graph api: best way to get privileged directory roles from AzureAD

Robert Cook 20 Reputation points
2023-08-31T15:39:32.4333333+00:00

Hi,

I am using https://graph.microsoft.com/v1.0/directoryRoleTemplates to pull all directory roles but I only want to get the privileged roles.

These are visible on the AzureAD portal under the privileged column but I can't find a way to get the data from the Microsoft Graph API, is this possible?

I can work around it by specifying the privileged role IDs in my script but would like to automate the process for any future changes or custom role additions.

Thanks

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,511 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,380 questions
0 comments No comments
{count} votes

Accepted answer
  1. Vasil Michev 94,521 Reputation points MVP
    2023-08-31T16:17:17.5333333+00:00

    Use the /roleManagement/directory/roleDefinitions endpoint instead:

    https://graph.microsoft.com/beta/roleManagement/directory/roleDefinitions?$select=id,displayName,isPrivileged

    User's image

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Givary-MSFT 27,486 Reputation points Microsoft Employee
    2023-09-01T04:00:34.13+00:00

    @Robert Cook Adding to the above answer, this graph query will help to achieve the desired result, which you are trying to do from the Azure Portal.

    https://graph.microsoft.com/beta/roleManagement/directory/roleDefinitions?$filter=isPrivileged eq true
    

    Let me know if you have any further questions, feel free to post back.

    0 comments No comments