APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
The following tables show the least privileged permission or permissions required to call this API on each supported resource type. Follow best practices to request least privileged permissions. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
For Cloud PC provider
Permission type
Least privileged permissions
Higher privileged permissions
Delegated (work or school account)
CloudPC.ReadWrite.All
DeviceManagementRBAC.ReadWrite.All
Delegated (personal Microsoft account)
Not supported.
Not supported.
Application
CloudPC.ReadWrite.All
DeviceManagementRBAC.ReadWrite.All
For Device management (Intune) provider
Permission type
Least privileged permissions
Higher privileged permissions
Delegated (work or school account)
CloudPC.ReadWrite.All
DeviceManagementRBAC.ReadWrite.All
Delegated (personal Microsoft account)
Not supported.
Not supported.
Application
CloudPC.ReadWrite.All
DeviceManagementRBAC.ReadWrite.All
HTTP request
To create role assignment for a Cloud PC provider:
POST /roleManagement/cloudPC/roleAssignments
To create role assignment for an Intune provider:
POST /roleManagement/deviceManagement/roleAssignments
In the request body, supply a JSON representation of unifiedRoleAssignmentMultiple object. The request must have either a scope defined in Microsoft Entra ID, such as directoryScopeIds, or an application-specific scope, such as appScopeId. Examples of Microsoft Entra scope are tenant ("/"), administrative units, or applications.
Response
If successful, this method returns a 201 Created response code and a new unifiedRoleAssignmentMultiple object in the response body.
Examples
Example 1: Create a role assignment in Intune over two scope groups (which are Microsoft Entra objects)
Request
The following example shows a request.
Note: the use of the roleTemplateId for roleDefinitionId. roleDefinitionId can be either the service-wide template ID or the directory-specific roleDefinitionId.
POST https://graph.microsoft.com/beta/roleManagement/deviceManagement/roleAssignments
Content-type: application/json
{
"@odata.type": "#microsoft.graph.unifiedRoleAssignmentMultiple",
"displayName": "My test role assignment 1",
"roleDefinitionId": "c2cf284d-6c41-4e6b-afac-4b80928c9034",
"principalIds": ["f8ca5a85-489a-49a0-b555-0a6d81e56f0d", "c1518aa9-4da5-4c84-a902-a31404023890"],
"directoryScopeIds": ["28ca5a85-489a-49a0-b555-0a6d81e56f0d", "8152656a-cf9a-4928-a457-1512d4cae295"],
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new UnifiedRoleAssignmentMultiple
{
OdataType = "#microsoft.graph.unifiedRoleAssignmentMultiple",
DisplayName = "My test role assignment 1",
RoleDefinitionId = "c2cf284d-6c41-4e6b-afac-4b80928c9034",
PrincipalIds = new List<string>
{
"f8ca5a85-489a-49a0-b555-0a6d81e56f0d",
"c1518aa9-4da5-4c84-a902-a31404023890",
},
DirectoryScopeIds = new List<string>
{
"28ca5a85-489a-49a0-b555-0a6d81e56f0d",
"8152656a-cf9a-4928-a457-1512d4cae295",
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.RoleManagement.DeviceManagement.RoleAssignments.PostAsync(requestBody);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc-beta role-management device-management role-assignments create --body '{\
"@odata.type": "#microsoft.graph.unifiedRoleAssignmentMultiple",\
"displayName": "My test role assignment 1",\
"roleDefinitionId": "c2cf284d-6c41-4e6b-afac-4b80928c9034",\
"principalIds": ["f8ca5a85-489a-49a0-b555-0a6d81e56f0d", "c1518aa9-4da5-4c84-a902-a31404023890"],\
"directoryScopeIds": ["28ca5a85-489a-49a0-b555-0a6d81e56f0d", "8152656a-cf9a-4928-a457-1512d4cae295"],\
}\
'
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
UnifiedRoleAssignmentMultiple unifiedRoleAssignmentMultiple = new UnifiedRoleAssignmentMultiple();
unifiedRoleAssignmentMultiple.setOdataType("#microsoft.graph.unifiedRoleAssignmentMultiple");
unifiedRoleAssignmentMultiple.setDisplayName("My test role assignment 1");
unifiedRoleAssignmentMultiple.setRoleDefinitionId("c2cf284d-6c41-4e6b-afac-4b80928c9034");
LinkedList<String> principalIds = new LinkedList<String>();
principalIds.add("f8ca5a85-489a-49a0-b555-0a6d81e56f0d");
principalIds.add("c1518aa9-4da5-4c84-a902-a31404023890");
unifiedRoleAssignmentMultiple.setPrincipalIds(principalIds);
LinkedList<String> directoryScopeIds = new LinkedList<String>();
directoryScopeIds.add("28ca5a85-489a-49a0-b555-0a6d81e56f0d");
directoryScopeIds.add("8152656a-cf9a-4928-a457-1512d4cae295");
unifiedRoleAssignmentMultiple.setDirectoryScopeIds(directoryScopeIds);
UnifiedRoleAssignmentMultiple result = graphClient.roleManagement().deviceManagement().roleAssignments().post(unifiedRoleAssignmentMultiple);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\UnifiedRoleAssignmentMultiple;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new UnifiedRoleAssignmentMultiple();
$requestBody->setOdataType('#microsoft.graph.unifiedRoleAssignmentMultiple');
$requestBody->setDisplayName('My test role assignment 1');
$requestBody->setRoleDefinitionId('c2cf284d-6c41-4e6b-afac-4b80928c9034');
$requestBody->setPrincipalIds(['f8ca5a85-489a-49a0-b555-0a6d81e56f0d', 'c1518aa9-4da5-4c84-a902-a31404023890', ]);
$requestBody->setDirectoryScopeIds(['28ca5a85-489a-49a0-b555-0a6d81e56f0d', '8152656a-cf9a-4928-a457-1512d4cae295', ]);
$result = $graphServiceClient->roleManagement()->deviceManagement()->roleAssignments()->post($requestBody)->wait();
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
from msgraph import GraphServiceClient
from msgraph.generated.models.unified_role_assignment_multiple import UnifiedRoleAssignmentMultiple
graph_client = GraphServiceClient(credentials, scopes)
request_body = UnifiedRoleAssignmentMultiple(
odata_type = "#microsoft.graph.unifiedRoleAssignmentMultiple",
display_name = "My test role assignment 1",
role_definition_id = "c2cf284d-6c41-4e6b-afac-4b80928c9034",
principal_ids = [
"f8ca5a85-489a-49a0-b555-0a6d81e56f0d",
"c1518aa9-4da5-4c84-a902-a31404023890",
],
directory_scope_ids = [
"28ca5a85-489a-49a0-b555-0a6d81e56f0d",
"8152656a-cf9a-4928-a457-1512d4cae295",
],
)
result = await graph_client.role_management.device_management.role_assignments.post(request_body)
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
POST https://graph.microsoft.com/beta/roleManagement/deviceManagement/roleAssignments
Content-type: application/json
{
"@odata.type": "#microsoft.graph.unifiedRoleAssignmentMultiple",
"displayName": "My test role assignment 1",
"roleDefinitionId": "c2cf284d-6c41-4e6b-afac-4b80928c9034",
"principalIds": ["f8ca5a85-489a-49a0-b555-0a6d81e56f0d", "c1518aa9-4da5-4c84-a902-a31404023890"],
"appScopeIds": ["allDevices"]
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new UnifiedRoleAssignmentMultiple
{
OdataType = "#microsoft.graph.unifiedRoleAssignmentMultiple",
DisplayName = "My test role assignment 1",
RoleDefinitionId = "c2cf284d-6c41-4e6b-afac-4b80928c9034",
PrincipalIds = new List<string>
{
"f8ca5a85-489a-49a0-b555-0a6d81e56f0d",
"c1518aa9-4da5-4c84-a902-a31404023890",
},
AppScopeIds = new List<string>
{
"allDevices",
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.RoleManagement.DeviceManagement.RoleAssignments.PostAsync(requestBody);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc-beta role-management device-management role-assignments create --body '{\
"@odata.type": "#microsoft.graph.unifiedRoleAssignmentMultiple",\
"displayName": "My test role assignment 1",\
