Role ID Purpose Description
PrivilegedAccess.Read.AzureAD 4cdc2547-9148-4295-8d11-be0db1391d6b Read privileged access to Azure AD roles Allows the app to read time-based assignment and just-in-time elevation (including scheduled elevation) of Azure AD built-in and custom administrative roles in your organization, without a signed-in user.
PrivilegedAccess.Read.AzureADGroup 01e37dc9-c035-40bd-b438-b2879c4870a6 Read privileged access to Azure AD groups Allows the app to read time-based assignment and just-in-time elevation (including scheduled elevation) of Azure AD groups in your organization, without a signed-in user.
PrivilegedAccess.Read.AzureResources 5df6fe86-1be0-44eb-b916-7bd443a71236 Read privileged access to Azure resources Allows the app to read time-based assignment and just-in-time elevation of user privileges to audit Azure resources in your organization, without a signed-in user.
PrivilegedAccess.ReadWrite.AzureAD 854d9ab1-6657-4ec8-be45-823027bcd009 Read and write privileged access to Azure AD roles Allows the app to request and manage time-based assignment and just-in-time elevation (including scheduled elevation) of Azure AD built-in and custom administrative roles in your organization, without a signed-in user.
PrivilegedAccess.ReadWrite.AzureADGroup 2f6817f8-7b12-4f0f-bc18-eeaf60705a9e Read and write privileged access to Azure AD groups Allows the app to request and manage time-based assignment and just-in-time elevation (including scheduled elevation) of Azure AD groups in your organization, without a signed-in user.
PrivilegedAccess.ReadWrite.AzureResources 6f9d5abc-2db6-400b-a267-7de22a40fb87 Read and write privileged access to Azure resources Allows the app to request and manage time-based assignment and just-in-time elevation of Azure resources (like your subscriptions, resource groups, storage, compute) in your organization, without a signed-in user.

Updated: