Hybrid Identity Administrator 8ac3fc64-6eca-42ea-9e69-59f4c7b60eb2 Microsoft Entra Id

Hybrid Identity Administrator - 8ac3fc64-6eca-42ea-9e69-59f4c7b60eb2
Entra Id Role definition

{

id: "8ac3fc64-6eca-42ea-9e69-59f4c7b60eb2",
displayName: "Hybrid Identity Administrator",
description: "Can manage Active Directory to Microsoft Entra cloud provisioning, Microsoft Entra Connect, and federation settings.",
richDescription: "Users in this role can create, manage, and deploy provisioning configuration setup from Active Directory to Microsoft Entra ID using Cloud Provisioning as well as manage federation settings. Users can also troubleshoot and monitor logs using this role.",
privileged: true,
categories: "identity",
permissionsTotal: 114,
operationActionsCount: 117,
permissionsDirect: 60,
permissionsInherited: true,
permissionsInheritedCount: 54,
permissionsDirectAndInheritedCount: 0,
permissionsDirectAndInherited: null,
permissionsInheritedFrom: [1 item
- {2 items
  - id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
  - displayName: "Directory Readers"
  }
],
permissionsInheritedToCount: 0,
permissionsInheritedTo: null,
permissionsConditionedCount: 0,
permissionsUnConditionedCount: 114,
permissionConditioned: [],
permissionsPrivileged: 2,
permissionsNamespacesCount: 7,
permissionsNamespaces: [7 items
- {1 item
  - microsoft.azure.serviceHealth: 1
  },
- {1 item
  - microsoft.azure.supportTickets: 1
  },
- {1 item
  - microsoft.directory: 108
  },
- {1 item
  - microsoft.office365.messageCenter: 1
  },
- {1 item
  - microsoft.office365.serviceHealth: 1
  },
- {1 item
  - microsoft.office365.supportTickets: 1
  },
- {1 item
  - microsoft.office365.webPortal: 1
  }
],
permissionActionsCount: 10,
permissionActions: [10 items
- {1 item
  - allTasks: 7
  },
- {1 item
  - create: 3
  },
- {1 item
  - delete: 4
  },
- {1 item
  - disable: 1
  },
- {1 item
  - enable: 1
  },
- {1 item
  - manage: 9
  },
- {1 item
  - other: 1
  },
- {1 item
  - read: 64
  },
- {1 item
  - restore: 1
  },
- {1 item
  - update: 23
  }
],
permissionVerbsCount: 5,
permissionVerbs: [5 items
- {1 item
  - DELETE: 7
  },
- {1 item
  - GET: 64
  },
- {1 item
  - n/a: 7
  },
- {1 item
  - PATCH: 22
  },
- {1 item
  - POST: 17
  }
],
permissionsConsentPolicyAppliesCount: 0,
permissionsConsentPolicies: null,
permissions: [114 items
- {1 item
  - microsoft.azure.serviceHealth/allEntities/allTasks: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "allTasks"
      },
    - permissionDetails: {6 items
      - actionVerb: "n/a",
      - description: "Read and configure Azure Service Health",
      - id: "microsoft.azure.serviceHealth-allEntities-allTasks",
      - name: "microsoft.azure.serviceHealth/allEntities/allTasks",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.azure.supportTickets/allEntities/allTasks: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "allTasks"
      },
    - permissionDetails: {6 items
      - actionVerb: "n/a",
      - description: "Create and manage Azure support tickets",
      - id: "microsoft.azure.supportTickets-allEntities-allTasks",
      - name: "microsoft.azure.supportTickets/allEntities/allTasks",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/administrativeUnits/members/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read members of administrative units",
      - id: "microsoft.directory-administrativeUnits-members-read-get",
      - name: "microsoft.directory/administrativeUnits/members/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/administrativeUnits/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties on administrative units",
      - id: "microsoft.directory-administrativeUnits-standard-read-get",
      - name: "microsoft.directory/administrativeUnits/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/applicationPolicies/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read standard properties of application policies",
      - id: "microsoft.directory-applicationPolicies-standard-read-get",
      - name: "microsoft.directory/applicationPolicies/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/applications/appRoles/update: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "update"
      },
    - permissionDetails: {6 items
      - actionVerb: "PATCH",
      - description: "Update the appRoles property on all types of applications",
      - id: "microsoft.directory-applications-appRoles-update-patch",
      - name: "microsoft.directory/applications/appRoles/update",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/applications/audience/update: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "update"
      },
    - permissionDetails: {6 items
      - actionVerb: "PATCH",
      - description: "Update the audience property for applications",
      - id: "microsoft.directory-applications-audience-update-patch",
      - name: "microsoft.directory/applications/audience/update",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/applications/authentication/update: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "update"
      },
    - permissionDetails: {6 items
      - actionVerb: "PATCH",
      - description: "Update authentication on all types of applications",
      - id: "microsoft.directory-applications-authentication-update-patch",
      - name: "microsoft.directory/applications/authentication/update",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/applications/basic/update: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "update"
      },
    - permissionDetails: {6 items
      - actionVerb: "PATCH",
      - description: "Update basic properties for applications",
      - id: "microsoft.directory-applications-basic-update-patch",
      - name: "microsoft.directory/applications/basic/update",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/applications/create: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "create"
      },
    - permissionDetails: {6 items
      - actionVerb: "POST",
      - description: "Create all types of applications",
      - id: "microsoft.directory-applications-create-post",
      - name: "microsoft.directory/applications/create",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/applications/delete: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "delete"
      },
    - permissionDetails: {6 items
      - actionVerb: "DELETE",
      - description: "Delete all types of applications",
      - id: "microsoft.directory-applications-delete-delete",
      - name: "microsoft.directory/applications/delete",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/applications/notes/update: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "update"
      },
    - permissionDetails: {6 items
      - actionVerb: "PATCH",
      - description: "Update notes of applications",
      - id: "microsoft.directory-applications-notes-update-patch",
      - name: "microsoft.directory/applications/notes/update",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/applications/owners/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read owners of applications",
      - id: "microsoft.directory-applications-owners-read-get",
      - name: "microsoft.directory/applications/owners/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/applications/owners/update: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "update"
      },
    - permissionDetails: [2 items
      - {6 items
        actionVerb: "DELETE",
        description: "Update owners of applications",
        id: "microsoft.directory-applications-owners-update-delete",
        name: "microsoft.directory/applications/owners/update",
        resourceScopeId: null,
        isPrivileged: false
        },
      - {6 items
        actionVerb: "POST",
        description: "Update owners of applications",
        id: "microsoft.directory-applications-owners-update-post",
        name: "microsoft.directory/applications/owners/update",
        resourceScopeId: null,
        isPrivileged: false
        }
      ]
    }
  },
- {1 item
  - microsoft.directory/applications/permissions/update: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "update"
      },
    - permissionDetails: {6 items
      - actionVerb: "PATCH",
      - description: "Update exposed permissions and required permissions on all types of applications",
      - id: "microsoft.directory-applications-permissions-update-patch",
      - name: "microsoft.directory/applications/permissions/update",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/applications/policies/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read policies of applications",
      - id: "microsoft.directory-applications-policies-read-get",
      - name: "microsoft.directory/applications/policies/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/applications/policies/update: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "update"
      },
    - permissionDetails: {6 items
      - actionVerb: "PATCH",
      - description: "Update policies of applications",
      - id: "microsoft.directory-applications-policies-update-patch",
      - name: "microsoft.directory/applications/policies/update",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/applications/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read standard properties of applications",
      - id: "microsoft.directory-applications-standard-read-get",
      - name: "microsoft.directory/applications/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/applications/synchronization/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read provisioning settings associated with the application object",
      - id: "microsoft.directory-applications-synchronization-standard-read-get",
      - name: "microsoft.directory/applications/synchronization/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/applications/tag/update: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "update"
      },
    - permissionDetails: {6 items
      - actionVerb: "PATCH",
      - description: "Update tags of applications",
      - id: "microsoft.directory-applications-tag-update-patch",
      - name: "microsoft.directory/applications/tag/update",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/applicationTemplates/instantiate: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "other"
      },
    - permissionDetails: {6 items
      - actionVerb: "POST",
      - description: "Instantiate gallery applications from application templates",
      - id: "microsoft.directory-applicationTemplates-instantiate-post",
      - name: "microsoft.directory/applicationTemplates/instantiate",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/auditLogs/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all properties on audit logs, excluding custom security attributes audit logs",
      - id: "microsoft.directory-auditLogs-allProperties-read-get",
      - name: "microsoft.directory/auditLogs/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/cloudProvisioning/allProperties/allTasks: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "allTasks"
      },
    - permissionDetails: {6 items
      - actionVerb: "n/a",
      - description: "Read and configure all properties of Microsoft Entra cloud provisioning service.",
      - id: "microsoft.directory-cloudProvisioning-allProperties-allTasks",
      - name: "microsoft.directory/cloudProvisioning/allProperties/allTasks",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/contacts/memberOf/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read the group membership for all contacts in Microsoft Entra ID",
      - id: "microsoft.directory-contacts-memberOf-read-get",
      - name: "microsoft.directory/contacts/memberOf/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/contacts/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties on contacts in Microsoft Entra ID",
      - id: "microsoft.directory-contacts-standard-read-get",
      - name: "microsoft.directory/contacts/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/contracts/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties on partner contracts",
      - id: "microsoft.directory-contracts-standard-read-get",
      - name: "microsoft.directory/contracts/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/deletedItems.applications/delete: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "delete"
      },
    - permissionDetails: {6 items
      - actionVerb: "DELETE",
      - description: "Permanently delete applications, which can no longer be restored",
      - id: "microsoft.directory-deletedItems.applications-delete-delete",
      - name: "microsoft.directory/deletedItems.applications/delete",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/deletedItems.applications/restore: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "restore"
      },
    - permissionDetails: {6 items
      - actionVerb: "POST",
      - description: "Restore soft deleted applications to original state",
      - id: "microsoft.directory-deletedItems.applications-restore-post",
      - name: "microsoft.directory/deletedItems.applications/restore",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/devices/memberOf/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read device memberships",
      - id: "microsoft.directory-devices-memberOf-read-get",
      - name: "microsoft.directory/devices/memberOf/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/devices/registeredOwners/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read registered owners of devices",
      - id: "microsoft.directory-devices-registeredOwners-read-get",
      - name: "microsoft.directory/devices/registeredOwners/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/devices/registeredUsers/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read registered users of devices",
      - id: "microsoft.directory-devices-registeredUsers-read-get",
      - name: "microsoft.directory/devices/registeredUsers/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/devices/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties on devices",
      - id: "microsoft.directory-devices-standard-read-get",
      - name: "microsoft.directory/devices/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/directoryRoles/eligibleMembers/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read the eligible members of Microsoft Entra roles",
      - id: "microsoft.directory-directoryRoles-eligibleMembers-read-get",
      - name: "microsoft.directory/directoryRoles/eligibleMembers/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/directoryRoles/members/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all members of Microsoft Entra roles",
      - id: "microsoft.directory-directoryRoles-members-read-get",
      - name: "microsoft.directory/directoryRoles/members/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/directoryRoles/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties of Microsoft Entra roles",
      - id: "microsoft.directory-directoryRoles-standard-read-get",
      - name: "microsoft.directory/directoryRoles/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/domains/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all properties of domains",
      - id: "microsoft.directory-domains-allProperties-read-get",
      - name: "microsoft.directory/domains/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/domains/federation/update: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "update"
      },
    - permissionDetails: {6 items
      - actionVerb: "PATCH",
      - description: "Update federation property of domains",
      - id: "microsoft.directory-domains-federation-update-patch",
      - name: "microsoft.directory/domains/federation/update",
      - resourceScopeId: null,
      - isPrivileged: true
      }
    }
  },
- {1 item
  - microsoft.directory/domains/federationConfiguration/basic/update: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "update"
      },
    - permissionDetails: {6 items
      - actionVerb: "PATCH",
      - description: "Update basic federation configuration for domains",
      - id: "microsoft.directory-domains-federationConfiguration-basic-update-patch",
      - name: "microsoft.directory/domains/federationConfiguration/basic/update",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/domains/federationConfiguration/create: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "create"
      },
    - permissionDetails: {6 items
      - actionVerb: "POST",
      - description: "Create federation configuration for domains",
      - id: "microsoft.directory-domains-federationConfiguration-create-post",
      - name: "microsoft.directory/domains/federationConfiguration/create",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/domains/federationConfiguration/delete: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "delete"
      },
    - permissionDetails: {6 items
      - actionVerb: "DELETE",
      - description: "Delete federation configuration for domains",
      - id: "microsoft.directory-domains-federationConfiguration-delete-delete",
      - name: "microsoft.directory/domains/federationConfiguration/delete",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/domains/federationConfiguration/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read standard properties of federation configuration for domains",
      - id: "microsoft.directory-domains-federationConfiguration-standard-read-get",
