User.ReadBasic.All not available in Graph API

Alistair Young 31 Reputation points
2022-07-06T08:59:45.353+00:00

I added the Mail.Send app role to a managed identity using the Graph API Explorer but when I try to add the User.ReadBasic.All app role, it's not listed in the Graph API roles. Only User.Read.All is listed.

Is User.ReadBasic.All available via the graph api to add to a managed identity?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,587 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. JamesTran-MSFT 36,376 Reputation points Microsoft Employee
    2022-07-07T00:16:56.013+00:00

    @Alistair Young
    Thank you for your post!

    As you mentioned, when it comes to the User.ReadBasic.All permission it currently is only a delegated permissions while the equivalent application permission would be User.Read.All. If you'd like User.ReadBasic.All to be available as an application permission, I'd recommend leveraging our Microsoft Graph support page and creating a feature request, so our engineering team can look into implementing this.

    When it comes to assigning your application User.ReadBasic.All permissions, you'll have to assign your application the Delegated permission and also ensure that the signed in user has the correct read permissions to read all users' basic profiles.
    218327-image.png

    I hope this helps!

    If you have any other questions, please let me know.
    Thank you for your time and patience throughout this issue.

    1 person found this answer helpful.