tabs
POST /teams/{team-id}/installedApps
POST /teams/{team-id}/installedApps/{app-installation-id}/upgrade
POST /users
POST /users/{id | userPrincipalName}/assignLicense
POST /users/{id | userPrincipalName}/checkMemberGroups
POST /users/{id | userPrincipalName}/checkMemberObjects
POST /users/{id | userPrincipalName}/getMemberGroups
POST /users/{id | userPrincipalName}/getMemberObjects
POST /users/{id | userPrincipalName}/revokeSignInSessions
POST /users/{id}/reprocessLicenseAssignment
POST /users/{id}/retryServiceProvisioning
POST /users/{id}/sponsors/$ref
PATCH /applications/{id}/microsoft.graph.agentIdentityBlueprint/inheritablePermissions/{resourceAppId}
PATCH /devices(deviceId='{deviceId}')
PATCH /devices/{id}
PATCH /groupLifecyclePolicies/{id}
PATCH /groups(uniqueName='uniqueName')
PATCH /groups/{groupId}/settings/{groupSettingId}
PATCH /groups/{id}
PATCH /groupSettings/{groupSettingId}
PATCH /oauth2PermissionGrants/{id}
PATCH /policies/featureRolloutPolicies/{id}
PATCH /roleManagement/directory/roleDefinitions/{id}
PATCH /schemaExtensions/{id}
PATCH /servicePrincipals(appId='{appId}')
PATCH /servicePrincipals(appId='appId')
PATCH /servicePrincipals/{id}
PATCH /servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration
PATCH /servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration/targetDeviceGroups/{targetDeviceGroupId}
PATCH /teams/{id}/channels/{id}/members/{id}
PATCH /teams/{team-id}
PATCH /teams/{team-id}/channels/{channel-id}
PATCH /teams/{team-id}/channels/{channel-id}/members/{membership-id}
PATCH /teams/{team-id}/channels/{channel-id}/tabs/{tab-id}
PATCH /users/{id | userPrincipalName}
PUT /groups/{id}/team
PUT /policies/adminConsentRequestPolicy
PUT /users/{id}/manager/$ref
DELETE /appCatalogs/teamsApps/{appId}/appDefinitions/{appDefinitionId}
DELETE /appCatalogs/teamsApps/{id}
DELETE /applications(appId='{appId}')/extensionProperties/{extensionPropertyId}
DELETE /applications(appId='{appId}')/owners/{id}/$ref
DELETE /applications/{application ObjectId}/extensionProperties/{extensionPropertyId}
DELETE /applications/{id}/owners/{id}/$ref
DELETE /groupLifecyclePolicies/{id}
DELETE /groups/{groupId}/settings/{groupSettingId}
DELETE /groups/{id}/members/{id}/$ref
DELETE /groups/{id}/owners/{id}/$ref
DELETE /groupSettings/{groupSettingId}
DELETE /oAuth2PermissionGrants/{id}
DELETE /policies/featureRolloutPolicies/{id}
DELETE /policies/featureRolloutPolicies/{policyId}/appliesTo/{directoryObjectId}/$ref
DELETE /roleManagement/directory/roleDefinitions/{id}
DELETE /schemaExtensions/{id}
DELETE /servicePrincipals(appId='{appId}')
DELETE /servicePrincipals(appId='{appId}')/owners/{id}/$ref
DELETE /servicePrincipals/{id}
DELETE /serviceprincipals/{id}/owners/{id}/$ref
DELETE /servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration/$ref
DELETE /servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration/targetDeviceGroups/{targetDeviceGroupId}/$ref
DELETE /teams/{team-id}/channels/{channel-id}
DELETE /teams/{team-id}/channels/{channel-id}/tabs/{tab-id}
DELETE /teams/{team-id}/installedApps/{app-installation-id}
DELETE /users/{id}/manager/$ref
DELETE /users/{id}/sponsors/{id}/$ref
Exact Microsoft Learn match

Microsoft Graph beta endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

Methods
GET /admin/cloudLicensing/allotments
GET /admin/cloudLicensing/allotments/{allotmentId}
GET /admin/cloudLicensing/allotments/{allotmentId}/assignments
GET /admin/cloudLicensing/allotments/{allotmentId}/assignments/{assignmentId}
GET /admin/cloudLicensing/allotments/{allotmentId}/waitingMembers
GET /admin/cloudLicensing/allotments/{allotmentId}/waitingMembers/{waitingMemberId}
GET /admin/cloudLicensing/assignmentErrors
GET /admin/cloudLicensing/assignmentErrors/{assignmentErrorId}
GET /admin/cloudLicensing/assignmentErrors/{assignmentErrorId}/assignedTo
GET /admin/cloudLicensing/assignmentErrors/{assignmentErrorId}/usageRight
GET /admin/cloudLicensing/assignments
GET /admin/cloudLicensing/assignments/{assignmentId}
GET /admin/cloudLicensing/assignments/{assignmentId}/allotment
GET /admin/cloudLicensing/assignments/{assignmentId}/assignedTo
GET /administrativeUnits
GET /administrativeUnits/{id}
GET /administrativeUnits/{id}/members
GET /administrativeUnits/{id}/members/{id}
GET /administrativeUnits/{id}/members/$ref
GET /administrativeUnits/{id}/scopedRoleMembers
GET /administrativeUnits/{id}/scopedRoleMembers/{id}
GET /administrativeUnits/delta
GET /appCatalogs/teamsApps
GET /applications
GET /applications(appId='{appId}')
GET /applications(appId='{appId}')/extensionProperties
GET /applications(appId='{appId}')/owners
GET /applications/{application ObjectId}/extensionProperties
GET /applications/{applicationObjectId}
GET /applications/{id}/owners
GET /applications/delta
GET /applications/microsoft.graph.agentIdentityBlueprint
GET /contacts
GET /contacts/{id}
GET /contacts/{id}/directReports
GET /contacts/{id}/manager
GET /contacts/{id}/memberOf
GET /contacts/delta
GET /contracts
GET /contracts/{id}
GET /devices
GET /devices(deviceId='{deviceId}')
GET /devices(deviceId='{deviceId}')/memberOf
GET /devices(deviceId='{deviceId}')/registeredOwners
GET /devices(deviceId='{deviceId}')/registeredUsers
GET /devices(deviceId='{deviceId}')/transitiveMemberOf
GET /devices(deviceId='{deviceId}')/usageRights
GET /devices/{id}
GET /devices/{id}/memberOf
GET /devices/{id}/registeredOwners
GET /devices/{id}/registeredUsers
GET /devices/{id}/transitiveMemberOf
GET /devices/{objectId}/usageRights
GET /directory/administrativeUnits
GET /directory/administrativeUnits/{id}
GET /directoryRoles
GET /directoryRoles(roleTemplateId='{roleTemplateId}')
GET /directoryRoles(roleTemplateId='{roleTemplateId}')/members
GET /directoryRoles(roleTemplateId='{roleTemplateId}')/scopedMembers
GET /directoryRoles/{role-id}
GET /directoryRoles/{role-id}/members
GET /directoryroles/{role-id}/scopedMembers
GET /directoryRoles/delta
GET /directoryRoleTemplates
GET /directoryRoleTemplates/{id}
GET /directorySettingTemplates
GET /directorySettingTemplates/{id}
GET /groupLifecyclePolicies
GET /groupLifecyclePolicies/{id}
GET /groups
GET /groups/{groupId}/cloudLicensing/assignments
GET /groups/{groupId}/cloudLicensing/assignments/{assignmentId}
GET /groups/{groupId}/cloudLicensing/assignments/{assignmentId}/allotment
GET /groups/{groupId}/cloudLicensing/usageRights
GET /groups/{groupId}/cloudLicensing/usageRights/{usageRightId}
GET /groups/{groupId}/cloudLicensing/usageRights/{usageRightId}/assignments
GET /groups/{groupId}/settings
GET /groups/{groupId}/settings/{directorySettingId}
GET /groups/{id}
GET /groups/{id}/appRoleAssignments
GET /groups/{id}/groupLifecyclePolicies
GET /groups/{id}/memberOf
GET /groups/{id}/transitiveMemberOf
GET /groups/delta
GET /me
GET /me?$expand=directReports
GET /me/cloudLicensing/assignmentErrors
GET /me/cloudLicensing/assignmentErrors/{assignmentErrorId}
GET /me/cloudLicensing/assignments/{assignmentId}
GET /me/cloudLicensing/assignments/{assignmentId}/allotment
GET /me/cloudLicensing/usageRights
GET /me/cloudLicensing/usageRights/{usageRightId}
GET /me/cloudLicensing/usageRights/{usageRightId}/assignments
GET /me/cloudLicensing/waitingMembers
GET /me/cloudLicensing/waitingMembers/{waitingMemberId}
GET /me/cloudLicensing/waitingMembers/{waitingMemberId}/allotment
GET /me/createdObjects
GET /me/directReports
GET /me/joinedTeams
GET /me/licenseDetails
GET /me/manager
GET /me/memberOf
GET /me/ownedObjects
GET /me/registeredDevices
GET /me/scopedRoleMemberOf
GET /me/transitiveMemberOf
GET /oauth2PermissionGrants
GET /oauth2PermissionGrants/{id}
GET /oauth2PermissionGrants/delta
GET /onPremisesPublishingProfiles/{profile-id}/
GET /onPremisesPublishingProfiles/{profile-id}/agentGroups
GET /onPremisesPublishingProfiles/{profile-id}/agents
GET /onPremisesPublishingProfiles/{profile-id}/agents/{agent-id}
GET /onPremisesPublishingProfiles/{profile-id}/agents/{agent-id}?$expand=agentGroups
GET /onPremisesPublishingProfiles/applicationProxy/connectorGroups
GET /onPremisesPublishingProfiles/applicationProxy/connectorGroups/{id}
GET /onPremisesPublishingProfiles/applicationProxy/connectorGroups/{id}/applications
GET /onPremisesPublishingProfiles/applicationProxy/connectorGroups/{id}/members
GET /onPremisesPublishingProfiles/applicationProxy/connectors
GET /onPremisesPublishingProfiles/applicationProxy/connectors/{id}
GET /onPremisesPublishingProfiles/applicationProxy/connectors/{id}/memberOf
GET /organization
GET /organization/{organizationId}
GET /policies/adminConsentRequestPolicy
GET /policies/featureRolloutPolicies
GET /policies/featureRolloutPolicies/{id}
GET /roleManagement/cloudPC/roleDefinitions
GET /roleManagement/cloudPC/roleDefinitions/{id}
GET /roleManagement/defender/roleDefinitions
GET /roleManagement/defender/roleDefinitions/{id}
GET /roleManagement/deviceManagement/roleDefinitions
GET /roleManagement/deviceManagement/roleDefinitions/{id}
GET /roleManagement/directory/roleAssignments
GET /roleManagement/directory/roleAssignments/{id}
GET /roleManagement/directory/roleDefinitions
GET /roleManagement/directory/roleDefinitions/{id}
GET /roleManagement/directory/transitiveRoleAssignments?$filter=principalId eq '{principalId}'
GET /roleManagement/entitlementManagement/roleAssignments?
GET /roleManagement/entitlementManagement/roleAssignments/{id}
GET /roleManagement/entitlementManagement/roleDefinitions
GET /roleManagement/entitlementManagement/roleDefinitions/{id}
GET /roleManagement/exchange/roleAssignments
GET /roleManagement/exchange/roleAssignments/{id}
GET /roleManagement/exchange/roleDefinitions
GET /roleManagement/exchange/roleDefinitions/{id}
GET /servicePrincipals
GET /servicePrincipals(appId='{appId}')
GET /servicePrincipals/{id}
GET /servicePrincipals/{id}/appRoleAssignedTo
GET /servicePrincipals/{id}/appRoleAssignments
GET /servicePrincipals/{id}/createdObjects
GET /servicePrincipals/{id}/memberOf
GET /servicePrincipals/{id}/oauth2PermissionGrants
GET /servicePrincipals/{id}/ownedObjects
GET /servicePrincipals/{id}/owners
GET /servicePrincipals/{id}/transitiveMemberOf
GET /servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration
GET /servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration/targetDeviceGroups
GET /servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration/targetDeviceGroups/{targetDeviceGroupId}
GET /servicePrincipals/delta
GET /servicePrincipals/microsoft.graph.agentIdentity
GET /servicePrincipals/microsoft.graph.agentIdentityBlueprintPrincipal
GET /settings
GET /settings/{directorySettingId}
GET /subscribedSkus
GET /subscribedSkus/{id}
GET /teams/{id}/installedApps/{id}
GET /teams/{team-id}
GET /teams/{team-id}/channels
GET /teams/{team-id}/channels/{channel-id}
GET /teams/{team-id}/channels/{channel-id}/tabs
GET /teams/{team-id}/channels/{channel-id}/tabs/{tab-id}
GET /teams/{team-id}/installedApps
GET /users
GET /users?$expand=manager
GET /users/{id | user-principal-name}/joinedTeams
GET /users/{id | userPrincipalName}?$expand=directReports
GET /users/{id | userPrincipalName}/?$expand=manager($levels=n)
GET /users/{id | userPrincipalName}/createdObjects
GET /users/{id | userPrincipalName}/directReports
GET /users/{id | userPrincipalName}/manager
GET /users/{id | userPrincipalName}/memberOf
GET /users/{id | userPrincipalName}/ownedDevices
GET /users/{id | userPrincipalName}/ownedObjects
GET /users/{id | userPrincipalName}/registeredDevices
GET /users/{id | userPrincipalName}/transitiveMemberOf
GET /users/{id}/licenseDetails
GET /users/{id}/scopedRoleMemberOf
GET /users/{user-id}/licenseDetails/getTeamsLicensingDetails
GET /users/{userId}/cloudLicensing/assignmentErrors
GET /users/{userId}/cloudLicensing/assignmentErrors/{assignmentErrorId}
GET /users/{userId}/cloudLicensing/assignments
GET /users/{userId}/cloudLicensing/assignments/{assignmentId}
GET /users/{userId}/cloudLicensing/assignments/{assignmentId}/allotment
GET /users/{userId}/cloudLicensing/usageRights
GET /users/{userId}/cloudLicensing/usageRights/{usageRightId}
GET /users/{userId}/cloudLicensing/usageRights/{usageRightId}/assignments
GET /users/{userId}/cloudLicensing/waitingMembers
GET /users/{userId}/cloudLicensing/waitingMembers/{waitingMemberId}
GET /users/{userId}/cloudLicensing/waitingMembers/{waitingMemberId}/allotment
GET /users/{userId}/usageRights
GET /users/delta
POST /admin/cloudLicensing/allotments/{allotmentId}/assignments
POST /admin/cloudLicensing/assignments
POST /administrativeUnits/{id}/members
POST /administrativeUnits/{id}/members/$ref
POST /appCatalogs/teamsApps
POST /appCatalogs/teamsApps?requiresReview={Boolean}
POST /appCatalogs/teamsApps/{id}/appDefinitions
POST /applications(appId='{appId}')/addKey
POST /applications(appId='{appId}')/addPassword
POST /applications(appId='{appId}')/extensionProperties
POST /applications(appId='{appId}')/federatedIdentityCredentials
POST /applications(appId='{appId}')/owners/$ref
POST /applications(appId='{appId}')/removeKey
POST /applications(appId='{appId}')/removePassword
POST /applications/{application ObjectId}/extensionProperties
POST /applications/{id}/addKey
POST /applications/{id}/addPassword
POST /applications/{id}/federatedIdentityCredentials
POST /applications/{id}/microsoft.graph.agentIdentityBlueprint/federatedIdentityCredentials
POST /applications/{id}/owners/$ref
POST /applications/{id}/removeKey
POST /applications/{id}/removePassword
POST /applicationTemplates/{applicationTemplate-id}/instantiate
POST /contacts/{id}/checkMemberGroups
POST /contacts/{id}/checkMemberObjects
POST /contacts/{id}/getMemberGroups
POST /contacts/{id}/getMemberObjects
