RoleManagement.Read.Defender
Allows the app to read the role-based access control (RBAC) settings for your company's directory, without a signed-in user.
Permission Details
Read M365 Defender RBAC configuration
Allows the app to read the role-based access control (RBAC) settings for your company's directory, without a signed-in user.
4d6e30d1-e64e-4ae7-bf9d-c706cc928cef
Read M365 Defender RBAC configuration
Allows the app to read the role-based access control (RBAC) settings for your company's directory, on behalf of the signed-in user. This includes reading M365 Defender role definitions and role assignments.
dd689728-6eb8-4deb-bd38-2924a935f3de
Properties
Properties is shown from stable Microsoft Graph v1.0 metadata.
| Property | Type | Description |
|---|---|---|
directory |
object |
|
entitlementManagement |
object |
Container for roles and assignments for entitlement management resources. |
JSON Representation
JSON representation is shown from stable Microsoft Graph v1.0 metadata.
{
"@odata.type": "#microsoft.graph.roleManagement"
}Relationships
Relationships is shown from stable Microsoft Graph v1.0 metadata.
| Relationship | Type | Description |
|---|---|---|
directory |
rbacApplication |
Read-only. Nullable. |
entitlementManagement |
rbacApplication |
Container for roles and assignments for entitlement management resources. |
enterpriseApps |
rbacApplication collection |
Related enterpriseApps data exposed by this resource. |
Graph Methods
Microsoft Graph v1.0 endpoints are mapped directly from refreshed Microsoft Learn permissions tables.
No API methods available for this version.
Microsoft Graph beta endpoints are mapped directly from refreshed Microsoft Learn permissions tables.
Microsoft Graph PowerShell v1.0 commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.
No deterministic PowerShell command map is available for this permission.
Browse PowerShell docsMicrosoft Graph PowerShell beta commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.
Code Examples
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.RoleManagement.DeviceManagement.RoleAssignments["{unifiedRoleAssignmentMultiple-id}"].GetAsync();const options = {
authProvider,
};
const client = Client.init(options);
let unifiedRoleAssignmentMultiple = await client.api('/roleManagement/deviceManagement/roleAssignments/lAPpYvVpN0KRkAEhdxReEJC2sEqbR_9Hr48lds9SGHI-1')
.version('beta')
.get();Import-Module Microsoft.Graph.Beta.DeviceManagement.Enrollment
Get-MgBetaRoleManagementDeviceManagementRoleAssignment -UnifiedRoleAssignmentMultipleId $unifiedRoleAssignmentMultipleId# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
result = await graph_client.role_management.device_management.role_assignments.by_unified_role_assignment_multiple_id('unifiedRoleAssignmentMultiple-id').get()App Registration
Navigate to Azure Portal
Go to App registrations in Microsoft Entra admin center
Add API Permission
Select your app → API permissions → Add a permission → Microsoft Graph
Select Permission Type
Choose Application permissions or delegated permissions and search for RoleManagement.Read.Defender
Grant Admin Consent
Application permissions always require admin consent.