Role ID Purpose Description
Policy.Read.All 246dd0d5-5bd0-4def-940b-0421030a5b68 Read your organization’s policies Allows the app to read all your organization’s policies without a signed in user.
Policy.Read.ConditionalAccess 37730810-e9ba-4e46-b07e-8ca78d182097 Read your organization’s conditional access policies Allows the app to read your organization’s conditional access policies, without a signed-in user.
Policy.Read.PermissionGrant 9e640839-a198-48fb-8b9a-013fd6f6cbcd Read consent and permission grant policies Allows the app to read policies related to consent and permission grants for applications, without a signed-in user.
Policy.ReadWrite.AccessReview 77c863fd-06c0-47ce-a7eb-49773e89d319 Read and write your organization’s directory access review default policy Allows the app to read and write your organization’s directory access review default policy without a signed-in user.
Policy.ReadWrite.ApplicationConfiguration be74164b-cff1-491c-8741-e671cb536e13 Read and write your organization’s application configuration policies Allows the app to read and write your organization’s application configuration policies, without a signed-in user. This includes policies such as activityBasedTimeoutPolicy, claimsMappingPolicy, homeRealmDiscoveryPolicy, tokenIssuancePolicy and tokenLifetimePolicy.
Policy.ReadWrite.AuthenticationFlows 25f85f3c-f66c-4205-8cd5-de92dd7f0cec Read and write authentication flow policies Allows the app to read and write all authentication flow policies for the tenant, without a signed-in user.
Policy.ReadWrite.AuthenticationMethod 29c18626-4985-4dcd-85c0-193eef327366 Read and write all authentication method policies  Allows the app to read and write all authentication method policies for the tenant, without a signed-in user.
Policy.ReadWrite.Authorization fb221be6-99f2-473f-bd32-01c6a0e9ca3b Read and write your organization’s authorization policy Allows the app to read and write your organization’s authorization policy without a signed in user. For example, authorization policies can control some of the permissions that the out-of-the-box user role has by default.
Policy.ReadWrite.ConditionalAccess 01c0a623-fc9b-48e9-b794-0756f8e8f067 Read and write your organization’s conditional access policies Allows the app to read and write your organization’s conditional access policies, without a signed-in user.
Policy.ReadWrite.ConsentRequest 999f8c63-0a38-4f1b-91fd-ed1947bdd1a9 Read and write your organization’s consent request policy Allows the app to read and write your organization’s consent requests policy without a signed-in user.
Policy.ReadWrite.CrossTenantAccess 338163d7-f101-4c92-94ba-ca46fe52447c Read and write your organization’s cross tenant access policies Allows the app to read and write your organization’s cross tenant access policies without a signed-in user.
Policy.ReadWrite.FeatureRollout 2044e4f1-e56c-435b-925c-44cd8f6ba89a Read and write feature rollout policies Allows the app to read and write feature rollout policies without a signed-in user. Includes abilities to assign and remove users and groups to rollout of a specific feature.
Policy.ReadWrite.PermissionGrant a402ca1c-2696-4531-972d-6e5ee4aa11ea Manage consent and permission grant policies Allows the app to manage policies related to consent and permission grants for applications, without a signed-in user.
Policy.ReadWrite.TrustFramework 79a677f7-b79d-40d0-a36a-3e6f8688dd7a Read and write your organization’s trust framework policies Allows the app to read and write your organization’s trust framework policies without a signed in user.

Updated: