I am finishing the MAADWA’s chapter on the Azure AD application model, and just realized that we don’t have in the docs any place where we highlight the IDs of the OOB Azure AD permissions. I am always a bit befuddled when I open the manifest of one app and see all those GUIDs in the requiredResourceAccess section – I sure would appreciate a quick reference on what they really mean. Well, here you go!

Permission description in the Azure portal

Identifier

Scope value

Type

Sign in and read user profile

311a71cc-e848-46a1-bdf8-97ff7156d8e6

UserProfile.Read

User

Read directory data

5778995a-e1bf-45b8-affa-663a9f3f4d04

Directory.Read

Admin (except for users from the tenant where the Application is defined)

Read and write directory data

78c8a3c8-a07e-4b9e-af1b-b5ccab50a175

Directory.Write

Admin

Access the directory as the signed-in user

a42657d6-7f20-40e3-b6f0-cee03008a62a

user_impersonation

Admin (except native clients)

 

Leave a Reply

Your email address will not be published. Required fields are marked *