Azure AD Permissions – summary table
I am finishing the MAADWA’s chapter on the Azure AD application model, and just realized that we don’t have in the docs any place where we highlight the IDs of the OOB Azure AD permissions. I am always a bit befuddled when I open the manifest of one app and see all those GUIDs in the requiredResourceAccess section – I sure would appreciate a quick reference on what they really mean. Well, here you go!
Permission description in the Azure portal |
Identifier |
Scope value |
Type |
---|---|---|---|
Sign in and read user profile |
311a71cc-e848-46a1-bdf8-97ff7156d8e6 |
UserProfile.Read |
User |
Read directory data |
5778995a-e1bf-45b8-affa-663a9f3f4d04 |
Directory.Read |
Admin (except for users from the tenant where the Application is defined) |
Read and write directory data |
78c8a3c8-a07e-4b9e-af1b-b5ccab50a175 |
Directory.Write |
Admin |
Access the directory as the signed-in user |
a42657d6-7f20-40e3-b6f0-cee03008a62a |
user_impersonation |
Admin (except native clients) |