Privileged Access Permissions for Microsoft Graph
Application
| Permission | ID | Purpose | Description |
|---|---|---|---|
| PrivilegedAccess.Read.AzureAD | 4cdc2547-9148-4295-8d11-be0db1391d6b | Read privileged access to Azure AD roles | Allows the app to read time-based assignment and just-in-time elevation (including scheduled elevation) of Azure AD built-in and custom administrative roles in your organization, without a signed-in user. |
| PrivilegedAccess.Read.AzureADGroup | 01e37dc9-c035-40bd-b438-b2879c4870a6 | Read privileged access to Azure AD groups | Allows the app to read time-based assignment and just-in-time elevation (including scheduled elevation) of Azure AD groups in your organization, without a signed-in user. |
| PrivilegedAccess.Read.AzureResources | 5df6fe86-1be0-44eb-b916-7bd443a71236 | Read privileged access to Azure resources | Allows the app to read time-based assignment and just-in-time elevation of user privileges to audit Azure resources in your organization, without a signed-in user. |
| PrivilegedAccess.ReadWrite.AzureAD | 854d9ab1-6657-4ec8-be45-823027bcd009 | Read and write privileged access to Azure AD roles | Allows the app to request and manage time-based assignment and just-in-time elevation (including scheduled elevation) of Azure AD built-in and custom administrative roles in your organization, without a signed-in user. |
| PrivilegedAccess.ReadWrite.AzureADGroup | 2f6817f8-7b12-4f0f-bc18-eeaf60705a9e | Read and write privileged access to Azure AD groups | Allows the app to request and manage time-based assignment and just-in-time elevation (including scheduled elevation) of Azure AD groups in your organization, without a signed-in user. |
| PrivilegedAccess.ReadWrite.AzureResources | 6f9d5abc-2db6-400b-a267-7de22a40fb87 | Read and write privileged access to Azure resources | Allows the app to request and manage time-based assignment and just-in-time elevation of Azure resources (like your subscriptions, resource groups, storage, compute) in your organization, without a signed-in user. |
Delegated
| Permission | ID | Purpose | Description |
|---|---|---|---|
| PrivilegedAccess.Read.AzureAD | b3a539c9-59cb-4ad5-825a-041ddbdc2bdb | Read privileged access to Azure AD | Allows the app to read time-based assignment and just-in-time elevation (including scheduled elevation) of Azure AD built-in and custom administrative roles, on behalf of the signed-in user. |
| PrivilegedAccess.Read.AzureADGroup | d329c81c-20ad-4772-abf9-3f6fdb7e5988 | Read privileged access to Azure AD groups | Allows the app to read time-based assignment and just-in-time elevation (including scheduled elevation) of Azure AD groups, on behalf of the signed-in user. |
| PrivilegedAccess.Read.AzureResources | 1d89d70c-dcac-4248-b214-903c457af83a | Read privileged access to Azure resources | Allows the app to read time-based assignment and just-in-time elevation of Azure resources (like your subscriptions, resource groups, storage, compute) on behalf of the signed-in user. |
| PrivilegedAccess.ReadWrite.AzureAD | 3c3c74f5-cdaa-4a97-b7e0-4e788bfcfb37 | Read and write privileged access to Azure AD | Allows the app to request and manage just in time elevation (including scheduled elevation) of users to Azure AD built-in administrative roles, on behalf of signed-in users. |
| PrivilegedAccess.ReadWrite.AzureADGroup | 32531c59-1f32-461f-b8df-6f8a3b89f73b | Read and write privileged access to Azure AD groups | Allows the app to request and manage time-based assignment and just-in-time elevation (including scheduled elevation) of Azure AD groups, on behalf of the signed-in user. |
| PrivilegedAccess.ReadWrite.AzureResources | a84a9652-ffd3-496e-a991-22ba5529156a | Read and write privileged access to Azure resources | Allows the app to request and manage time-based assignment and just-in-time elevation of user privileges to manage Azure resources (like subscriptions, resource groups, storage, compute) on behalf of the signed-in users. |