Share via

graph api: best way to get privileged directory roles from AzureAD

Robert Cook 20 Reputation points
2023-08-31T15:39:32.4333333+00:00

Hi,

I am using https://graph.microsoft.com/v1.0/directoryRoleTemplates to pull all directory roles but I only want to get the privileged roles.

These are visible on the AzureAD portal under the privileged column but I can't find a way to get the data from the Microsoft Graph API, is this possible?

I can work around it by specifying the privileged role IDs in my script but would like to automate the process for any future changes or custom role additions.

Thanks

Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Microsoft Graph
0 comments
Accepted answer
  1. Vasil Michev 119.8K Reputation points MVP Volunteer Moderator
    2023-08-31T16:17:17.5333333+00:00

    Use the /roleManagement/directory/roleDefinitions endpoint instead:

    https://graph.microsoft.com/beta/roleManagement/directory/roleDefinitions?$select=id,displayName,isPrivileged

    User's image

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Givary-MSFT 35,626 Reputation points Microsoft Employee Moderator
    2023-09-01T04:00:34.13+00:00

    @Robert Cook Adding to the above answer, this graph query will help to achieve the desired result, which you are trying to do from the Azure Portal. 

    https://graph.microsoft.com/beta/roleManagement/directory/roleDefinitions?$filter=isPrivileged eq true

    Let me know if you have any further questions, feel free to post back.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.