POST /contacts/{id}/retryServiceProvisioning
POST /devices/{id}/checkMemberGroups
POST /devices/{id}/checkMemberObjects
POST /devices/{id}/getMemberGroups
POST /devices/{id}/getMemberObjects
POST /directory/templates/deviceTemplates/{id}/owners/$ref
POST /directoryObjects/{id}/checkMemberGroups
POST /directoryObjects/{id}/checkMemberObjects
POST /directoryObjects/{id}/getMemberGroups
POST /directoryObjects/{id}/getMemberObjects
POST /directoryObjects/validateProperties
POST /groupLifecyclePolicies
POST /groupLifecyclePolicies/{id}/addGroup
POST /groupLifecyclePolicies/{id}/removeGroup
POST /groupLifecyclePolicies/renewGroup
POST /groups
POST /groups/{groupId}/cloudLicensing/assignments
POST /groups/{groupsId}/deletePasswordSingleSignOnCredentials
POST /groups/{groupsId}/getPasswordSingleSignOnCredentials
POST /groups/{id}/assignLicense
POST /groups/{id}/checkMemberGroups
POST /groups/{id}/checkMemberObjects
POST /groups/{id}/getMemberGroups
POST /groups/{id}/getMemberObjects
POST /groups/{id}/owners/$ref
POST /groups/{id}/renew
POST /groups/{id}/retryServiceProvisioning
POST /groups/{id}/settings
POST /invitations
POST /me/checkMemberGroups
POST /me/checkMemberObjects
POST /me/cloudLicensing/assignments
POST /me/getMemberGroups
POST /me/getMemberObjects
POST /me/invalidateAllRefreshTokens
POST /me/revokeSignInSessions
POST /oauth2PermissionGrants
POST /onPremisesPublishingProfiles/{profile-id}/agentGroups
POST /onPremisesPublishingProfiles/{profile-id}/agents/{agent-id}/agentGroups/$ref
POST /onPremisesPublishingProfiles/applicationProxy/connectorGroups
POST /onPremisesPublishingProfiles/applicationProxy/connectorGroups/{id}/members/$ref
POST /onPremisesPublishingProfiles/applicationProxy/connectors/{id}/memberOf/$ref
POST /policies/featureRolloutPolicies
POST /policies/featureRolloutPolicies/{id}/appliesTo/$ref
POST /roleManagement/cloudPc/roleDefinitions
POST /roleManagement/defender/roleDefinitions
POST /roleManagement/deviceManagement/roleDefinitions
POST /roleManagement/directory/roleDefinitions
POST /schemaExtensions
POST /servicePrincipals
POST /servicePrincipals(appId='{appId}')/addKey
POST /servicePrincipals(appId='{appId}')/addPassword
POST /servicePrincipals(appId='{appId}')/addTokenSigningCertificate
POST /servicePrincipals(appId='{appId}')/createPasswordSingleSignOnCredentials
POST /servicePrincipals(appId='{appId}')/deletePasswordSingleSignOnCredentials
POST /servicePrincipals(appId='{appId}')/getPasswordSingleSignOnCredentials
POST /servicePrincipals(appId='{appId}')/owners/$ref
POST /serviceprincipals(appId='{appId}')/removeKey
POST /servicePrincipals(appId='{appId}')/removePassword
POST /servicePrincipals(appId='{appId}')/updatePasswordSingleSignOnCredentials
POST /servicePrincipals/{id}/addKey
POST /servicePrincipals/{id}/addPassword
POST /servicePrincipals/{id}/addTokenSigningCertificate
POST /servicePrincipals/{id}/checkMemberGroups
POST /servicePrincipals/{id}/checkMemberObjects
POST /servicePrincipals/{id}/createPasswordSingleSignOnCredentials
POST /servicePrincipals/{id}/deletePasswordSingleSignOnCredentials
POST /servicePrincipals/{id}/getMemberGroups
POST /servicePrincipals/{id}/getMemberObjects
POST /servicePrincipals/{id}/getPasswordSingleSignOnCredentials
POST /servicePrincipals/{id}/owners/$ref
POST /serviceprincipals/{id}/removeKey
POST /servicePrincipals/{id}/removePassword
POST /servicePrincipals/{id}/synchronization/jobs/{jobId}/schema/directories/{directoryId}/discover
POST /servicePrincipals/{id}/updatePasswordSingleSignOnCredentials
POST /servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration
POST /servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration/targetDeviceGroups
POST /settings
POST /teams
POST /teams/{id}/archive
POST /teams/{id}/channels/{id}/tabs
POST /teams/{id}/clone
POST /teams/{id}/unarchive
POST /teams/{team-id}/channels
POST /teams/{team-id}/installedApps
POST /teams/{team-id}/installedApps/{app-installation-id}/upgrade
POST /users
POST /users/{id | userPrincipalName}/assignLicense
POST /users/{id | userPrincipalName}/checkMemberGroups
POST /users/{id | userPrincipalName}/checkMemberObjects
POST /users/{id | userPrincipalName}/getMemberGroups
POST /users/{id | userPrincipalName}/getMemberObjects
POST /users/{id | userPrincipalName}/invalidateAllRefreshTokens
POST /users/{id | userPrincipalName}/revokeSignInSessions
POST /users/{id}/reprocessLicenseAssignment
POST /users/{id}/retryServiceProvisioning
POST /users/{id}/sponsors/$ref
POST /users/{userId}/cloudLicensing/assignments
POST /users/{userId}/cloudLicensing/assignments/reprocessAssignments
POST /users/{usersId}/deletePasswordSingleSignOnCredentials
POST /users/{usersId}/getPasswordSingleSignOnCredentials
PATCH /admin/cloudLicensing/allotments/{allotmentId}/assignments/{assignmentId}
PATCH /admin/cloudLicensing/assignments/{assignmentId}
PATCH /applications(appId='{appId}')/federatedIdentityCredentials(name='{name}')
PATCH /applications(appId='{appId}')/federatedIdentityCredentials/{federatedIdentityCredentialId}
PATCH /applications(appId='{appId}')/federatedIdentityCredentials/{federatedIdentityCredentialName}
PATCH /applications/{id}/federatedIdentityCredentials(name='{name}')
PATCH /applications/{id}/federatedIdentityCredentials/{federatedIdentityCredentialId}
PATCH /applications/{id}/federatedIdentityCredentials/{federatedIdentityCredentialName}
PATCH /applications/{id}/microsoft.graph.agentIdentityBlueprint/federatedIdentityCredentials(name='{name}')
PATCH /applications/{id}/microsoft.graph.agentIdentityBlueprint/federatedIdentityCredentials/{federatedIdentityCredentialId}
PATCH /applications/{id}/microsoft.graph.agentIdentityBlueprint/federatedIdentityCredentials/{federatedIdentityCredentialName}
PATCH /applications/{id}/microsoft.graph.agentIdentityBlueprint/inheritablePermissions/{resourceAppId}
PATCH /devices(deviceId='{deviceId}')
PATCH /devices/{id}
PATCH /groupLifecyclePolicies/{id}
PATCH /groups(uniqueName='uniqueName')
PATCH /groups/{groupId}/cloudLicensing/assignments/{assignmentId}
PATCH /groups/{groupId}/settings/{directorySettingId}
PATCH /groups/{id}
PATCH /me/cloudLicensing/allotments/{allotmentId}/assignments/{assignmentId}
PATCH /oauth2PermissionGrants/{id}
PATCH /onPremisesPublishingProfiles/{profile-id}/agentGroups/{agentGroup-id}
PATCH /onPremisesPublishingProfiles/{profile-id}/hybridAgentUpdaterConfiguration
PATCH /onPremisesPublishingProfiles/applicationProxy/connectorGroups/{id}
PATCH /policies/featureRolloutPolicies/{id}
PATCH /roleManagement/cloudPc/roleDefinitions/{id}
PATCH /roleManagement/deviceManagement/roleDefinitions/{id}
PATCH /roleManagement/directory/roleDefinitions/{id}
PATCH /schemaExtensions/{id}
PATCH /servicePrincipals(appId='{appId}')
PATCH /servicePrincipals(appId='appId')
PATCH /servicePrincipals/{id}
PATCH /servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration
PATCH /servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration/targetDeviceGroups/{targetDeviceGroupId}
PATCH /settings/{directorySettingId}
PATCH /teams/{team-id}
PATCH /teams/{team-id}/channels/{channel-id}
PATCH /teams/{team-id}/channels/{channel-id}/members/{membership-id}
PATCH /teams/{team-id}/channels/{channel-id}/tabs/{tab-id}
PATCH /users/{id | userPrincipalName}
PATCH /users/{userId}/cloudLicensing/assignments/{assignmentId}
PUT /applications/{id}/connectorGroup/$ref
PUT /groups/{id}/team
PUT /policies/adminConsentRequestPolicy
PUT /users/{id}/manager/$ref
DELETE /admin/cloudLicensing/allotments/{allotmentId}/assignments/{assignmentId}
DELETE /admin/cloudLicensing/assignments/{assignmentId}
DELETE /appCatalogs/teamsApps/{appId}/appDefinitions/{appDefinitionId}
DELETE /appCatalogs/teamsApps/{id}
DELETE /applications(appId='{appId}')/extensionProperties/{extensionPropertyId}
DELETE /applications(appId='{appId}')/federatedIdentityCredentials/{federatedIdentityCredentialId}
DELETE /applications(appId='{appId}')/federatedIdentityCredentials/{federatedIdentityCredentialName}
DELETE /applications(appId='{appId}')/owners/{id}/$ref
DELETE /applications/{application ObjectId}/extensionProperties/{extensionPropertyId}
DELETE /applications/{id}/federatedIdentityCredentials/{federatedIdentityCredentialId}
DELETE /applications/{id}/federatedIdentityCredentials/{federatedIdentityCredentialName}
DELETE /applications/{id}/microsoft.graph.agentIdentityBlueprint/federatedIdentityCredentials/{federatedIdentityCredentialId}
DELETE /applications/{id}/microsoft.graph.agentIdentityBlueprint/federatedIdentityCredentials/{federatedIdentityCredentialName}
DELETE /applications/{id}/owners/{id}/$ref
DELETE /directory/templates/deviceTemplates/{deviceTemplateId}/owners/{id}/$ref
DELETE /groupLifecyclePolicies/{id}
DELETE /groups/{groupId}/cloudLicensing/assignments/{assignmentId}
DELETE /groups/{groupId}/settings/{directorySettingId}
DELETE /groups/{id}/members/{id}/$ref
DELETE /groups/{id}/owners/{id}/$ref
DELETE /me/cloudLicensing/assignments/{assignmentId}
DELETE /oauth2PermissionGrants/{id}
DELETE /onPremisesPublishingProfiles/{profile-id}/agents/{agent-id}
DELETE /onPremisesPublishingProfiles/{profile-id}/agents/{agent-id}/agentGroups/{agentGroup-id}/$ref
DELETE /onPremisesPublishingProfiles/applicationProxy/connectorGroups/{id}
DELETE /policies/featureRolloutPolicies/{id}
DELETE /policies/featureRolloutPolicies/{policyId}/appliesTo/{directoryObjectId}/$ref
DELETE /roleManagement/cloudPc/roleDefinitions/{id}
DELETE /roleManagement/defender/roleDefinitions/{id}
DELETE /roleManagement/deviceManagement/roleDefinitions/{id}
DELETE /roleManagement/directory/roleDefinitions/{id}
DELETE /schemaExtensions/{id}
DELETE /servicePrincipals(appId='{appId}')
DELETE /servicePrincipals/{id}
DELETE /servicePrincipals/{id}/owners/{id}/$ref
DELETE /servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration/$ref
DELETE /servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration/targetDeviceGroups/{targetDeviceGroupId}/$ref
DELETE /settings/{directorySettingId}
DELETE /teams/{team-id}/channels/{channel-id}
DELETE /teams/{team-id}/channels/{channel-id}/tabs/{tab-id}
DELETE /teams/{team-id}/installedApps/{app-installation-id}
DELETE /users/{id}/manager/$ref
DELETE /users/{id}/sponsors/{id}/$ref
DELETE /users/{userId}/cloudLicensing/assignments/{assignmentId}
Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell v1.0 commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

