Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
13,711 questions
Wouldnt it be something like
Graph API v1.0 endpoint to retrieve eligible Azure AD group assignments for an admin user setup in PIM
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 98%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKH%3C/text%3E%3C/svg%3E)
Karuppasamy, Hari
0
Reputation points
Hello,
I would like to know the Graph API v1.0 endpoint to retrieve eligible Azure AD group assignments for an admin user setup in Entra PIM.
I tried with the below beta endpoint in Postman tool. However I get 403 even with right API permission in Entra (PrivilegedAccess.Read.AzureADGroup.All) https://graph.microsoft.com/beta/privilegedAccess/aadGroups/roleAssignments?$expand=linkedEligibleRoleAssignment,subject,roleDefinition($expand=resource)&$filter=(assignmentState eq 'Eligible') and (subject/id eq '<subject id of an admin user>')
Two questions here:
- I would like to productionise the API call and is there a v1.0 endpoint matching the above endpoint?
- Is it possible to get the above beta endpoint working or is it just not possible because of the PIM restrictions?
(Or) Is there totally an alternate way to retrieve the eligible Azure AD group assignments instead of using the subject id of an user in the endpoint?
Microsoft Graph
1 answer
Sort by: Most helpful
-
Andy David - MVP 157.4K Reputation points MVP Volunteer Moderator2025-05-15T12:43:11.08+00:00