ESC
Type to search...

EntitlementManagement.Read.All

Export JSON
Export CSV
Copy URL
Print
ApplicationDelegated Full Control All Resources

Allows the app to read access packages and related entitlement management resources without a signed-in user.

Permission data: July 5, 2026 at 7:09 PM UTC
Delegated Access App-Only Access

Permission Details

Application Permission

Read all entitlement management resources

Allows the app to read access packages and related entitlement management resources without a signed-in user.

Delegated Permission Admin consent required

Read all entitlement management resources

Allows the app to read access packages and related entitlement management resources on behalf of the signed-in user.

Properties

Microsoft Graph v1.0 exact-category-docs

Properties is shown from stable Microsoft Graph v1.0 metadata.

Property Type Description
id String This value indicates the resource is a singleton. Read-only. Inherited from entity.
accessPackageAssignmentApprovals approval collection Approval stages for decisions associated with access package assignment requests.
accessPackages accessPackage collection Access packages define the collection of resource roles and the policies for which subjects can request or be assigned access to those resources.
accessPackageSuggestions accessPackageSuggestion collection Suggested access packages for end users based on various criteria such as related people insights and assignment history.
assignmentPolicies accessPackageAssignmentPolicy collection Access package assignment policies govern which subjects can request or be assigned an access package via an access package assignment.
assignmentRequests accessPackageAssignmentRequest collection Access package assignment requests created by or on behalf of a subject.
assignments accessPackageAssignment collection The assignment of an access package to a subject for a period of time.
availableAccessPackages availableAccessPackage collection Access packages available for end users to browse and request.
catalogs accessPackageCatalog collection A container for access packages.
connectedOrganizations connectedOrganization collection References to a directory or domain of another organization whose users can request access.
controlConfigurations controlConfiguration collection Configuration settings that control the lifecycle and access policies of entitlement management within a tenant.
resourceEnvironments accessPackageResourceEnvironment collection A reference to the geolocation environments in which a resource is located.
resourceRequests accessPackageResourceRequest collection Represents a request to add or remove a resource to or from a catalog respectively.
resourceRoleScopes accessPackageResourceRoleScope collection
resources accessPackageResource collection The resources associated with the catalogs.

Showing 15 of 17 properties.

JSON Representation

Microsoft Graph v1.0 exact-category-docs

JSON representation is shown from stable Microsoft Graph v1.0 metadata.

JSON representation
{
  "@odata.type": "#microsoft.graph.entitlementManagement",
  "id": "String (identifier)"
}

Relationships

Microsoft Graph v1.0 exact-category-docs

Relationships is shown from stable Microsoft Graph v1.0 metadata.

Relationship Type Description
accessPackageAssignmentApprovals approval collection Approval stages for decisions associated with access package assignment requests.
accessPackages accessPackage collection Access packages define the collection of resource roles and the policies for which subjects can request or be assigned access to those resources.
accessPackageSuggestions accessPackageSuggestion collection Suggested access packages for end users based on various criteria such as related people insights and assignment history.
availableAccessPackages availableAccessPackage collection Access packages available for end users to browse and request.
assignmentPolicies accessPackageAssignmentPolicy collection Access package assignment policies govern which subjects can request or be assigned an access package via an access package assignment.
assignmentRequests accessPackageAssignmentRequest collection Access package assignment requests created by or on behalf of a subject.
assignments accessPackageAssignment collection The assignment of an access package to a subject for a period of time.
catalogs accessPackageCatalog collection A container for access packages.
connectedOrganizations connectedOrganization collection References to a directory or domain of another organization whose users can request access.
controlConfigurations controlConfiguration collection Configuration settings that control the lifecycle and access policies of entitlement management within a tenant.
resourceEnvironments accessPackageResourceEnvironment collection A reference to the geolocation environments in which a resource is located.
resourceRequests accessPackageResourceRequest collection Represents a request to add or remove a resource to or from a catalog respectively.
resources accessPackageResource collection The resources associated with the catalogs.
settings entitlementManagementSettings The settings that control the behavior of Microsoft Entra entitlement management.
resourceRoleScopes accessPackageResourceRoleScope collection Related resourceRoleScopes data exposed by this resource.
subjects accessPackageSubject collection Related subjects data exposed by this resource.
accessPackageAssignmentPolicies accessPackageAssignmentPolicy collection Represents the policy that governs which subjects can request or be assigned an access package via an access package assignment.
accessPackageAssignmentRequests accessPackageAssignmentRequest collection Represents access package assignment requests created by or on behalf of a user. DO NOT USE. TO BE RETIRED SOON. Use the assignmentRequests relationship instead.
accessPackageAssignmentResourceRoles accessPackageAssignmentResourceRole collection Represents the resource-specific role which a subject has been assigned through an access package assignment.
accessPackageAssignments accessPackageAssignment collection The assignment of an access package to a subject for a period of time.
accessPackageCatalogs accessPackageCatalog collection A container of access packages.

Graph Methods

Delegated access App-only access
Exact Microsoft Learn match

Microsoft Graph v1.0 endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

Methods
GET /identityGovernance/entitlementManagement/accessPackageAssignmentApprovals/{accessPackageAssignmentRequestId}
GET /identityGovernance/entitlementManagement/accessPackageAssignmentApprovals/{accessPackageAssignmentRequestId}/stages
GET /identityGovernance/entitlementManagement/accessPackageAssignmentApprovals/{accessPackageAssignmentRequestId}/stages/{approvalStageId}
GET /identityGovernance/entitlementManagement/accessPackages
GET /identityGovernance/entitlementManagement/accessPackages/{accessPackageId}
GET /identityGovernance/entitlementManagement/accessPackages/{id}?$expand=resourceRoleScopes($expand=role,scope)
GET /identityGovernance/entitlementManagement/accessPackages/{id}/accessPackagesIncompatibleWith
GET /identityGovernance/entitlementManagement/accessPackages/{id}/incompatibleAccessPackages
GET /identityGovernance/entitlementManagement/accessPackages/{id}/incompatibleGroups
GET /identityGovernance/entitlementManagement/accessPackages/filterByCurrentUser(on='allowedRequestor')
GET /identityGovernance/entitlementManagement/accessPackageSuggestions/filterByCurrentUser(on='{on}')
GET /identityGovernance/entitlementManagement/assignmentPolicies
GET /identityGovernance/entitlementManagement/assignmentPolicies/{accessPackageAssignmentPolicyId}
GET /identityGovernance/entitlementManagement/assignmentRequests
GET /identityGovernance/entitlementManagement/assignmentRequests/{accessPackageAssignmentRequestId}
GET /identityGovernance/entitlementManagement/assignmentRequests/filterByCurrentUser(on='parameterValue')
GET /identityGovernance/entitlementManagement/assignments
GET /identityGovernance/entitlementManagement/assignments/{accessPackageAssignmentId}
GET /identityGovernance/entitlementManagement/assignments/additionalAccess(accessPackageId='parameterValue',incompatibleAccessPackageId='parameterValue')
GET /identityGovernance/entitlementManagement/assignments/filterByCurrentUser(on='parameterValue')
GET /identityGovernance/entitlementManagement/availableAccessPackages/{availableAccessPackage-id}/resourceRoleScopes
GET /identityGovernance/entitlementManagement/catalogs
GET /identityGovernance/entitlementManagement/catalogs/{accessPackageCatalogId}
GET /identityGovernance/entitlementManagement/catalogs/{catalogId}/customWorkflowExtensions
GET /identityGovernance/entitlementManagement/catalogs/{catalogId}/customWorkflowExtensions/{accessPackageCustomWorkflowExtensionId}
GET /identityGovernance/entitlementManagement/catalogs/{catalogId}/resourceRoles?$filter=(originSystem+eq+%27{originSystemType}%27+and+resource/id+eq+%27{resourceId}%27)&$expand=resource
GET /identityGovernance/entitlementManagement/catalogs/{id}/resources
GET /identityGovernance/entitlementManagement/connectedOrganizations
GET /identityGovernance/entitlementManagement/connectedOrganizations/{connectedOrganizationId}
GET /identityGovernance/entitlementManagement/connectedOrganizations/{id}/externalSponsors
GET /identityGovernance/entitlementManagement/connectedOrganizations/{id}/internalSponsors
GET /identityGovernance/entitlementManagement/controlConfigurations/endUserSettings
GET /identityGovernance/entitlementManagement/resourceEnvironments?$filter=originSystem eq 'SharePointOnline'
GET /identityGovernance/entitlementManagement/resourceRequests
GET /identityGovernance/entitlementManagement/settings
GET /identityGovernance/privilegedAccess/group/assignmentApprovals/{privilegedaccessgroupassignmentschedulerequestId}
GET /identityGovernance/privilegedAccess/group/assignmentApprovals/{privilegedaccessgroupassignmentschedulerequestId}/stages
GET /identityGovernance/privilegedAccess/group/assignmentApprovals/{privilegedaccessgroupassignmentschedulerequestId}/stages/{approvalStageId}
GET /roleManagement/directory/roleAssignments
GET /roleManagement/directory/roleAssignments/{id}
GET /roleManagement/directory/roleDefinitions
GET /roleManagement/directory/roleDefinitions/{id}
GET /roleManagement/entitlementManagement/roleAssignments
GET /roleManagement/entitlementManagement/roleAssignments/{id}
GET /roleManagement/entitlementManagement/roleDefinitions
GET /roleManagement/entitlementManagement/roleDefinitions/{id}
POST /identityGovernance/entitlementManagement/accessPackages/{accessPackageId}/getApplicablePolicyRequirements
Exact Microsoft Learn match

Microsoft Graph beta endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

Methods
GET /identityGovernance/entitlementManagement/accessPackageAssignmentApprovals/{id}
GET /identityGovernance/entitlementManagement/accessPackageAssignmentApprovals/{id}/steps
GET /identityGovernance/entitlementManagement/accessPackageAssignmentApprovals/{id}/steps/{id}
GET /identityGovernance/entitlementManagement/accessPackageAssignmentPolicies
GET /identityGovernance/entitlementManagement/accessPackageAssignmentPolicies/{id}
GET /identityGovernance/entitlementManagement/accessPackageAssignmentRequests
GET /identityGovernance/entitlementManagement/accessPackageAssignmentRequests/{id}
GET /identityGovernance/entitlementManagement/accessPackageAssignmentRequests/filterByCurrentUser(on='parameterValue')
GET /identityGovernance/entitlementManagement/accessPackageAssignmentResourceRoles
GET /identityGovernance/entitlementManagement/accessPackageAssignmentResourceRoles/{id}
GET /identityGovernance/entitlementManagement/accessPackageAssignments
GET /identityGovernance/entitlementManagement/accessPackageAssignments/additionalAccess(accessPackageId='parameterValue',incompatibleAccessPackageId='parameterValue')
GET /identityGovernance/entitlementManagement/accessPackageAssignments/filterByCurrentUser(on='parameterValue')
GET /identityGovernance/entitlementManagement/accessPackageCatalogs
GET /identityGovernance/entitlementManagement/accessPackageCatalogs/{catalogId}/accessPackageCustomWorkflowExtensions
GET /identityGovernance/entitlementManagement/accessPackageCatalogs/{catalogId}/accessPackageCustomWorkflowExtensions/{accessPackageCustomWorkflowExtensionId}
GET /identityGovernance/entitlementManagement/accessPackageCatalogs/{catalogId}/accessPackageResourceRoles?$filter=(originSystem+eq+%27{originSystemType}%27+and+accessPackageResource/id+eq+%27{resourceId}%27)&$expand=accessPackageResource
GET /identityGovernance/entitlementManagement/accessPackageCatalogs/{catalogId}/customAccessPackageWorkflowExtensions
GET /identityGovernance/entitlementManagement/accessPackageCatalogs/{catalogId}/customAccessPackageWorkflowExtensions/{customAccessPackageWorkflowExtensionId}
GET /identityGovernance/entitlementManagement/accessPackageCatalogs/{id}
GET /identityGovernance/entitlementManagement/accessPackageCatalogs/{id}/accessPackageResources
GET /identityGovernance/entitlementManagement/accessPackageResourceEnvironments?$filter=originSystem eq 'SharePointOnline'
GET /identityGovernance/entitlementManagement/accessPackageResourceEnvironments/{accessPackageResourceEnvironmentId}
GET /identityGovernance/entitlementManagement/accessPackageResourceRequests
GET /identityGovernance/entitlementManagement/accessPackages
GET /identityGovernance/entitlementManagement/accessPackages/{id}
GET /identityGovernance/entitlementManagement/accessPackages/{id}?$expand=accessPackageResourceRoleScopes($expand=accessPackageResourceRole,accessPackageResourceScope)
GET /identityGovernance/entitlementManagement/accessPackages/{id}/accessPackagesIncompatibleWith
GET /identityGovernance/entitlementManagement/accessPackages/{id}/incompatibleAccessPackages
GET /identityGovernance/entitlementManagement/accessPackages/{id}/incompatibleGroups
GET /identityGovernance/entitlementManagement/accessPackages/filterByCurrentUser(on='allowedRequestor')
GET /identityGovernance/entitlementManagement/accessPackageSuggestions/filterByCurrentUser(on={on})
GET /identityGovernance/entitlementManagement/assignmentRequests
GET /identityGovernance/entitlementManagement/assignmentRequests/{accessPackageAssignmentRequestId}
GET /identityGovernance/entitlementManagement/assignmentRequests/filterByCurrentUser(on='parameterValue')
GET /identityGovernance/entitlementManagement/availableAccessPackages/{availableAccessPackage-id}/resourceRoleScopes
GET /identityGovernance/entitlementManagement/connectedOrganizations
GET /identityGovernance/entitlementManagement/connectedOrganizations/{id}
GET /identityGovernance/entitlementManagement/connectedOrganizations/{id}/externalSponsors
GET /identityGovernance/entitlementManagement/connectedOrganizations/{id}/internalSponsors
GET /identityGovernance/entitlementManagement/controlConfigurations/endUserSettings
GET /identityGovernance/entitlementManagement/externalOriginResourceConnectors
GET /identityGovernance/entitlementManagement/settings
GET /identityGovernance/privilegedAccess/group/assignmentApprovals/{id}
GET /identityGovernance/privilegedAccess/group/assignmentApprovals/{id}/steps
GET /identityGovernance/privilegedAccess/group/assignmentApprovals/{id}/steps/{id}
GET /roleManagement/cloudPC/roleDefinitions
GET /roleManagement/cloudPC/roleDefinitions/{id}
GET /roleManagement/defender/roleDefinitions
GET /roleManagement/defender/roleDefinitions/{id}
GET /roleManagement/deviceManagement/roleDefinitions
GET /roleManagement/deviceManagement/roleDefinitions/{id}
GET /roleManagement/directory/roleAssignmentApprovals/{id}
GET /roleManagement/directory/roleAssignmentApprovals/{id}/steps
GET /roleManagement/directory/roleAssignmentApprovals/{id}/steps/{id}
GET /roleManagement/directory/roleAssignments
GET /roleManagement/directory/roleAssignments/{id}
GET /roleManagement/directory/roleDefinitions
GET /roleManagement/directory/roleDefinitions/{id}
GET /roleManagement/entitlementManagement/roleAssignments?
GET /roleManagement/entitlementManagement/roleAssignments/{id}
GET /roleManagement/entitlementManagement/roleDefinitions
GET /roleManagement/entitlementManagement/roleDefinitions/{id}
GET /roleManagement/exchange/roleAssignments
GET /roleManagement/exchange/roleAssignments/{id}
GET /roleManagement/exchange/roleDefinitions
GET /roleManagement/exchange/roleDefinitions/{id}
POST /identityGovernance/entitlementManagement/accessPackageCatalogs/{catalogId}/accessPackageCustomWorkflowExtensions
POST /identityGovernance/entitlementManagement/accessPackages/{id}/getApplicablePolicyRequirements
Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell v1.0 commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

Commands
Get-MgEntitlementManagementAccessPackage /identityGovernance/entitlementManagement/accessPackages
List accessPackages
Get-MgEntitlementManagementAccessPackage /identityGovernance/entitlementManagement/accessPackages/{accessPackageId}
Get accessPackage
Get-MgEntitlementManagementAccessPackage /identityGovernance/entitlementManagement/accessPackages/{id}?$expand=resourceRoleScopes($expand=role,scope)
List resourceRoleScopes
Get-MgEntitlementManagementAccessPackageApplicablePolicyRequirement /identityGovernance/entitlementManagement/accessPackages/{accessPackageId}/getApplicablePolicyRequirements
accessPackage: getApplicablePolicyRequirements
Get-MgEntitlementManagementAccessPackageAssignmentApprovalStage /identityGovernance/entitlementManagement/accessPackageAssignmentApprovals/{accessPackageAssignmentRequestId}/stages
List approval stages
Get-MgEntitlementManagementAccessPackageAssignmentApprovalStage /identityGovernance/entitlementManagement/accessPackageAssignmentApprovals/{accessPackageAssignmentRequestId}/stages/{approvalStageId}
Get approvalStage
Get-MgEntitlementManagementAccessPackageIncompatibleAccessPackage /identityGovernance/entitlementManagement/accessPackages/{id}/incompatibleAccessPackages
List incompatibleAccessPackages
Get-MgEntitlementManagementAccessPackageIncompatibleGroup /identityGovernance/entitlementManagement/accessPackages/{id}/incompatibleGroups
List incompatibleGroups
Get-MgEntitlementManagementAccessPackageIncompatibleWith /identityGovernance/entitlementManagement/accessPackages/{id}/accessPackagesIncompatibleWith
List accessPackagesIncompatibleWith
Get-MgEntitlementManagementAssignment /identityGovernance/entitlementManagement/assignments
List accessPackageAssignments
Get-MgEntitlementManagementAssignment /identityGovernance/entitlementManagement/assignments/{accessPackageAssignmentId}
Get accessPackageAssignment
Get-MgEntitlementManagementAssignmentPolicy /identityGovernance/entitlementManagement/assignmentPolicies
List assignmentPolicies
Get-MgEntitlementManagementAssignmentPolicy /identityGovernance/entitlementManagement/assignmentPolicies/{accessPackageAssignmentPolicyId}
Get accessPackageAssignmentPolicy
Get-MgEntitlementManagementAssignmentRequest /identityGovernance/entitlementManagement/assignmentRequests
List assignmentRequests
Get-MgEntitlementManagementAssignmentRequest /identityGovernance/entitlementManagement/assignmentRequests/{accessPackageAssignmentRequestId}
Get accessPackageAssignmentRequest
Get-MgEntitlementManagementCatalog /identityGovernance/entitlementManagement/catalogs
List accessPackageCatalogs
Get-MgEntitlementManagementCatalog /identityGovernance/entitlementManagement/catalogs/{accessPackageCatalogId}
Get accessPackageCatalog
Get-MgEntitlementManagementCatalogCustomWorkflowExtension /identityGovernance/entitlementManagement/catalogs/{catalogId}/customWorkflowExtensions
List accessPackagecustomWorkflowExtensions
Get-MgEntitlementManagementCatalogCustomWorkflowExtension /identityGovernance/entitlementManagement/catalogs/{catalogId}/customWorkflowExtensions/{accessPackageCustomWorkflowExtensionId}
Get accessPackageAssignmentRequestWorkflowExtension
Get-MgEntitlementManagementCatalogCustomWorkflowExtension /identityGovernance/entitlementManagement/catalogs/{catalogId}/customWorkflowExtensions/{accessPackageCustomWorkflowExtensionId}
Get accessPackageAssignmentWorkflowExtension
Get-MgEntitlementManagementCatalogResource /identityGovernance/entitlementManagement/catalogs/{id}/resources
List resources
Get-MgEntitlementManagementCatalogResourceRole /identityGovernance/entitlementManagement/catalogs/{catalogId}/resourceRoles?$filter=(originSystem+eq+%27{originSystemType}%27+and+resource/id+eq+%27{resourceId}%27)&$expand=resource
List resourceRoles
Get-MgEntitlementManagementConnectedOrganization /identityGovernance/entitlementManagement/connectedOrganizations
List connectedOrganizations
Get-MgEntitlementManagementConnectedOrganization /identityGovernance/entitlementManagement/connectedOrganizations/{connectedOrganizationId}
Get connectedOrganization
Get-MgEntitlementManagementResourceEnvironment /identityGovernance/entitlementManagement/resourceEnvironments?$filter=originSystem eq 'SharePointOnline'
List accessPackageResourceEnvironments
Get-MgEntitlementManagementResourceRequest /identityGovernance/entitlementManagement/resourceRequests
List accessPackageResourceRequests
Get-MgEntitlementManagementSetting /identityGovernance/entitlementManagement/settings
Get entitlementManagementSettings
Get-MgRoleManagementDirectoryRoleAssignment /roleManagement/directory/roleAssignments
List unifiedRoleAssignments
Get-MgRoleManagementDirectoryRoleAssignment /roleManagement/directory/roleAssignments/{id}
Get unifiedRoleAssignment
Get-MgRoleManagementDirectoryRoleDefinition /roleManagement/directory/roleDefinitions
List roleDefinitions
Get-MgRoleManagementDirectoryRoleDefinition /roleManagement/directory/roleDefinitions/{id}
Get unifiedRoleDefinition
Get-MgRoleManagementEntitlementManagementRoleAssignment /roleManagement/directory/roleAssignments
List unifiedRoleAssignments
Get-MgRoleManagementEntitlementManagementRoleDefinition /roleManagement/directory/roleDefinitions
List roleDefinitions
Invoke-MgFilterEntitlementManagementAccessPackageByCurrentUser /identityGovernance/entitlementManagement/accessPackages/filterByCurrentUser(on='allowedRequestor')
accessPackage: filterByCurrentUser
Invoke-MgFilterEntitlementManagementAssignmentByCurrentUser /identityGovernance/entitlementManagement/assignments/filterByCurrentUser(on='parameterValue')
accessPackageAssignment: filterByCurrentUser
Invoke-MgFilterEntitlementManagementAssignmentRequestByCurrentUser /identityGovernance/entitlementManagement/assignmentRequests/filterByCurrentUser(on='parameterValue')
accessPackageAssignmentRequest: filterByCurrentUser
Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell beta commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

Commands
Get-MgBetaEntitlementManagementAccessPackage /identityGovernance/entitlementManagement/accessPackages
List accessPackages
Get-MgBetaEntitlementManagementAccessPackage /identityGovernance/entitlementManagement/accessPackages/{id}
Get accessPackage
Get-MgBetaEntitlementManagementAccessPackage /identityGovernance/entitlementManagement/accessPackages/{id}?$expand=accessPackageResourceRoleScopes($expand=accessPackageResourceRole,accessPackageResourceScope)
List accessPackageResourceRoleScopes
Get-MgBetaEntitlementManagementAccessPackageApplicablePolicyRequirement /identityGovernance/entitlementManagement/accessPackages/{id}/getApplicablePolicyRequirements
accessPackage: getApplicablePolicyRequirements
Get-MgBetaEntitlementManagementAccessPackageAssignment /identityGovernance/entitlementManagement/accessPackageAssignments
List accessPackageAssignments
Get-MgBetaEntitlementManagementAccessPackageAssignmentPolicy /identityGovernance/entitlementManagement/accessPackageAssignmentPolicies
List accessPackageAssignmentPolicies
Get-MgBetaEntitlementManagementAccessPackageAssignmentPolicy /identityGovernance/entitlementManagement/accessPackageAssignmentPolicies/{id}
Get accessPackageAssignmentPolicy
Get-MgBetaEntitlementManagementAccessPackageAssignmentRequest /identityGovernance/entitlementManagement/accessPackageAssignmentRequests
List accessPackageAssignmentRequests
Get-MgBetaEntitlementManagementAccessPackageAssignmentRequest /identityGovernance/entitlementManagement/assignmentRequests/{accessPackageAssignmentRequestId}
Get accessPackageAssignmentRequest
Get-MgBetaEntitlementManagementAccessPackageAssignmentResourceRole /identityGovernance/entitlementManagement/accessPackageAssignmentResourceRoles
List accessPackageAssignmentResourceRoles
Get-MgBetaEntitlementManagementAccessPackageAssignmentResourceRole /identityGovernance/entitlementManagement/accessPackageAssignmentResourceRoles/{id}
Get accessPackageAssignmentResourceRole
Get-MgBetaEntitlementManagementAccessPackageCatalog /identityGovernance/entitlementManagement/accessPackageCatalogs
List accessPackageCatalogs
Get-MgBetaEntitlementManagementAccessPackageCatalog /identityGovernance/entitlementManagement/accessPackageCatalogs/{id}
Get accessPackageCatalog
Get-MgBetaEntitlementManagementAccessPackageCatalogAccessPackageCustomWorkflowExtension /identityGovernance/entitlementManagement/accessPackageCatalogs/{catalogId}/accessPackageCustomWorkflowExtensions
List accessPackagecustomWorkflowExtensions
Get-MgBetaEntitlementManagementAccessPackageCatalogAccessPackageCustomWorkflowExtension /identityGovernance/entitlementManagement/accessPackageCatalogs/{catalogId}/accessPackageCustomWorkflowExtensions/{accessPackageCustomWorkflowExtensionId}
Get accessPackageAssignmentRequestWorkflowExtension
Get-MgBetaEntitlementManagementAccessPackageCatalogAccessPackageCustomWorkflowExtension /identityGovernance/entitlementManagement/accessPackageCatalogs/{catalogId}/accessPackageCustomWorkflowExtensions/{accessPackageCustomWorkflowExtensionId}
Get accessPackageAssignmentWorkflowExtension
Get-MgBetaEntitlementManagementAccessPackageCatalogAccessPackageResource /identityGovernance/entitlementManagement/accessPackageCatalogs/{id}/accessPackageResources
List accessPackageResources
Get-MgBetaEntitlementManagementAccessPackageCatalogAccessPackageResourceRole /identityGovernance/entitlementManagement/accessPackageCatalogs/{catalogId}/accessPackageResourceRoles?$filter=(originSystem+eq+%27{originSystemType}%27+and+accessPackageResource/id+eq+%27{resourceId}%27)&$expand=accessPackageResource
List accessPackageResourceRoles
Get-MgBetaEntitlementManagementAccessPackageCatalogCustomAccessPackageWorkflowExtension /identityGovernance/entitlementManagement/accessPackageCatalogs/{catalogId}/customAccessPackageWorkflowExtensions
List customAccessPackageWorkflowExtensions
Get-MgBetaEntitlementManagementAccessPackageCatalogCustomAccessPackageWorkflowExtension /identityGovernance/entitlementManagement/accessPackageCatalogs/{catalogId}/customAccessPackageWorkflowExtensions/{customAccessPackageWorkflowExtensionId}
Get customAccessPackageWorkflowExtension
Get-MgBetaEntitlementManagementAccessPackageIncompatibleAccessPackage /identityGovernance/entitlementManagement/accessPackages/{id}/incompatibleAccessPackages
List incompatibleAccessPackages
Get-MgBetaEntitlementManagementAccessPackageIncompatibleGroup /identityGovernance/entitlementManagement/accessPackages/{id}/incompatibleGroups
List incompatibleGroups
Get-MgBetaEntitlementManagementAccessPackageIncompatibleWith /identityGovernance/entitlementManagement/accessPackages/{id}/accessPackagesIncompatibleWith
List accessPackagesIncompatibleWith
Get-MgBetaEntitlementManagementAccessPackageResourceEnvironment /identityGovernance/entitlementManagement/accessPackageResourceEnvironments?$filter=originSystem eq 'SharePointOnline'
List accessPackageResourceEnvironments
Get-MgBetaEntitlementManagementAccessPackageResourceEnvironment /identityGovernance/entitlementManagement/accessPackageResourceEnvironments/{accessPackageResourceEnvironmentId}
Get accessPackageResourceEnvironment
Get-MgBetaEntitlementManagementAccessPackageResourceRequest /identityGovernance/entitlementManagement/accessPackageResourceRequests
List accessPackageResourceRequests
Get-MgBetaEntitlementManagementAssignmentRequest /identityGovernance/entitlementManagement/assignmentRequests
List assignmentRequests
Get-MgBetaEntitlementManagementAvailableAccessPackageResourceRoleScope /identityGovernance/entitlementManagement/availableAccessPackages/{availableAccessPackage-id}/resourceRoleScopes
List resourceRoleScopes
Get-MgBetaEntitlementManagementConnectedOrganization /identityGovernance/entitlementManagement/connectedOrganizations
List connectedOrganizations
Get-MgBetaEntitlementManagementConnectedOrganization /identityGovernance/entitlementManagement/connectedOrganizations/{id}
Get connectedOrganization
Get-MgBetaEntitlementManagementConnectedOrganizationExternalSponsor /identityGovernance/entitlementManagement/connectedOrganizations/{id}/externalSponsors
List externalSponsors
Get-MgBetaEntitlementManagementConnectedOrganizationInternalSponsor /identityGovernance/entitlementManagement/connectedOrganizations/{id}/internalSponsors
List internalSponsors
Get-MgBetaEntitlementManagementControlConfiguration /identityGovernance/entitlementManagement/controlConfigurations/endUserSettings
Get end user settings
Get-MgBetaEntitlementManagementExternalOriginResourceConnector /identityGovernance/entitlementManagement/externalOriginResourceConnectors
Get externalOriginResourceConnector
Get-MgBetaEntitlementManagementExternalOriginResourceConnector /identityGovernance/entitlementManagement/externalOriginResourceConnectors
List externalOriginResourceConnectors
Get-MgBetaEntitlementManagementSetting /identityGovernance/entitlementManagement/settings
Get entitlementManagementSettings
Get-MgBetaRoleManagementCloudPcRoleDefinition /roleManagement/cloudPC/roleDefinitions
List roleDefinitions
Get-MgBetaRoleManagementCloudPcRoleDefinition /roleManagement/cloudPC/roleDefinitions/{id}
Get unifiedRoleDefinition
Get-MgBetaRoleManagementDirectoryRoleAssignment /roleManagement/directory/roleAssignments
List unifiedRoleAssignments
Get-MgBetaRoleManagementDirectoryRoleAssignment /roleManagement/directory/roleAssignments/{id}
Get unifiedRoleAssignment
Get-MgBetaRoleManagementDirectoryRoleDefinition /roleManagement/cloudPC/roleDefinitions
List roleDefinitions
Get-MgBetaRoleManagementDirectoryRoleDefinition /roleManagement/cloudPC/roleDefinitions/{id}
Get unifiedRoleDefinition
Get-MgBetaRoleManagementEntitlementManagementRoleAssignment /roleManagement/directory/roleAssignments
List unifiedRoleAssignments
Get-MgBetaRoleManagementEntitlementManagementRoleDefinition /roleManagement/cloudPC/roleDefinitions
List roleDefinitions
Get-MgBetaRoleManagementEntitlementManagementRoleDefinition /roleManagement/cloudPC/roleDefinitions/{id}
Get unifiedRoleDefinition
Get-MgBetaRoleManagementExchangeRoleAssignment /roleManagement/directory/roleAssignments
List unifiedRoleAssignments
Get-MgBetaRoleManagementExchangeRoleAssignment /roleManagement/directory/roleAssignments/{id}
Get unifiedRoleAssignment
Get-MgBetaRoleManagementExchangeRoleDefinition /roleManagement/cloudPC/roleDefinitions
List roleDefinitions
Get-MgBetaRoleManagementExchangeRoleDefinition /roleManagement/cloudPC/roleDefinitions/{id}
Get unifiedRoleDefinition
Invoke-MgBetaFilterEntitlementManagementAccessPackageAssignmentByCurrentUser /identityGovernance/entitlementManagement/accessPackageAssignments/filterByCurrentUser(on='parameterValue')
accessPackageAssignment: filterByCurrentUser
Invoke-MgBetaFilterEntitlementManagementAccessPackageAssignmentRequestByCurrentUser /identityGovernance/entitlementManagement/assignmentRequests/filterByCurrentUser(on='parameterValue')
accessPackageAssignmentRequest: filterByCurrentUser
Invoke-MgBetaFilterEntitlementManagementAccessPackageByCurrentUser /identityGovernance/entitlementManagement/accessPackages/filterByCurrentUser(on='allowedRequestor')
accessPackage: filterByCurrentUser
Invoke-MgBetaFilterEntitlementManagementAccessPackageSuggestionByCurrentUser /identityGovernance/entitlementManagement/accessPackageSuggestions/filterByCurrentUser(on={on})
accessPackageSuggestions: filterByCurrentUser
New-MgBetaEntitlementManagementAccessPackageCatalogAccessPackageCustomWorkflowExtension /identityGovernance/entitlementManagement/accessPackageCatalogs/{catalogId}/accessPackageCustomWorkflowExtensions
Create accessPackageCustomWorkflowExtension