"roleDefinitionId": "c2cf284d-6c41-4e6b-afac-4b80928c9034",\
"principalIds": ["f8ca5a85-489a-49a0-b555-0a6d81e56f0d", "c1518aa9-4da5-4c84-a902-a31404023890"],\
"appScopeIds": ["allDevices"]\
}\
'
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
UnifiedRoleAssignmentMultiple unifiedRoleAssignmentMultiple = new UnifiedRoleAssignmentMultiple();
unifiedRoleAssignmentMultiple.setOdataType("#microsoft.graph.unifiedRoleAssignmentMultiple");
unifiedRoleAssignmentMultiple.setDisplayName("My test role assignment 1");
unifiedRoleAssignmentMultiple.setRoleDefinitionId("c2cf284d-6c41-4e6b-afac-4b80928c9034");
LinkedList<String> principalIds = new LinkedList<String>();
principalIds.add("f8ca5a85-489a-49a0-b555-0a6d81e56f0d");
principalIds.add("c1518aa9-4da5-4c84-a902-a31404023890");
unifiedRoleAssignmentMultiple.setPrincipalIds(principalIds);
LinkedList<String> appScopeIds = new LinkedList<String>();
appScopeIds.add("allDevices");
unifiedRoleAssignmentMultiple.setAppScopeIds(appScopeIds);
UnifiedRoleAssignmentMultiple result = graphClient.roleManagement().deviceManagement().roleAssignments().post(unifiedRoleAssignmentMultiple);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\UnifiedRoleAssignmentMultiple;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new UnifiedRoleAssignmentMultiple();
$requestBody->setOdataType('#microsoft.graph.unifiedRoleAssignmentMultiple');
$requestBody->setDisplayName('My test role assignment 1');
$requestBody->setRoleDefinitionId('c2cf284d-6c41-4e6b-afac-4b80928c9034');
$requestBody->setPrincipalIds(['f8ca5a85-489a-49a0-b555-0a6d81e56f0d', 'c1518aa9-4da5-4c84-a902-a31404023890', ]);
$requestBody->setAppScopeIds(['allDevices', ]);
$result = $graphServiceClient->roleManagement()->deviceManagement()->roleAssignments()->post($requestBody)->wait();
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
from msgraph import GraphServiceClient
from msgraph.generated.models.unified_role_assignment_multiple import UnifiedRoleAssignmentMultiple
graph_client = GraphServiceClient(credentials, scopes)
request_body = UnifiedRoleAssignmentMultiple(
odata_type = "#microsoft.graph.unifiedRoleAssignmentMultiple",
display_name = "My test role assignment 1",
role_definition_id = "c2cf284d-6c41-4e6b-afac-4b80928c9034",
principal_ids = [
"f8ca5a85-489a-49a0-b555-0a6d81e56f0d",
"c1518aa9-4da5-4c84-a902-a31404023890",
],
app_scope_ids = [
"allDevices",
],
)
result = await graph_client.role_management.device_management.role_assignments.post(request_body)
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
POST https://graph.microsoft.com/beta/roleManagement/cloudPC/roleAssignments
Content-type: application/json
{
"@odata.type": "#microsoft.graph.unifiedRoleAssignmentMultiple",
"displayName": "My test role assignment 1",
"description": "My role assignment description",
"roleDefinitionId": "b5c08161-a7af-481c-ace2-a20a69a48fb1",
"principalIds": ["f8ca5a85-489a-49a0-b555-0a6d81e56f0d", "c1518aa9-4da5-4c84-a902-a31404023890"]
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new UnifiedRoleAssignmentMultiple
{
OdataType = "#microsoft.graph.unifiedRoleAssignmentMultiple",
DisplayName = "My test role assignment 1",
Description = "My role assignment description",
RoleDefinitionId = "b5c08161-a7af-481c-ace2-a20a69a48fb1",
PrincipalIds = new List<string>
{
"f8ca5a85-489a-49a0-b555-0a6d81e56f0d",
"c1518aa9-4da5-4c84-a902-a31404023890",
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.RoleManagement.CloudPC.RoleAssignments.PostAsync(requestBody);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc-beta role-management cloud-pc role-assignments create --body '{\
"@odata.type": "#microsoft.graph.unifiedRoleAssignmentMultiple",\
"displayName": "My test role assignment 1",\