Commands
Add-MgApplicationKey /applications/{id}/addKey
application: addKey
Add-MgApplicationPassword /applications/{id}/addPassword
application: addPassword
Add-MgGroupToLifecyclePolicy /groupLifecyclePolicies/{id}/addGroup
groupLifecyclePolicy: addGroup
Add-MgServicePrincipalKey /serviceprincipals/{id}/addKey
servicePrincipal: addKey
Add-MgServicePrincipalPassword /servicePrincipals/{id}/addPassword
servicePrincipal: addPassword
Add-MgServicePrincipalTokenSigningCertificate /servicePrincipals/{id}/addTokenSigningCertificate
servicePrincipal: addTokenSigningCertificate
Find-MgServicePrincipalSynchronizationJobSchemaDirectory /servicePrincipals/{id}/synchronization/jobs/{jobId}/schema/directories/{directoryId}/discover
directoryDefinition: discover
Get-MgAppCatalogTeamApp /appCatalogs/teamsApps
List teamsApp
Get-MgApplication /applications
List applications
Get-MgApplication /applications/{applicationObjectId}
Get application
Get-MgApplication /applications/microsoft.graph.agentIdentityBlueprint
List agentIdentityBlueprint objects
Get-MgApplicationByAppId /applications/{applicationObjectId}
Get application
Get-MgApplicationCount /applications
List applications
Get-MgApplicationDelta /applications/delta
application: delta
Get-MgApplicationExtensionProperty /applications/{application ObjectId}/extensionProperties
List extensionProperties (directory extensions)
Get-MgApplicationOwner /applications/{id}/owners
List owners of an application
Get-MgContact /contacts
List orgContacts
Get-MgContact /contacts/{id}
Get orgContact
Get-MgContactDelta /contacts/delta
orgContact: delta
Get-MgContactDirectReport /contacts/{id}/directReports
List directReports
Get-MgContactManager /contacts/{id}/manager
Get manager
Get-MgContactMemberOf /contacts/{id}/memberOf
List memberOf
Get-MgContract /contracts
List contracts
Get-MgContract /contracts/{id}
Get Contract
Get-MgDevice /devices
List devices
Get-MgDevice /devices/{id}
Get device
Get-MgDeviceMemberOf /devices/{id}/memberOf
List device memberships
Get-MgDeviceMemberOfAsGroup /devices/{id}/memberOf
List device memberships
Get-MgDeviceRegisteredOwner /devices/{id}/registeredOwners
List registeredOwners
Get-MgDeviceRegisteredUser /devices/{id}/registeredUsers
List registeredUsers
Get-MgDeviceTransitiveMemberOf /devices/{id | userPrincipalName}/transitiveMemberOf
List device transitive memberships
Get-MgDeviceTransitiveMemberOfAsGroup /devices/{id | userPrincipalName}/transitiveMemberOf
List device transitive memberships
Get-MgDirectoryAdministrativeUnit /directory/administrativeUnits
List administrativeUnits
Get-MgDirectoryAdministrativeUnit /directory/administrativeUnits/{id}
Get administrativeUnit
Get-MgDirectoryAdministrativeUnitMember /directory/administrativeUnits/{id}/members
List members
Get-MgDirectoryAdministrativeUnitMemberByRef /directory/administrativeUnits/{id}/members
List members
Get-MgDirectoryAdministrativeUnitScopedRoleMember /directory/administrativeUnits/{id}/scopedRoleMembers
List scopedRoleMembers
Get-MgDirectoryAdministrativeUnitScopedRoleMember /directory/administrativeUnits/{id}/scopedRoleMembers/{id}
Get a scopedRoleMember
Get-MgDirectoryObjectMemberGroup /directoryObjects/{id}/getMemberGroups
directoryObject: getMemberGroups
Get-MgDirectoryObjectMemberObject /directoryObjects/{id}/getMemberObjects
directoryObject: getMemberObjects
Get-MgDirectoryRole /directoryRoles
List directoryRoles
Get-MgDirectoryRole /directoryRoles/{role-id}
Get directoryRole
Get-MgDirectoryRoleDelta /directoryRoles/delta
directoryRole: delta
Get-MgDirectoryRoleMember /directoryRoles/{role-id}/members
List members of a directory role
Get-MgDirectoryRoleScopedMember /directoryroles/{role-id}/scopedMembers
List scopedMembers for a directory role
Get-MgDirectoryRoleTemplate /directoryRoleTemplates
List directoryRoleTemplates
Get-MgDirectoryRoleTemplate /directoryRoleTemplates/{id}
Get directoryRoleTemplate
Get-MgGroup /groups
List groups
Get-MgGroup /groups/{id}
Get group
Get-MgGroupAppRoleAssignment /groups/{id}/appRoleAssignments
List appRoleAssignments granted to a group
Get-MgGroupDelta /groups/delta
group: delta
Get-MgGroupLifecyclePolicy /groupLifecyclePolicies
List groupLifecyclePolicies
Get-MgGroupLifecyclePolicy /groupLifecyclePolicies/{id}
Get groupLifecyclePolicy
Get-MgGroupLifecyclePolicyByGroup /groups/{id}/groupLifecyclePolicies
List groupLifecyclePolicies
Get-MgGroupMemberOf /groups/{id}/memberOf
List group memberships
Get-MgGroupMemberOfAsGroup /groups/{id}/memberOf
List group memberships
Get-MgGroupSetting /groupSettings
List settings
Get-MgGroupSetting /groupSettings/{groupSettingId}
Get groupSetting
Get-MgGroupSettingTemplateGroupSettingTemplate /groupSettingTemplates
List groupSettingTemplates
Get-MgGroupSettingTemplateGroupSettingTemplate /groupSettingTemplates/{id}
Get a group setting template
Get-MgGroupTransitiveMemberOf /groups/{id}/transitiveMemberOf
List group transitive memberOf
Get-MgOauth2PermissionGrant /oauth2PermissionGrants
List oAuth2PermissionGrants (delegated permission grants)
Get-MgOauth2PermissionGrant /oauth2PermissionGrants/{id}
Get oAuth2PermissionGrant (a delegated permission grant)
Get-MgOauth2PermissionGrantDelta /oauth2PermissionGrants/delta
oauth2permissiongrant: delta
Get-MgOrganization /organization
List organizations
Get-MgOrganization /organization/{organizationId}
Get organization
Get-MgPolicyAdminConsentRequestPolicy /policies/adminConsentRequestPolicy
Get adminConsentRequestPolicy
Get-MgPolicyFeatureRolloutPolicy /policies/featureRolloutPolicies
List featureRolloutPolicies
Get-MgPolicyFeatureRolloutPolicy /policies/featureRolloutPolicies/{id}
Get featureRolloutPolicy
Get-MgRoleManagementDirectoryRoleAssignment /roleManagement/directory/roleAssignments
List unifiedRoleAssignments
Get-MgRoleManagementDirectoryRoleAssignment /roleManagement/directory/roleAssignments/{id}
Get unifiedRoleAssignment
Get-MgRoleManagementDirectoryRoleDefinition /roleManagement/directory/roleDefinitions
List roleDefinitions
Get-MgRoleManagementDirectoryRoleDefinition /roleManagement/directory/roleDefinitions/{id}
Get unifiedRoleDefinition
Get-MgRoleManagementEntitlementManagementRoleAssignment /roleManagement/directory/roleAssignments
List unifiedRoleAssignments
Get-MgRoleManagementEntitlementManagementRoleDefinition /roleManagement/directory/roleDefinitions
List roleDefinitions
Get-MgServicePrincipal /servicePrincipals
List servicePrincipals
Get-MgServicePrincipal /servicePrincipals/{id}
Get servicePrincipal
Get-MgServicePrincipal /servicePrincipals/microsoft.graph.agentIdentity
List agentIdentity objects
Get-MgServicePrincipal /servicePrincipals/microsoft.graph.agentIdentityBlueprintPrincipal
List agentIdentityBlueprintPrincipal objects
Get-MgServicePrincipalAppRoleAssignedTo /servicePrincipals/{id}/appRoleAssignedTo
List appRoleAssignments granted for a service principal
Get-MgServicePrincipalAppRoleAssignment /servicePrincipals/{id}/appRoleAssignments
List appRoleAssignments granted to a service principal
Get-MgServicePrincipalCount /servicePrincipals
List servicePrincipals
Get-MgServicePrincipalCreatedObject /servicePrincipals/{id}/createdObjects
servicePrincipal: List createdObjects
Get-MgServicePrincipalDelta /servicePrincipals/delta
servicePrincipal: delta
Get-MgServicePrincipalMemberOf /servicePrincipals/{id}/memberOf
List servicePrincipal memberOf
Get-MgServicePrincipalOauth2PermissionGrant /servicePrincipals/{id}/oauth2PermissionGrants
List a service principal's oauth2PermissionGrants
Get-MgServicePrincipalOwnedObject /servicePrincipals/{id}/ownedObjects
servicePrincipals: List ownedObjects
Get-MgServicePrincipalOwner /servicePrincipals/{id}/owners
List owners of a service principal
Get-MgServicePrincipalRemoteDesktopSecurityConfiguration /servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration
Get remoteDesktopSecurityConfiguration
Get-MgServicePrincipalRemoteDesktopSecurityConfigurationTargetDeviceGroup /servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration/targetDeviceGroups
List targetDeviceGroups
Get-MgServicePrincipalRemoteDesktopSecurityConfigurationTargetDeviceGroup /servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration/targetDeviceGroups/{targetDeviceGroupId}
Get targetDeviceGroup
Get-MgServicePrincipalTransitiveMemberOf /servicePrincipals/{id}/transitiveMemberOf
List servicePrincipal transitive memberOf
Get-MgSubscribedSku /subscribedSkus
List subscribedSkus
Get-MgSubscribedSku /subscribedSkus/{id}
Get subscribedSku
Get-MgTeam /teams/{team-id}
Get team
Get-MgTeamChannel /teams/{team-id}/channels
List channels
Get-MgTeamChannel /teams/{team-id}/channels/{channel-id}
Get channel
Get-MgTeamChannelTab /teams/{id}/channels/{id}/tabs
