Microsoft Entra ID (formerly Azure Active Directory) stores information about objects on the network and makes this information easy for administrators and users to find and use. Microsoft Entra ID uses a structured data store as the basis for a logical, hierarchical organization of directory information.
Least privileged permissions | Higher privileged permissions |
---|---|
GroupMember.ReadWrite.All | Directory.AccessAsUser.All |
IdentityRiskyUser.ReadWrite.All | Directory.ReadWrite.All |
Group.Create | Group.ReadWrite.All |
User.ReadWrite.All | User.ReadWrite.All |
Group.ReadWrite.All | Directory.Read.All |
User.Read.All | SecurityAlert.ReadWrite.All |
SecurityAlert.Read.All | GroupMember.ReadWrite.All |
GroupMember.Read.All | Group.Read.All |
LicenseAssignment.ReadWrite.All | User.EnableDisableAccount.All |
User.ManageIdentities.All |
<your tenant>
on the API permissions page. Only admins can grant consent.
ldap://
protocol, or ldaps://
if you enabled “Secure LDAP”