"description": "My role assignment description",\
"roleDefinitionId": "b5c08161-a7af-481c-ace2-a20a69a48fb1",\
"principalIds": ["f8ca5a85-489a-49a0-b555-0a6d81e56f0d", "c1518aa9-4da5-4c84-a902-a31404023890"]\
}\
'
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)
requestBody := graphmodels.NewUnifiedRoleAssignmentMultiple()
displayName := "My test role assignment 1"
requestBody.SetDisplayName(&displayName)
description := "My role assignment description"
requestBody.SetDescription(&description)
roleDefinitionId := "b5c08161-a7af-481c-ace2-a20a69a48fb1"
requestBody.SetRoleDefinitionId(&roleDefinitionId)
principalIds := []string {
"f8ca5a85-489a-49a0-b555-0a6d81e56f0d",
"c1518aa9-4da5-4c84-a902-a31404023890",
}
requestBody.SetPrincipalIds(principalIds)
roleAssignments, err := graphClient.RoleManagement().CloudPC().RoleAssignments().Post(context.Background(), requestBody, nil)
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
UnifiedRoleAssignmentMultiple unifiedRoleAssignmentMultiple = new UnifiedRoleAssignmentMultiple();
unifiedRoleAssignmentMultiple.setOdataType("#microsoft.graph.unifiedRoleAssignmentMultiple");
unifiedRoleAssignmentMultiple.setDisplayName("My test role assignment 1");
unifiedRoleAssignmentMultiple.setDescription("My role assignment description");
unifiedRoleAssignmentMultiple.setRoleDefinitionId("b5c08161-a7af-481c-ace2-a20a69a48fb1");
LinkedList<String> principalIds = new LinkedList<String>();
principalIds.add("f8ca5a85-489a-49a0-b555-0a6d81e56f0d");
principalIds.add("c1518aa9-4da5-4c84-a902-a31404023890");
unifiedRoleAssignmentMultiple.setPrincipalIds(principalIds);
UnifiedRoleAssignmentMultiple result = graphClient.roleManagement().cloudPC().roleAssignments().post(unifiedRoleAssignmentMultiple);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\UnifiedRoleAssignmentMultiple;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new UnifiedRoleAssignmentMultiple();
$requestBody->setOdataType('#microsoft.graph.unifiedRoleAssignmentMultiple');
$requestBody->setDisplayName('My test role assignment 1');
$requestBody->setDescription('My role assignment description');
$requestBody->setRoleDefinitionId('b5c08161-a7af-481c-ace2-a20a69a48fb1');
$requestBody->setPrincipalIds(['f8ca5a85-489a-49a0-b555-0a6d81e56f0d', 'c1518aa9-4da5-4c84-a902-a31404023890', ]);
$result = $graphServiceClient->roleManagement()->cloudPC()->roleAssignments()->post($requestBody)->wait();
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
Import-Module Microsoft.Graph.Beta.DeviceManagement.Enrollment
$params = @{
"@odata.type" = "#microsoft.graph.unifiedRoleAssignmentMultiple"
displayName = "My test role assignment 1"
description = "My role assignment description"
roleDefinitionId = "b5c08161-a7af-481c-ace2-a20a69a48fb1"
principalIds = @(
"f8ca5a85-489a-49a0-b555-0a6d81e56f0d"
"c1518aa9-4da5-4c84-a902-a31404023890"
)
}
New-MgBetaRoleManagementCloudPcRoleAssignment -BodyParameter $params
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
from msgraph import GraphServiceClient
from msgraph.generated.models.unified_role_assignment_multiple import UnifiedRoleAssignmentMultiple
graph_client = GraphServiceClient(credentials, scopes)
request_body = UnifiedRoleAssignmentMultiple(
odata_type = "#microsoft.graph.unifiedRoleAssignmentMultiple",
display_name = "My test role assignment 1",
description = "My role assignment description",
role_definition_id = "b5c08161-a7af-481c-ace2-a20a69a48fb1",
principal_ids = [
"f8ca5a85-489a-49a0-b555-0a6d81e56f0d",
"c1518aa9-4da5-4c84-a902-a31404023890",
],
)
result = await graph_client.role_management.cloud_p_c.role_assignments.post(request_body)
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.