Application

Permission ID Purpose Description
Directory.Read.All 7ab1d382-f21e-4acd-a863-ba3e13f7da61 Read directory data Allows the app to read data in your organization’s directory, such as users, groups and apps, without a signed-in user.
Directory.ReadWrite.All 19dbc75e-c2e2-444c-a770-ec69d8559fc7 Read and write directory data Allows the app to read and write data in your organization’s directory, such as users, and groups, without a signed-in user. Does not allow user or group deletion.
Directory.Write.Restricted f20584af-9290-4153-9280-ff8bb2c0ea7f Manage restricted resources in the directory Allows the app to manage restricted resources based on the other permissions granted to the app, without a signed-in user.

Delegated

Permission ID Purpose Description
Directory.AccessAsUser.All 0e263e50-5827-48a4-b97c-d940288653c7 Access directory as the signed in user Allows the app to have the same access to information in the directory as the signed-in user.
Directory.Read.All 06da0dbc-49e2-44d2-8312-53f166ab848a Read directory data Allows the app to read data in your organization’s directory, such as users, groups and apps.
Directory.ReadWrite.All c5366453-9fb0-48a5-a156-24f0c49a4b84 Read and write directory data Allows the app to read and write data in your organization’s directory, such as users, and groups. It does not allow the app to delete users or groups, or reset user passwords.
Directory.Write.Restricted cba5390f-ed6a-4b7f-b657-0efc2210ed20 Manage restricted resources in the directory Allows the app to manage restricted resources based on the other permissions granted to the app, on behalf of the signed-in user.