List tabs in channel
Get-MgTeamChannelTab /teams/{team-id}/channels/{channel-id}/tabs/{tab-id}
Get tab in channel
Get-MgTeamInstalledApp /teams/{id}/installedApps/{id}
Get installed app in team
Get-MgTeamInstalledApp /teams/{team-id}/installedApps
List apps in team
Get-MgUser /me
Get user
Get-MgUser /me/manager
List manager
Get-MgUser /users
List users
Get-MgUserCount /users
List users
Get-MgUserCreatedObject /users/{id | userPrincipalName}/createdObjects
List createdObjects
Get-MgUserDelta /users/delta
user: delta
Get-MgUserDirectReport /me/directReports
List directReports
Get-MgUserJoinedTeam /me/joinedTeams
List joinedTeams
Get-MgUserLicenseDetail /me/licenseDetails
List licenseDetails
Get-MgUserLicenseDetailTeamLicensingDetail /users/{user-id}/licenseDetails/getTeamsLicensingDetails
licenseDetails: getTeamsLicensingDetails
Get-MgUserManager /me/manager
List manager
Get-MgUserMemberGroup /directoryObjects/{id}/getMemberGroups
directoryObject: getMemberGroups
Get-MgUserMemberOf /me/memberOf
List a user's direct memberships
Get-MgUserMemberOfAsGroup /me/memberOf
List a user's direct memberships
Get-MgUserOwnedDevice /me/ownedDevices
List ownedDevices
Get-MgUserOwnedObject /me/ownedObjects
List ownedObjects
Get-MgUserRegisteredDevice /me/registeredDevices
List registeredDevices
Get-MgUserTransitiveMemberOf /me/transitiveMemberOf
List a user's memberships (direct and transitive)
Invoke-MgArchiveTeam /teams/{id}/archive
Archive team
Invoke-MgInstantiateApplicationTemplate /applicationTemplates/{applicationTemplate-id}/instantiate
applicationTemplate: instantiate
Invoke-MgLicenseUser /users/{id}/reprocessLicenseAssignment
user: reprocessLicenseAssignment
Invoke-MgRenewGroup /groups/{id}/renew
group: renew
Invoke-MgRetryContactServiceProvisioning /contacts/{id}/retryServiceProvisioning
orgContact: retryServiceProvisioning
Invoke-MgRetryGroupServiceProvisioning /groups/{id}/retryServiceProvisioning
group: retryServiceProvisioning
Invoke-MgRetryUserServiceProvisioning /users/{id}/retryServiceProvisioning
user: retryServiceProvisioning
Invoke-MgUnarchiveTeam /teams/{id}/unarchive
Unarchive team
New-MgAppCatalogTeamApp /appCatalogs/teamsApps
Publish teamsApp
New-MgAppCatalogTeamAppDefinition /appCatalogs/teamsApps/{id}/appDefinitions
Update teamsApp
New-MgApplicationExtensionProperty /applications/{application ObjectId}/extensionProperties
Create extensionProperty (directory extension)
New-MgApplicationOwnerByRef /applications/{id}/owners/$ref
Add owner
New-MgDirectoryAdministrativeUnitMember /directory/administrativeUnits/{id}/members/$ref
Add a member
New-MgDirectoryAdministrativeUnitMemberByRef /directory/administrativeUnits/{id}/members/$ref
Add a member
New-MgGroup /groups
Create group
New-MgGroup /groups(uniqueName='uniqueName')
Upsert group
New-MgGroupLifecyclePolicy /groupLifecyclePolicies
Create groupLifecyclePolicy
New-MgGroupOwnerByRef /groups/{id}/owners/$ref
Add owners
New-MgGroupSetting /groupSettings
Create settings
New-MgInvitation /invitations
Create invitation
New-MgOauth2PermissionGrant /oauth2PermissionGrants
Create oAuth2PermissionGrant (a delegated permission grant)
New-MgPolicyFeatureRolloutPolicy /policies/featureRolloutPolicies
Create featureRolloutPolicy
New-MgPolicyFeatureRolloutPolicyApplyToByRef /policies/featureRolloutPolicies/{id}/appliesTo/$ref
Assign appliesTo on a featureRolloutPolicy
New-MgRoleManagementDirectoryRoleDefinition /roleManagement/directory/roleDefinitions
Create roleDefinitions
New-MgSchemaExtension /schemaExtensions
Create schemaExtension
New-MgServicePrincipal /servicePrincipals
Create serviceprincipal
New-MgServicePrincipalOwnerByRef /servicePrincipals/{id}/owners/$ref
servicePrincipal: Add owner
New-MgServicePrincipalRemoteDesktopSecurityConfigurationTargetDeviceGroup /servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration/targetDeviceGroups
Create targetDeviceGroup
New-MgTeam /teams
Create team
New-MgTeamChannel /teams/{team-id}/channels
Create channel
New-MgTeamChannelTab /teams/{team-id}/channels/{channel-id}/tabs
Add tab to channel
New-MgTeamInstalledApp /teams/{team-id}/installedApps
Add app to team
New-MgUser /users
Create User
Remove-MgAppCatalogTeamApp /appCatalogs/teamsApps/{id}
Delete teamsApp
Remove-MgApplicationExtensionProperty /applications/{application ObjectId}/extensionProperties/{extensionPropertyId}
Delete extensionProperty (directory extension)
Remove-MgApplicationKey /applications/{id}/removeKey
application: removeKey
Remove-MgApplicationOwnerDirectoryObjectByRef /applications/{id}/owners/{id}/$ref
Remove application owner
Remove-MgApplicationPassword /applications/{id}/removePassword
application: removePassword
Remove-MgGroupFromLifecyclePolicy /groupLifecyclePolicies/{id}/removeGroup
groupLifecyclePolicy: removeGroup
Remove-MgGroupLifecyclePolicy /groupLifecyclePolicies/{id}
Delete groupLifecyclePolicy
Remove-MgGroupMemberDirectoryObjectByRef /groups/{id}/members/{id}/$ref
Remove member
Remove-MgGroupOwnerDirectoryObjectByRef /groups/{id}/owners/{id}/$ref
Remove group owner
Remove-MgOauth2PermissionGrant /oAuth2PermissionGrants/{id}
Delete oAuth2PermissionGrant (a delegated permission grant)
Remove-MgPolicyFeatureRolloutPolicy /policies/featureRolloutPolicies/{id}
Delete featureRolloutPolicy
Remove-MgPolicyFeatureRolloutPolicyApplyToDirectoryObjectByRef /policies/featureRolloutPolicies/{policyId}/appliesTo/{directoryObjectId}/$ref
Remove appliesTo on a featureRolloutPolicy
Remove-MgRoleManagementDirectoryRoleDefinition /roleManagement/directory/roleDefinitions/{id}
Delete unifiedRoleDefinition
Remove-MgSchemaExtension /schemaExtensions/{id}
Delete schemaExtension
Remove-MgServicePrincipal /servicePrincipals/{id}
Delete servicePrincipal
Remove-MgServicePrincipalKey /serviceprincipals/{id}/removeKey
servicePrincipal: removeKey
Remove-MgServicePrincipalOwnerDirectoryObjectByRef /serviceprincipals/{id}/owners/{id}/$ref
Remove service principal owner
Remove-MgServicePrincipalPassword /servicePrincipals/{id}/removePassword
servicePrincipal: removePassword
Remove-MgServicePrincipalRemoteDesktopSecurityConfiguration /servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration/$ref
Delete remoteDesktopSecurityConfiguration
Remove-MgTeamChannel /teams/{team-id}/channels/{channel-id}
Delete channel
Remove-MgTeamChannelTab /teams/{team-id}/channels/{channel-id}/tabs/{tab-id}
Delete tab from channel
Remove-MgTeamInstalledApp /teams/{team-id}/installedApps/{app-installation-id}
Remove app from team
Remove-MgUserManagerByRef /users/{id}/manager/$ref
Remove manager
Set-MgGroupLicense /groups/{id}/assignLicense
group: assignLicense
Set-MgGroupTeam /groups/{id}/team
Create team from group
Set-MgUserLicense /users/{id | userPrincipalName}/assignLicense
user: assignLicense
Set-MgUserManagerByRef /users/{id}/manager/$ref
Assign manager
Test-MgDirectoryObjectProperty /directoryObjects/validateProperties
directoryObject: validateProperties
Update-MgDevice /devices/{id}
Update device
Update-MgGroup /groups/{id}
Update group
Update-MgGroupByUniqueName /groups(uniqueName='uniqueName')
Upsert group
Update-MgGroupLifecyclePolicy /groupLifecyclePolicies/{id}
Update groupLifecyclePolicy
Update-MgGroupSetting /groupSettings/{groupSettingId}
Update groupSetting
Update-MgOauth2PermissionGrant /oauth2PermissionGrants/{id}
Update an oAuth2PermissionGrant
Update-MgPolicyFeatureRolloutPolicy /policies/featureRolloutPolicies/{id}
Update featureRolloutPolicy
Update-MgRoleManagementDirectoryRoleDefinition /roleManagement/directory/roleDefinitions/{id}
Update unifiedRoleDefinition
Update-MgSchemaExtension /schemaExtensions/{id}
Update schemaExtension
Update-MgServicePrincipal /servicePrincipals/{id}
Update serviceprincipal
Update-MgServicePrincipalByAppId /servicePrincipals(appId='appId')
Upsert servicePrincipal
Update-MgServicePrincipalRemoteDesktopSecurityConfiguration /servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration
Update remoteDesktopSecurityConfiguration
Update-MgServicePrincipalRemoteDesktopSecurityConfigurationTargetDeviceGroup /servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration/targetDeviceGroups/{targetDeviceGroupId}
Update targetDeviceGroup
Update-MgTeam /teams/{team-id}
Update team
Update-MgTeamChannel /teams/{team-id}/channels/{channel-id}
Patch channel
Update-MgTeamChannelTab /teams/{team-id}/channels/{channel-id}/tabs/{tab-id}
Update tab
Update-MgTeamInstalledApp /teams/{team-id}/installedApps/{app-installation-id}/upgrade
teamsAppInstallation in a team: upgrade
Update-MgUser /users/{id | userPrincipalName}
Update user
Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell beta commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

Commands
Add-MgBetaApplicationKey /applications/{id}/addKey
application: addKey
Add-MgBetaApplicationPassword /applications/{id}/addPassword
application: addPassword
Add-MgBetaServicePrincipalTokenSigningCertificate /servicePrincipals/{id}/addTokenSigningCertificate
servicePrincipal: addTokenSigningCertificate
Find-MgBetaServicePrincipalSynchronizationJobSchemaDirectory /servicePrincipals/{id}/synchronization/jobs/{jobId}/schema/directories/{directoryId}/discover
directoryDefinition: discover
Get-MgBetaAdministrativeUnit /administrativeUnits
List administrativeUnits
Get-MgBetaAdministrativeUnit /administrativeUnits/{id}
Get administrativeUnit
Get-MgBetaAdministrativeUnitDelta /administrativeUnits/delta
administrativeUnit: delta
Get-MgBetaAdministrativeUnitScopedRoleMember /administrativeUnits/{id}/scopedRoleMembers
List scopedRoleMembers
Get-MgBetaAdministrativeUnitScopedRoleMember /administrativeUnits/{id}/scopedRoleMembers/{id}
Get a scopedRoleMember
Get-MgBetaAppCatalogTeamApp /appCatalogs/teamsApps
List teamsApp
Get-MgBetaApplication /applications
List applications
Get-MgBetaApplication /applications/{applicationObjectId}
Get application
Get-MgBetaApplication /applications/microsoft.graph.agentIdentityBlueprint
List agentIdentityBlueprint objects
Get-MgBetaApplicationByAppId /applications/{applicationObjectId}
Get application
Get-MgBetaApplicationCount /applications
List applications
Get-MgBetaApplicationDelta /applications/delta
application: delta
Get-MgBetaApplicationExtensionProperty /applications/{application ObjectId}/extensionProperties
List extensionProperties (directory extensions)
Get-MgBetaApplicationOwner /applications/{id}/owners
List owners of an application
Get-MgBetaContact /contacts
List orgContacts
Get-MgBetaContact /contacts/{id}
Get orgContact
Get-MgBetaContactDelta /contacts/delta
orgContact: delta
Get-MgBetaContactDirectReport /contacts/{id}/directReports
orgContact: List directReports
Get-MgBetaContactManager /contacts/{id}/manager
orgContact: Get manager
Get-MgBetaContactMemberOf /contacts/{id}/memberOf
orgContact: List memberOf
Get-MgBetaContract /contracts
List contracts
Get-MgBetaContract /contracts/{id}
Get Contract
Get-MgBetaDevice /devices
List devices
Get-MgBetaDevice /devices/{id}
Get device
Get-MgBetaDeviceMemberOf /devices/{id}/memberOf
List memberOf
Get-MgBetaDeviceMemberOfAsGroup /devices/{id}/memberOf
List memberOf
Get-MgBetaDeviceRegisteredOwner /devices/{id}/registeredOwners
List registeredOwners
Get-MgBetaDeviceRegisteredUser /devices/{id}/registeredUsers
List registeredUsers
Get-MgBetaDeviceTransitiveMemberOf /devices/{id}/transitiveMemberOf
List device transitive memberships
Get-MgBetaDeviceTransitiveMemberOfAsGroup /devices/{id}/transitiveMemberOf
List device transitive memberships
Get-MgBetaDeviceUsageRights /devices/{objectId}/usageRights
List device usageRights
Get-MgBetaDirectoryObjectMemberGroup /directoryObjects/{id}/getMemberGroups
directoryObject: getMemberGroups
Get-MgBetaDirectoryRole /directoryRoles
List directoryRoles
Get-MgBetaDirectoryRole /directoryRoles/{role-id}
Get directoryRole
Get-MgBetaDirectoryRoleByRoleTemplateId /directoryRoles/{role-id}
Get directoryRole
Get-MgBetaDirectoryRoleDelta /directoryRoles/delta
directoryRole: delta
Get-MgBetaDirectoryRoleMember /directoryRoles/{role-id}/members
List members
Get-MgBetaDirectoryRoleScopedMember /directoryroles/{role-id}/scopedMembers
List scopedMembers for a directory role
Get-MgBetaDirectoryRoleTemplate /directoryRoleTemplates
List directoryRoleTemplates
Get-MgBetaDirectoryRoleTemplate /directoryRoleTemplates/{id}
Get directoryRoleTemplate
Get-MgBetaDirectorySetting /settings
List settings
Get-MgBetaDirectorySetting /settings/{directorySettingId}
Get directorySetting
Get-MgBetaDirectorySettingTemplate /directorySettingTemplates
List directorySettingTemplates
Get-MgBetaDirectorySettingTemplate /directorySettingTemplates/{id}
Get a directory setting template
Get-MgBetaGroup /groups
List groups
Get-MgBetaGroup /groups/{id}
Get group
Get-MgBetaGroupAppRoleAssignment /groups/{id}/appRoleAssignments
List appRoleAssignments granted to a group
Get-MgBetaGroupDelta /groups/delta
group: delta
Get-MgBetaGroupLifecyclePolicy /groupLifecyclePolicies
List groupLifecyclePolicies
Get-MgBetaGroupLifecyclePolicy /groupLifecyclePolicies/{id}
Get groupLifecyclePolicy
Get-MgBetaGroupLifecyclePolicyByGroup /groups/{id}/groupLifecyclePolicies
List groupLifecyclePolicies
Get-MgBetaGroupMemberOf /groups/{id}/memberOf
List group memberships
Get-MgBetaGroupMemberOfAsGroup /groups/{id}/memberOf
List group memberships
Get-MgBetaGroupPasswordSingleSignOnCredential /groups/{groupsId}/getPasswordSingleSignOnCredentials
group: getPasswordSingleSignOnCredentials
Get-MgBetaGroupTransitiveMemberOf /groups/{id}/transitiveMemberOf
List group transitive memberOf
Get-MgBetaOauth2PermissionGrant /oauth2PermissionGrants
List oAuth2PermissionGrants (delegated permission grants)
Get-MgBetaOauth2PermissionGrant /oauth2PermissionGrants/{id}
Get oAuth2PermissionGrant (a delegated permission grant)
Get-MgBetaOauth2PermissionGrantDelta /oauth2PermissionGrants/delta
oauth2permissiongrant: delta
Get-MgBetaOnPremisePublishingProfile /onPremisesPublishingProfiles/{profile-id}/
Get onPremisesPublishingProfile
Get-MgBetaOnPremisePublishingProfileAgent /onPremisesPublishingProfiles/{profile-id}/agents
List onPremisesAgents
Get-MgBetaOnPremisePublishingProfileAgent /onPremisesPublishingProfiles/{profile-id}/agents/{agent-id}?$expand=agentGroups
Get onPremisesAgent
Get-MgBetaOnPremisePublishingProfileAgentGroup /onPremisesPublishingProfiles/{profile-id}/agentGroups
List onPremisesAgentGroups
Get-MgBetaOnPremisePublishingProfileAgentGroup /onPremisesPublishingProfiles/{profile-id}/agents/{agent-id}
Get onPremisesAgentGroup
Get-MgBetaOnPremisePublishingProfileConnector /onPremisesPublishingProfiles/applicationProxy/connectors
List connectors
Get-MgBetaOnPremisePublishingProfileConnector /onPremisesPublishingProfiles/applicationProxy/connectors/{id}
Get connector
Get-MgBetaOnPremisePublishingProfileConnectorGroup /onPremisesPublishingProfiles/applicationProxy/connectorGroups
List connectorGroups
Get-MgBetaOnPremisePublishingProfileConnectorGroup /onPremisesPublishingProfiles/applicationProxy/connectorGroups/{id}
Get connectorGroup
Get-MgBetaOnPremisePublishingProfileConnectorGroupApplication /onPremisesPublishingProfiles/applicationProxy/connectorGroups/{id}/applications
List applications
Get-MgBetaOnPremisePublishingProfileConnectorGroupMember /onPremisesPublishingProfiles/applicationProxy/connectorGroups/{id}/members
List members
Get-MgBetaOnPremisePublishingProfileConnectorMemberOf /onPremisesPublishingProfiles/applicationProxy/connectors/{id}/memberOf
List memberOf
Get-MgBetaOrganization /organization
List organizations
Get-MgBetaOrganization /organization/{organizationId}
Get organization
Get-MgBetaPolicyAdminConsentRequestPolicy /policies/adminConsentRequestPolicy
Get adminConsentRequestPolicy
Get-MgBetaPolicyFeatureRolloutPolicy /policies/featureRolloutPolicies
List featureRolloutPolicies
Get-MgBetaPolicyFeatureRolloutPolicy /policies/featureRolloutPolicies/{id}
Get featureRolloutPolicy
Get-MgBetaRoleManagementCloudPcRoleDefinition /roleManagement/cloudPC/roleDefinitions
List roleDefinitions
Get-MgBetaRoleManagementCloudPcRoleDefinition /roleManagement/cloudPC/roleDefinitions/{id}
Get unifiedRoleDefinition
Get-MgBetaRoleManagementDirectoryRoleAssignment /roleManagement/directory/roleAssignments
List unifiedRoleAssignments
Get-MgBetaRoleManagementDirectoryRoleAssignment /roleManagement/directory/roleAssignments/{id}
Get unifiedRoleAssignment
Get-MgBetaRoleManagementDirectoryRoleDefinition /roleManagement/cloudPC/roleDefinitions
List roleDefinitions
Get-MgBetaRoleManagementDirectoryRoleDefinition /roleManagement/cloudPC/roleDefinitions/{id}
Get unifiedRoleDefinition
Get-MgBetaRoleManagementDirectoryTransitiveRoleAssignment /roleManagement/directory/transitiveRoleAssignments?$filter=principalId eq '{principalId}'
List transitiveRoleAssignment
Get-MgBetaRoleManagementEntitlementManagementRoleAssignment /roleManagement/directory/roleAssignments
List unifiedRoleAssignments
Get-MgBetaRoleManagementEntitlementManagementRoleDefinition /roleManagement/cloudPC/roleDefinitions
List roleDefinitions
Get-MgBetaRoleManagementEntitlementManagementRoleDefinition /roleManagement/cloudPC/roleDefinitions/{id}
Get unifiedRoleDefinition
Get-MgBetaRoleManagementExchangeRoleAssignment /roleManagement/directory/roleAssignments
List unifiedRoleAssignments
Get-MgBetaRoleManagementExchangeRoleAssignment /roleManagement/directory/roleAssignments/{id}
Get unifiedRoleAssignment
Get-MgBetaRoleManagementExchangeRoleDefinition /roleManagement/cloudPC/roleDefinitions
List roleDefinitions
Get-MgBetaRoleManagementExchangeRoleDefinition /roleManagement/cloudPC/roleDefinitions/{id}
Get unifiedRoleDefinition
Get-MgBetaServicePrincipal /servicePrincipals
List servicePrincipals
Get-MgBetaServicePrincipal /servicePrincipals/{id}
Get servicePrincipal
Get-MgBetaServicePrincipal /servicePrincipals/microsoft.graph.agentIdentity
List agentIdentity objects
Get-MgBetaServicePrincipal /servicePrincipals/microsoft.graph.agentIdentityBlueprintPrincipal
List agentIdentityBlueprintPrincipal objects
Get-MgBetaServicePrincipalAppRoleAssignedTo /servicePrincipals/{id}/appRoleAssignedTo
List appRoleAssignments granted for a service principal
Get-MgBetaServicePrincipalAppRoleAssignment /servicePrincipals/{id}/appRoleAssignments
List appRoleAssignments granted to a service principal
Get-MgBetaServicePrincipalByAppId /servicePrincipals/{id}
Get servicePrincipal
Get-MgBetaServicePrincipalCount /servicePrincipals
List servicePrincipals
Get-MgBetaServicePrincipalCreatedObject /servicePrincipals/{id}/createdObjects
servicePrincipal: List createdObjects
Get-MgBetaServicePrincipalDelta /servicePrincipals/delta
servicePrincipal: delta
Get-MgBetaServicePrincipalMemberOf /servicePrincipals/{id}/memberOf
List servicePrincipal memberOf
Get-MgBetaServicePrincipalOauth2PermissionGrant /servicePrincipals/{id}/oauth2PermissionGrants
List a service principal's oauth2PermissionGrants
Get-MgBetaServicePrincipalOwnedObject /servicePrincipals/{id}/ownedObjects
servicePrincipals: List ownedObjects
Get-MgBetaServicePrincipalOwner /servicePrincipals/{id}/owners
List owners of a service principal
Get-MgBetaServicePrincipalPasswordSingleSignOnCredential /servicePrincipals/{id}/getPasswordSingleSignOnCredentials
servicePrincipal: getPasswordSingleSignOnCredentials
Get-MgBetaServicePrincipalRemoteDesktopSecurityConfiguration /servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration
Get remoteDesktopSecurityConfiguration
Get-MgBetaServicePrincipalRemoteDesktopSecurityConfigurationTargetDeviceGroup /servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration/targetDeviceGroups
List targetDeviceGroups
Get-MgBetaServicePrincipalRemoteDesktopSecurityConfigurationTargetDeviceGroup /servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration/targetDeviceGroups/{targetDeviceGroupId}
Get targetDeviceGroup
Get-MgBetaServicePrincipalTransitiveMemberOf /servicePrincipals/{id}/transitiveMemberOf
List servicePrincipal transitive memberOf
Get-MgBetaSubscribedSku /subscribedSkus
List subscribedSkus
Get-MgBetaSubscribedSku /subscribedSkus/{id}
Get subscribedSku
Get-MgBetaTeam /teams/{team-id}
Get team
Get-MgBetaTeamChannel /teams/{team-id}/channels
List channels
Get-MgBetaTeamChannel /teams/{team-id}/channels/{channel-id}
Get channel
Get-MgBetaTeamChannelTab /teams/{team-id}/channels/{channel-id}/tabs
List tabs in channel
Get-MgBetaTeamInstalledApp /teams/{id}/installedApps/{id}
Get installed app in team
Get-MgBetaTeamInstalledApp /teams/{team-id}/installedApps
List apps in team
Get-MgBetaUser /me
Get user
Get-MgBetaUser /me/manager
List manager
Get-MgBetaUser /users
List users
Get-MgBetaUserCount /users
List users
Get-MgBetaUserCreatedObject /users/{id | userPrincipalName}/createdObjects
List createdObjects
Get-MgBetaUserDelta /users/delta
user: delta
Get-MgBetaUserDirectReport /me/directReports
List directReports
Get-MgBetaUserJoinedTeam /me/joinedTeams
List joinedTeams
Get-MgBetaUserLicenseDetail /me/licenseDetails
List licenseDetails
Get-MgBetaUserLicenseDetailTeamLicensingDetail /users/{user-id}/licenseDetails/getTeamsLicensingDetails
licenseDetails: getTeamsLicensingDetails
Get-MgBetaUserManager /me/manager
List manager
Get-MgBetaUserMemberGroup /directoryObjects/{id}/getMemberGroups
directoryObject: getMemberGroups
Get-MgBetaUserMemberObject /directoryObjects/{id}/getMemberObjects
directoryObject: getMemberObjects
Get-MgBetaUserMemberOf /me/memberOf
List a user's direct memberships
Get-MgBetaUserMemberOfAsGroup /me/memberOf
List a user's direct memberships
Get-MgBetaUserOwnedDevice /users/{id | userPrincipalName}/ownedDevices
List ownedDevices
Get-MgBetaUserOwnedObject /me/ownedObjects
List ownedObjects
Get-MgBetaUserPasswordSingleSignOnCredential /users/{usersId}/getPasswordSingleSignOnCredentials
user: getPasswordSingleSignOnCredentials
Get-MgBetaUserRegisteredDevice /me/registeredDevices
List registeredDevices
Get-MgBetaUserScopedRoleMemberOf /me/scopedRoleMemberOf
List scopedAdministratorOf
Get-MgBetaUserTransitiveMemberOf /me/transitiveMemberOf
List a user's memberships (direct and transitive)
Get-MgUser /me
Get user
Invoke-MgBetaArchiveTeam /teams/{id}/archive
Archive team
Invoke-MgBetaInstantiateApplicationTemplate /applicationTemplates/{applicationTemplate-id}/instantiate
applicationTemplate: instantiate
Invoke-MgBetaInvalidateAllUserRefreshToken /me/invalidateAllRefreshTokens
user: invalidateAllRefreshTokens
Invoke-MgBetaLicenseUser /users/{id}/reprocessLicenseAssignment
user: reprocessLicenseAssignment
Invoke-MgBetaRenewGroup /groups/{id}/renew
group: renew
Invoke-MgBetaRenewGroupLifecyclePolicy /groupLifecyclePolicies/renewGroup
groupLifecyclePolicy: renewGroup
Invoke-MgBetaRetryContactServiceProvisioning /contacts/{id}/retryServiceProvisioning
orgContact: retryServiceProvisioning
Invoke-MgBetaRetryGroupServiceProvisioning /groups/{id}/retryServiceProvisioning
group: retryServiceProvisioning
Invoke-MgBetaRetryUserServiceProvisioning /users/{id}/retryServiceProvisioning
user: retryServiceProvisioning
Invoke-MgBetaUnarchiveTeam /teams/{id}/unarchive
Unarchive team
New-MgBetaAdministrativeUnitMember /administrativeUnits/{id}/members/$ref
Add a member
New-MgBetaAdministrativeUnitMemberByRef /administrativeUnits/{id}/members/$ref
Add a member
New-MgBetaAppCatalogTeamApp /appCatalogs/teamsApps
Publish teamsApp
New-MgBetaAppCatalogTeamAppDefinition /appCatalogs/teamsApps/{id}/appDefinitions
Update teamsApp
New-MgBetaApplicationExtensionProperty /applications/{application ObjectId}/extensionProperties
Create extensionProperty (directory extension)
New-MgBetaApplicationFederatedIdentityCredential /applications/{id}/federatedIdentityCredentials
Create federatedIdentityCredential
New-MgBetaApplicationOwnerByRef /applications/{id}/owners/$ref
Add owner
New-MgBetaDirectorySetting /settings
Create settings
New-MgBetaGroup /groups
Create group
New-MgBetaGroup /groups(uniqueName='uniqueName')
Upsert group
New-MgBetaGroupLifecyclePolicy /groupLifecyclePolicies
Create groupLifecyclePolicy
New-MgBetaGroupOwnerByRef /groups/{id}/owners/$ref
Add owners
New-MgBetaGroupSetting /settings
Create settings
New-MgBetaInvitation /invitations
Create invitation
New-MgBetaOauth2PermissionGrant /oauth2PermissionGrants
Create oAuth2PermissionGrant (a delegated permission grant)
New-MgBetaOnPremisePublishingProfileAgentGroup /onPremisesPublishingProfiles/{profile-id}/agentGroups
Create onPremisesAgentGroup
New-MgBetaOnPremisePublishingProfileConnectorGroup /onPremisesPublishingProfiles/applicationProxy/connectorGroups
Create connectorGroup
New-MgBetaOnPremisePublishingProfileConnectorGroupMemberByRef /onPremisesPublishingProfiles/applicationProxy/connectorGroups/{id}/members/$ref
Add connector to connectorGroup
New-MgBetaOnPremisePublishingProfileConnectorMemberOfByRef /onPremisesPublishingProfiles/applicationProxy/connectors/{id}/memberOf/$ref
Add Connector to connectorGroup
New-MgBetaPolicyFeatureRolloutPolicy /policies/featureRolloutPolicies
Create featureRolloutPolicy
New-MgBetaPolicyFeatureRolloutPolicyApplyToByRef /policies/featureRolloutPolicies/{id}/appliesTo/$ref
Assign appliesTo
New-MgBetaRoleManagementCloudPcRoleDefinition /roleManagement/deviceManagement/roleDefinitions
Create roleDefinitions
New-MgBetaRoleManagementDirectoryRoleDefinition /roleManagement/deviceManagement/roleDefinitions
Create roleDefinitions
New-MgBetaSchemaExtension /schemaExtensions
Create schemaExtension
New-MgBetaServicePrincipal /servicePrincipals
Create serviceprincipal
New-MgBetaServicePrincipalOwnerByRef /servicePrincipals/{id}/owners/$ref
servicePrincipal: Add owner
New-MgBetaServicePrincipalPasswordSingleSignOnCredential /servicePrincipals/{id}/createPasswordSingleSignOnCredentials
servicePrincipal: createPasswordSingleSignOnCredentials
New-MgBetaServicePrincipalRemoteDesktopSecurityConfigurationTargetDeviceGroup /servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration/targetDeviceGroups
Create targetDeviceGroup
New-MgBetaTeam /teams
Create team
New-MgBetaTeamChannel /teams/{team-id}/channels
Create channel
New-MgBetaTeamInstalledApp /teams/{team-id}/installedApps
Add app to team
New-MgBetaUser /users
Create user
Remove-MgBetaAppCatalogTeamApp /appCatalogs/teamsApps/{id}
Delete teamsApp
Remove-MgBetaApplicationExtensionProperty /applications/{application ObjectId}/extensionProperties/{extensionPropertyId}
Delete extensionProperty (directory extension)
Remove-MgBetaApplicationFederatedIdentityCredential /applications/{id}/federatedIdentityCredentials/{federatedIdentityCredentialId}
Delete federatedIdentityCredential
Remove-MgBetaApplicationKey /applications/{id}/removeKey
application: removeKey
Remove-MgBetaApplicationOwnerDirectoryObjectByRef /applications/{id}/owners/{id}/$ref
Remove owner
Remove-MgBetaApplicationPassword /applications/{id}/removePassword
application: removePassword
Remove-MgBetaDirectorySetting /settings/{directorySettingId}
Delete directorySetting
Remove-MgBetaGroupLifecyclePolicy /groupLifecyclePolicies/{id}
Delete groupLifecyclePolicy
Remove-MgBetaGroupMemberDirectoryObjectByRef /groups/{id}/members/{id}/$ref
Remove member
Remove-MgBetaGroupOwnerDirectoryObjectByRef /groups/{id}/owners/{id}/$ref
Remove group owner
Remove-MgBetaGroupPasswordSingleSignOnCredential /groups/{groupsId}/deletePasswordSingleSignOnCredentials
group: deletePasswordSingleSignOnCredentials
Remove-MgBetaOauth2PermissionGrant /oauth2PermissionGrants/{id}
Delete oAuth2PermissionGrant (a delegated permission grant)
Remove-MgBetaOnPremisePublishingProfileAgentGroup /onPremisesPublishingProfiles/{profile-id}/agents/{agent-id}
Delete onPremisesAgentGroup
Remove-MgBetaOnPremisePublishingProfileConnectorGroup /onPremisesPublishingProfiles/applicationProxy/connectorGroups/{id}
Delete connectorGroup
Remove-MgBetaPolicyFeatureRolloutPolicy /policies/featureRolloutPolicies/{id}
Delete featureRolloutPolicy
Remove-MgBetaPolicyFeatureRolloutPolicyApplyToDirectoryObjectByRef /policies/featureRolloutPolicies/{policyId}/appliesTo/{directoryObjectId}/$ref
Remove appliesTo
Remove-MgBetaRoleManagementCloudPcRoleDefinition /roleManagement/deviceManagement/roleDefinitions/{id}
Delete unifiedRoleDefinition
Remove-MgBetaRoleManagementDirectoryRoleDefinition /roleManagement/deviceManagement/roleDefinitions/{id}
Delete unifiedRoleDefinition
Remove-MgBetaSchemaExtension /schemaExtensions/{id}
Delete schemaExtension
Remove-MgBetaServicePrincipal /servicePrincipals/{id}
Delete servicePrincipal
Remove-MgBetaServicePrincipalPasswordSingleSignOnCredential /servicePrincipals/{id}/deletePasswordSingleSignOnCredentials
servicePrincipal: deletePasswordSingleSignOnCredentials
Remove-MgBetaServicePrincipalRemoteDesktopSecurityConfiguration /servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration/$ref
Delete remoteDesktopSecurityConfiguration
Remove-MgBetaTeamChannel /teams/{team-id}/channels/{channel-id}
Delete channel
Remove-MgBetaTeamInstalledApp /teams/{team-id}/installedApps/{app-installation-id}
Remove app from team
Remove-MgBetaUserManagerByRef /users/{id}/manager/$ref
Remove manager
Remove-MgBetaUserPasswordSingleSignOnCredential /users/{usersId}/deletePasswordSingleSignOnCredentials
user: deletePasswordSingleSignOnCredentials
Remove-MgServicePrincipalOwnerDirectoryObjectByRef /servicePrincipals/{id}/owners/{id}/$ref
Remove owner
Set-MgBetaApplicationConnectorGroupByRef /applications/{id}/connectorGroup/$ref
Assign a connectorGroup to an application
Set-MgBetaGroupLicense /groups/{id}/assignLicense
group: assignLicense
Set-MgBetaGroupTeam /groups/{id}/team
Create team from group
Set-MgBetaUserLicense /users/{id | userPrincipalName}/assignLicense
user: assignLicense
Set-MgBetaUserManagerByRef /users/{id}/manager/$ref
Assign a manager
Test-MgBetaDirectoryObjectProperty /directoryObjects/validateProperties
directoryObject: validateProperties
Update-MgBetaApplicationFederatedIdentityCredential /applications/{id}/federatedIdentityCredentials/{federatedIdentityCredentialId}
Update federatedIdentityCredential
Update-MgBetaDevice /devices/{id}
Update device
Update-MgBetaDirectorySetting /settings/{directorySettingId}
Update directorySetting
Update-MgBetaGroup /groups/{id}
Update group
Update-MgBetaGroupByUniqueName /groups(uniqueName='uniqueName')
Upsert group
Update-MgBetaGroupLifecyclePolicy /groupLifecyclePolicies/{id}
Update groupLifecyclePolicy
Update-MgBetaOauth2PermissionGrant /oauth2PermissionGrants/{id}
Update oAuth2PermissionGrant (a delegated permission grant)
Update-MgBetaOnPremisePublishingProfileAgentGroup /onPremisesPublishingProfiles/{profile-id}/agentGroups/{agentGroup-id}
Update onPremisesAgentGroup
Update-MgBetaOnPremisePublishingProfileConnectorGroup /onPremisesPublishingProfiles/applicationProxy/connectorGroups/{id}
Update connectorGroups
Update-MgBetaPolicyFeatureRolloutPolicy /policies/featureRolloutPolicies/{id}
Update featureRolloutPolicy
Update-MgBetaRoleManagementCloudPcRoleDefinition /roleManagement/deviceManagement/roleDefinitions/{id}
Update unifiedRoleDefinition
Update-MgBetaRoleManagementDirectoryRoleDefinition /roleManagement/deviceManagement/roleDefinitions/{id}
Update unifiedRoleDefinition
Update-MgBetaSchemaExtension /schemaExtensions/{id}
Update schemaExtension
Update-MgBetaServicePrincipal /servicePrincipals/{id}
Update serviceprincipal
Update-MgBetaServicePrincipalByAppId /servicePrincipals(appId='appId')
Upsert servicePrincipal
Update-MgBetaServicePrincipalPasswordSingleSignOnCredential /servicePrincipals/{id}/updatePasswordSingleSignOnCredentials
servicePrincipal: updatePasswordSingleSignOnCredentials
Update-MgBetaServicePrincipalRemoteDesktopSecurityConfiguration /servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration
Update remoteDesktopSecurityConfiguration
Update-MgBetaServicePrincipalRemoteDesktopSecurityConfigurationTargetDeviceGroup /servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration/targetDeviceGroups/{targetDeviceGroupId}
Update targetDeviceGroup
Update-MgBetaTeam /teams/{team-id}
Update team
Update-MgBetaTeamChannel /teams/{team-id}/channels/{channel-id}
Update channel
Update-MgBetaTeamInstalledApp /teams/{team-id}/installedApps/{app-installation-id}/upgrade
teamsAppInstallation: upgrade
Update-MgBetaUser /users/{id | userPrincipalName}
Update user or agentUser

Code Examples

C# / .NET SDK
Create featureRolloutPolicy
View official example on Microsoft Learn
// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Models;

var requestBody = new FeatureRolloutPolicy
{
	DisplayName = "PassthroughAuthentication rollout policy",
	Description = "PassthroughAuthentication rollout policy",
	Feature = StagedFeatureName.PassthroughAuthentication,
	IsEnabled = true,
	IsAppliedToOrganization = false,
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Policies.FeatureRolloutPolicies.PostAsync(requestBody);
JavaScript
Create featureRolloutPolicy
View official example on Microsoft Learn
const options = {
	authProvider,
};

const client = Client.init(options);

const featureRolloutPolicy = {
  displayName: 'PassthroughAuthentication rollout policy',
  description: 'PassthroughAuthentication rollout policy',
  feature: 'passthroughAuthentication',
  isEnabled: true,
  isAppliedToOrganization: false
};

await client.api('/policies/featureRolloutPolicies')
	.post(featureRolloutPolicy);
PowerShell
Create featureRolloutPolicy
View official example on Microsoft Learn
Import-Module Microsoft.Graph.Identity.SignIns

$params = @{
	displayName = "PassthroughAuthentication rollout policy"
	description = "PassthroughAuthentication rollout policy"
	feature = "passthroughAuthentication"
	isEnabled = $true
	isAppliedToOrganization = $false
}

New-MgPolicyFeatureRolloutPolicy -BodyParameter $params
Python
Create featureRolloutPolicy
View official example on Microsoft Learn
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.feature_rollout_policy import FeatureRolloutPolicy
from msgraph.generated.models.staged_feature_name import StagedFeatureName
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = FeatureRolloutPolicy(
	display_name = "PassthroughAuthentication rollout policy",
	description = "PassthroughAuthentication rollout policy",
	feature = StagedFeatureName.PassthroughAuthentication,
	is_enabled = True,
	is_applied_to_organization = False,
)

result = await graph_client.policies.feature_rollout_policies.post(request_body)

App Registration

1

Navigate to Azure Portal

Go to App registrations in Microsoft Entra admin center

2

Add API Permission

Select your app → API permissions → Add a permission → Microsoft Graph

3

Select Permission Type

Choose Application permissions or delegated permissions and search for Directory.ReadWrite.All

4

Grant Admin Consent

Application permissions always require admin consent.