Role ID Purpose Description
Directory.Read.All 7ab1d382-f21e-4acd-a863-ba3e13f7da61 Read directory data Allows the app to read data in your organization’s directory, such as users, groups and apps, without a signed-in user.
Directory.ReadWrite.All 19dbc75e-c2e2-444c-a770-ec69d8559fc7 Read and write directory data Allows the app to read and write data in your organization’s directory, such as users, and groups, without a signed-in user. Does not allow user or group deletion.
Directory.Write.Restricted f20584af-9290-4153-9280-ff8bb2c0ea7f Manage restricted resources in the directory Allows the app to manage restricted resources based on the other permissions granted to the app, without a signed-in user.

Updated: