APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
Depending on the RBAC provider and the permission type (delegated or application) that is needed, choose from the following table the least privileged permission required to call this API. To learn more, including taking caution before choosing more privileged permissions, see Permissions.
For Cloud PC provider
Permission type
Permissions (from least to most privileged)
Delegated (work or school account)
CloudPC.ReadWrite.All
Delegated (personal Microsoft account)
Not supported.
Application
CloudPC.ReadWrite.All
For Device management (Intune) provider
Permission type
Permissions (from least to most privileged)
Delegated (work or school account)
DeviceManagementRBAC.ReadWrite.All
Delegated (personal Microsoft account)
Not supported.
Application
DeviceManagementRBAC.ReadWrite.All
HTTP request
To create role assignment for a Cloud PC provider:
POST /roleManagement/cloudPC/roleAssignments
To create role assignment for an Intune provider:
POST /roleManagement/deviceManagement/roleAssignments
Request headers
Name
Description
Authorization
Bearer {token}. Required.
Content-type
application/json. Required.
Request body
In the request body, supply a JSON representation of unifiedRoleAssignmentMultiple object. The request must have either a scope defined in Azure AD, such as directoryScopeIds, or an application-specific scope, such as appScopeId. Examples of Azure AD scope are tenant ("/"), administrative units, or applications.
Response
If successful, this method returns a 201 Created response code and a new unifiedRoleAssignmentMultiple object in the response body.
Examples
Example 1: Create a role assignment in Intune over two scope groups (which are Azure AD objects)
Request
The following is an example of the request.
Note: the use of the roleTemplateId for roleDefinitionId. roleDefinitionId can be either the service-wide template ID or the directory-specific roleDefinitionId.
POST https://graph.microsoft.com/beta/roleManagement/deviceManagement/roleAssignments
Content-type: application/json
{
"@odata.type": "#microsoft.graph.unifiedRoleAssignmentMultiple",
"displayName": "My test role assignment 1",
"roleDefinitionId": "c2cf284d-6c41-4e6b-afac-4b80928c9034",
"principalIds": ["f8ca5a85-489a-49a0-b555-0a6d81e56f0d", "c1518aa9-4da5-4c84-a902-a31404023890"],
"directoryScopeIds": ["28ca5a85-489a-49a0-b555-0a6d81e56f0d", "8152656a-cf9a-4928-a457-1512d4cae295"],
}
GraphServiceClient graphClient = new GraphServiceClient( authProvider );
var unifiedRoleAssignmentMultiple = new UnifiedRoleAssignmentMultiple
{
DisplayName = "My test role assignment 1",
RoleDefinitionId = "c2cf284d-6c41-4e6b-afac-4b80928c9034",
PrincipalIds = new List<String>()
{
"f8ca5a85-489a-49a0-b555-0a6d81e56f0d",
"c1518aa9-4da5-4c84-a902-a31404023890"
},
DirectoryScopeIds = new List<String>()
{
"28ca5a85-489a-49a0-b555-0a6d81e56f0d",
"8152656a-cf9a-4928-a457-1512d4cae295"
}
};
await graphClient.RoleManagement.DeviceManagement.RoleAssignments
.Request()
.AddAsync(unifiedRoleAssignmentMultiple);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();
UnifiedRoleAssignmentMultiple unifiedRoleAssignmentMultiple = new UnifiedRoleAssignmentMultiple();
unifiedRoleAssignmentMultiple.displayName = "My test role assignment 1";
unifiedRoleAssignmentMultiple.roleDefinitionId = "c2cf284d-6c41-4e6b-afac-4b80928c9034";
LinkedList<String> principalIdsList = new LinkedList<String>();
principalIdsList.add("f8ca5a85-489a-49a0-b555-0a6d81e56f0d");
principalIdsList.add("c1518aa9-4da5-4c84-a902-a31404023890");
unifiedRoleAssignmentMultiple.principalIds = principalIdsList;
LinkedList<String> directoryScopeIdsList = new LinkedList<String>();
directoryScopeIdsList.add("28ca5a85-489a-49a0-b555-0a6d81e56f0d");
directoryScopeIdsList.add("8152656a-cf9a-4928-a457-1512d4cae295");
unifiedRoleAssignmentMultiple.directoryScopeIds = directoryScopeIdsList;
graphClient.roleManagement().deviceManagement().roleAssignments()
.buildRequest()
.post(unifiedRoleAssignmentMultiple);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
//THE GO SDK IS IN PREVIEW. NON-PRODUCTION USE ONLY
graphClient := msgraphsdk.NewGraphServiceClient(requestAdapter)
requestBody := graphmodels.NewUnifiedRoleAssignmentMultiple()
displayName := "My test role assignment 1"
requestBody.SetDisplayName(&displayName)
roleDefinitionId := "c2cf284d-6c41-4e6b-afac-4b80928c9034"
requestBody.SetRoleDefinitionId(&roleDefinitionId)
principalIds := []string {
"f8ca5a85-489a-49a0-b555-0a6d81e56f0d",
"c1518aa9-4da5-4c84-a902-a31404023890",
}
requestBody.SetPrincipalIds(principalIds)
directoryScopeIds := []string {
"28ca5a85-489a-49a0-b555-0a6d81e56f0d",
"8152656a-cf9a-4928-a457-1512d4cae295",
}
requestBody.SetDirectoryScopeIds(directoryScopeIds)
result, err := graphClient.RoleManagement().DeviceManagement().RoleAssignments().Post(context.Background(), requestBody, nil)
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
<?php
// THIS SNIPPET IS A PREVIEW FOR THE KIOTA BASED SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($requestAdapter);
$requestBody = new UnifiedRoleAssignmentMultiple();
$requestBody->set@odatatype('#microsoft.graph.unifiedRoleAssignmentMultiple');
$requestBody->setDisplayName('My test role assignment 1');
$requestBody->setRoleDefinitionId('c2cf284d-6c41-4e6b-afac-4b80928c9034');
$requestBody->setPrincipalIds(['f8ca5a85-489a-49a0-b555-0a6d81e56f0d', 'c1518aa9-4da5-4c84-a902-a31404023890', ]);
$requestBody->setDirectoryScopeIds(['28ca5a85-489a-49a0-b555-0a6d81e56f0d', '8152656a-cf9a-4928-a457-1512d4cae295', ]);
$requestResult = $graphServiceClient->roleManagement()->deviceManagement()->roleAssignments()->post($requestBody);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
POST https://graph.microsoft.com/beta/roleManagement/deviceManagement/roleAssignments
Content-type: application/json
{
"@odata.type": "#microsoft.graph.unifiedRoleAssignmentMultiple",
"displayName": "My test role assignment 1",
"roleDefinitionId": "c2cf284d-6c41-4e6b-afac-4b80928c9034",
"principalIds": ["f8ca5a85-489a-49a0-b555-0a6d81e56f0d", "c1518aa9-4da5-4c84-a902-a31404023890"],
"appScopeIds": ["allDevices"]
}
GraphServiceClient graphClient = new GraphServiceClient( authProvider );
var unifiedRoleAssignmentMultiple = new UnifiedRoleAssignmentMultiple
{
DisplayName = "My test role assignment 1",
RoleDefinitionId = "c2cf284d-6c41-4e6b-afac-4b80928c9034",
PrincipalIds = new List<String>()
{
"f8ca5a85-489a-49a0-b555-0a6d81e56f0d",
"c1518aa9-4da5-4c84-a902-a31404023890"
},
AppScopeIds = new List<String>()
{
"allDevices"
}
};
await graphClient.RoleManagement.DeviceManagement.RoleAssignments
.Request()
.AddAsync(unifiedRoleAssignmentMultiple);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();
UnifiedRoleAssignmentMultiple unifiedRoleAssignmentMultiple = new UnifiedRoleAssignmentMultiple();
unifiedRoleAssignmentMultiple.displayName = "My test role assignment 1";
unifiedRoleAssignmentMultiple.roleDefinitionId = "c2cf284d-6c41-4e6b-afac-4b80928c9034";
LinkedList<String> principalIdsList = new LinkedList<String>();
principalIdsList.add("f8ca5a85-489a-49a0-b555-0a6d81e56f0d");
principalIdsList.add("c1518aa9-4da5-4c84-a902-a31404023890");
unifiedRoleAssignmentMultiple.principalIds = principalIdsList;
LinkedList<String> appScopeIdsList = new LinkedList<String>();
appScopeIdsList.add("allDevices");
unifiedRoleAssignmentMultiple.appScopeIds = appScopeIdsList;
graphClient.roleManagement().deviceManagement().roleAssignments()
.buildRequest()
.post(unifiedRoleAssignmentMultiple);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
//THE GO SDK IS IN PREVIEW. NON-PRODUCTION USE ONLY
graphClient := msgraphsdk.NewGraphServiceClient(requestAdapter)
requestBody := graphmodels.NewUnifiedRoleAssignmentMultiple()
displayName := "My test role assignment 1"
requestBody.SetDisplayName(&displayName)
roleDefinitionId := "c2cf284d-6c41-4e6b-afac-4b80928c9034"
requestBody.SetRoleDefinitionId(&roleDefinitionId)
principalIds := []string {
"f8ca5a85-489a-49a0-b555-0a6d81e56f0d",
"c1518aa9-4da5-4c84-a902-a31404023890",
}
requestBody.SetPrincipalIds(principalIds)
appScopeIds := []string {
"allDevices",
}
requestBody.SetAppScopeIds(appScopeIds)
result, err := graphClient.RoleManagement().DeviceManagement().RoleAssignments().Post(context.Background(), requestBody, nil)
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
<?php
// THIS SNIPPET IS A PREVIEW FOR THE KIOTA BASED SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($requestAdapter);
$requestBody = new UnifiedRoleAssignmentMultiple();
$requestBody->set@odatatype('#microsoft.graph.unifiedRoleAssignmentMultiple');
$requestBody->setDisplayName('My test role assignment 1');
$requestBody->setRoleDefinitionId('c2cf284d-6c41-4e6b-afac-4b80928c9034');
$requestBody->setPrincipalIds(['f8ca5a85-489a-49a0-b555-0a6d81e56f0d', 'c1518aa9-4da5-4c84-a902-a31404023890', ]);
$requestBody->setAppScopeIds(['allDevices', ]);
$requestResult = $graphServiceClient->roleManagement()->deviceManagement()->roleAssignments()->post($requestBody);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
POST https://graph.microsoft.com/beta/roleManagement/cloudPC/roleAssignments
Content-type: application/json
{
"@odata.type": "#microsoft.graph.unifiedRoleAssignmentMultiple",
"displayName": "My test role assignment 1",
"description": "My role assignment description",
"roleDefinitionId": "b5c08161-a7af-481c-ace2-a20a69a48fb1",
"principalIds": ["f8ca5a85-489a-49a0-b555-0a6d81e56f0d", "c1518aa9-4da5-4c84-a902-a31404023890"]
}
GraphServiceClient graphClient = new GraphServiceClient( authProvider );
var unifiedRoleAssignmentMultiple = new UnifiedRoleAssignmentMultiple
{
DisplayName = "My test role assignment 1",
Description = "My role assignment description",
RoleDefinitionId = "b5c08161-a7af-481c-ace2-a20a69a48fb1",
PrincipalIds = new List<String>()
{
"f8ca5a85-489a-49a0-b555-0a6d81e56f0d",
"c1518aa9-4da5-4c84-a902-a31404023890"
}
};
await graphClient.RoleManagement.CloudPC.RoleAssignments
.Request()
.AddAsync(unifiedRoleAssignmentMultiple);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();
UnifiedRoleAssignmentMultiple unifiedRoleAssignmentMultiple = new UnifiedRoleAssignmentMultiple();
unifiedRoleAssignmentMultiple.displayName = "My test role assignment 1";
unifiedRoleAssignmentMultiple.description = "My role assignment description";
unifiedRoleAssignmentMultiple.roleDefinitionId = "b5c08161-a7af-481c-ace2-a20a69a48fb1";
LinkedList<String> principalIdsList = new LinkedList<String>();
principalIdsList.add("f8ca5a85-489a-49a0-b555-0a6d81e56f0d");
principalIdsList.add("c1518aa9-4da5-4c84-a902-a31404023890");
unifiedRoleAssignmentMultiple.principalIds = principalIdsList;
graphClient.roleManagement().cloudPC().roleAssignments()
.buildRequest()
.post(unifiedRoleAssignmentMultiple);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
//THE GO SDK IS IN PREVIEW. NON-PRODUCTION USE ONLY
graphClient := msgraphsdk.NewGraphServiceClient(requestAdapter)
requestBody := graphmodels.NewUnifiedRoleAssignmentMultiple()
displayName := "My test role assignment 1"
requestBody.SetDisplayName(&displayName)
description := "My role assignment description"
requestBody.SetDescription(&description)
roleDefinitionId := "b5c08161-a7af-481c-ace2-a20a69a48fb1"
requestBody.SetRoleDefinitionId(&roleDefinitionId)
principalIds := []string {
"f8ca5a85-489a-49a0-b555-0a6d81e56f0d",
"c1518aa9-4da5-4c84-a902-a31404023890",
}
requestBody.SetPrincipalIds(principalIds)
result, err := graphClient.RoleManagement().CloudPC().RoleAssignments().Post(context.Background(), requestBody, nil)
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
Import-Module Microsoft.Graph.DeviceManagement.Enrolment
$params = @{
"@odata.type" = "#microsoft.graph.unifiedRoleAssignmentMultiple"
DisplayName = "My test role assignment 1"
Description = "My role assignment description"
RoleDefinitionId = "b5c08161-a7af-481c-ace2-a20a69a48fb1"
PrincipalIds = @(
"f8ca5a85-489a-49a0-b555-0a6d81e56f0d"
"c1518aa9-4da5-4c84-a902-a31404023890"
)
}
New-MgRoleManagementCloudPcRoleAssignment -BodyParameter $params
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
<?php
// THIS SNIPPET IS A PREVIEW FOR THE KIOTA BASED SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($requestAdapter);
$requestBody = new UnifiedRoleAssignmentMultiple();
$requestBody->set@odatatype('#microsoft.graph.unifiedRoleAssignmentMultiple');
$requestBody->setDisplayName('My test role assignment 1');
$requestBody->setDescription('My role assignment description');
$requestBody->setRoleDefinitionId('b5c08161-a7af-481c-ace2-a20a69a48fb1');
$requestBody->setPrincipalIds(['f8ca5a85-489a-49a0-b555-0a6d81e56f0d', 'c1518aa9-4da5-4c84-a902-a31404023890', ]);
$requestResult = $graphServiceClient->roleManagement()->cloudPC()->roleAssignments()->post($requestBody);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.