Code Examples

C# / .NET SDK
accessPackageAssignment: additionalAccess
// Code snippets are only available for the latest version. Current version is 5.x

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.EntitlementManagement.Assignments.AdditionalAccessWithAccessPackageIdWithIncompatibleAccessPackageId("{accessPackageId}","{incompatibleAccessPackageId}").GetAsAdditionalAccessWithAccessPackageIdWithIncompatibleAccessPackageIdGetResponseAsync((requestConfiguration) =>
{
	requestConfiguration.QueryParameters.Expand = new string []{ "target" };
});
JavaScript
accessPackageAssignment: additionalAccess
const options = {
	authProvider,
};

const client = Client.init(options);

let additionalAccess = await client.api('/identityGovernance/entitlementManagement/assignments/additionalAccess(accessPackageId='2506aef1-3929-4d24-a61e-7c8b83d95e6f',incompatibleAccessPackageId='d5d99728-8c0b-4ede-83d2-cf9b0e8dabfb')')
	.expand('target')
	.get();
PowerShell
Get accessPackage
Import-Module Microsoft.Graph.Identity.Governance

Get-MgEntitlementManagementAccessPackage -AccessPackageId $accessPackageId
Python
accessPackageAssignment: additionalAccess
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.identity_governance.entitlement_management.assignments.additional_access(access_package_id='{access_package_id}',incompatible_access_package_id='{incompatible_access_package_id}').additional_access_with_access_package_id_with_incompatible_access_package_id_request_builder import AdditionalAccessWithAccessPackageIdWithIncompatibleAccessPackageIdRequestBuilder
from kiota_abstractions.base_request_configuration import RequestConfiguration
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
query_params = AdditionalAccessWithAccessPackageIdWithIncompatibleAccessPackageIdRequestBuilder.AdditionalAccessWithAccessPackageIdWithIncompatibleAccessPackageIdRequestBuilderGetQueryParameters(
		expand = ["target"],
)

request_configuration = RequestConfiguration(
query_parameters = query_params,
)

result = await graph_client.identity_governance.entitlement_management.assignments.additional_access_with_access_package_id_with_incompatible_access_package_id("{accessPackageId}","{incompatibleAccessPackageId}").get(request_configuration = request_configuration)

App Registration

1

Navigate to Azure Portal

Go to App registrations in Microsoft Entra admin center

2

Add API Permission

Select your app → API permissions → Add a permission → Microsoft Graph

3

Select Permission Type

Choose Application permissions or delegated permissions and search for EntitlementManagement.Read.All

4

Grant Admin Consent

Application permissions always require admin consent.