Export Graph Permissions for Reference

Jamie Brandwood 126 Reputation points
2021-02-09T02:27:29.697+00:00

Is there a way to export a list of available Microsoft Graph permissions? I'm aware the list is available here: https://learn.microsoft.com/en-us/graph/permissions-reference but what i'm really after is some sort of JSON / XML export that can be used to populate a list of available permissions in an internal App Registration request form / process ...

That way we can always have an up-to-date permissions list in our form as well as potentially having an extra property added with our own internal Allowed / Not Allowed flags to filter whats visible on said form.

Anyone done this already or have any thoughts?

Ideas on a postcard welcome, many thanks all !

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,707 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,645 questions
0 comments
Accepted answer
  1. Jackson Woods (MSFT) 81 Reputation points Microsoft Employee
    2021-02-24T18:28:32.157+00:00

    Hi @jabran-corp, you can achieve this with the following request to Microsoft Graph. It's a workaround that depends on retrieving the service principal representing Microsoft Graph in the tenant, rather than a dedicated API, but the result is accurate.

    Steps:

    1. In your tenant, identify the service principal that represents the Microsoft Graph app. This is the service principal where appId = "00000003-0000-0000-c000-000000000000".
    2. To see the application permissions, retrieve the appRoles property.
    3. To see the delegated permissions, retrieve the oauth2PermissionScopes property.

    You can do this in Graph Explorer using the following command. It should work whether or not you sign in to Graph Explorer:

    As @JamesTran-MSFT mentioned, please post on User Voice if you'd still like to share a feature request with the team.

    1 person found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. JamesTran-MSFT 36,376 Reputation points Microsoft Employee
    2021-02-11T22:24:58.847+00:00

    @jabran-corp
    Thank you for your post!

    I reached out to my team to see if we had anything like this available, and we weren't able to find any API or documentation (besides what you mentioned) regarding the export of GraphAPI permissions. I'd recommend leveraging out MS Graph API user voice forum to create a feature request so our engineering team can look into implementing this.

    Additional Link:
    Retrieve “API Permissions” of Azure AD Application via PowerShell

    If you have any other questions, please let me know.
    Thank you for your time and patience throughout this issue.

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    0 comments