![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 52%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,407 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 13%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBB%3C/text%3E%3C/svg%3E)
Hello Mobu,
Thank you for posting your query in the Microsoft Q&A Community.
I understand you would like to know the difference between a Directory Reader role and a Directory.Read.All permission.
Please be informed that the Directory.Read.All permission allows your app to read all the groups, apps, and some policies in your tenant. When this permission is granted, it provides broad access to various resources within the directory.
However, the Directory Reader role provides fewer permissions compared to the Directory.Read.All. If assigned to a service principal or users, they are only able to access basic directory information.
Follow this link to get more information about this.
Let me know if you need more information.
Babafemi