      - name: "microsoft.directory/domains/federationConfiguration/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/domains/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties on domains",
      - id: "microsoft.directory-domains-standard-read-get",
      - name: "microsoft.directory/domains/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/groups/appRoleAssignments/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read application role assignments of groups",
      - id: "microsoft.directory-groups-appRoleAssignments-read-get",
      - name: "microsoft.directory/groups/appRoleAssignments/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/groups/memberOf/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read the memberOf property on Security groups and Microsoft 365 groups, including role-assignable groups",
      - id: "microsoft.directory-groups-memberOf-read-get",
      - name: "microsoft.directory/groups/memberOf/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/groups/members/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read members of Security groups and Microsoft 365 groups, including role-assignable groups",
      - id: "microsoft.directory-groups-members-read-get",
      - name: "microsoft.directory/groups/members/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/groups/owners/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read owners of Security groups and Microsoft 365 groups, including role-assignable groups",
      - id: "microsoft.directory-groups-owners-read-get",
      - name: "microsoft.directory/groups/owners/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/groups/settings/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read settings of groups",
      - id: "microsoft.directory-groups-settings-read-get",
      - name: "microsoft.directory/groups/settings/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/groups/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read standard properties of Security groups and Microsoft 365 groups, including role-assignable groups",
      - id: "microsoft.directory-groups-standard-read-get",
      - name: "microsoft.directory/groups/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/groupSettings/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties on group settings",
      - id: "microsoft.directory-groupSettings-standard-read-get",
      - name: "microsoft.directory/groupSettings/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/groupSettingTemplates/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties on group setting templates",
      - id: "microsoft.directory-groupSettingTemplates-standard-read-get",
      - name: "microsoft.directory/groupSettingTemplates/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/hybridAuthenticationPolicy/allProperties/allTasks: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "allTasks"
      },
    - permissionDetails: {6 items
      - actionVerb: "n/a",
      - description: "Manage hybrid authentication policy in Microsoft Entra ID",
      - id: "microsoft.directory-hybridAuthenticationPolicy-allProperties-allTasks",
      - name: "microsoft.directory/hybridAuthenticationPolicy/allProperties/allTasks",
      - resourceScopeId: null,
      - isPrivileged: true
      }
    }
  },
- {1 item
  - microsoft.directory/oAuth2PermissionGrants/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties on OAuth 2.0 permission grants",
      - id: "microsoft.directory-oAuth2PermissionGrants-standard-read-get",
      - name: "microsoft.directory/oAuth2PermissionGrants/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/onPremisesSynchronization/basic/update: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "update"
      },
    - permissionDetails: {6 items
      - actionVerb: "PATCH",
      - description: "Update basic on-premises directory synchronization information",
      - id: "microsoft.directory-onPremisesSynchronization-basic-update-patch",
      - name: "microsoft.directory/onPremisesSynchronization/basic/update",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/onPremisesSynchronization/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read standard on-premises directory synchronization information",
      - id: "microsoft.directory-onPremisesSynchronization-standard-read-get",
      - name: "microsoft.directory/onPremisesSynchronization/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/organization/dirSync/update: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "update"
      },
    - permissionDetails: {6 items
      - actionVerb: "PATCH",
      - description: "Update the organization directory sync property",
      - id: "microsoft.directory-organization-dirSync-update-patch",
      - name: "microsoft.directory/organization/dirSync/update",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/organization/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties on an organization",
      - id: "microsoft.directory-organization-standard-read-get",
      - name: "microsoft.directory/organization/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/organization/trustedCAsForPasswordlessAuth/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read trusted certificate authorities for passwordless authentication",
      - id: "microsoft.directory-organization-trustedCAsForPasswordlessAuth-read-get",
      - name: "microsoft.directory/organization/trustedCAsForPasswordlessAuth/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/passwordHashSync/allProperties/allTasks: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "allTasks"
      },
    - permissionDetails: {6 items
      - actionVerb: "n/a",
      - description: "Manage all aspects of Password Hash Synchronization (PHS) in Microsoft Entra ID",
      - id: "microsoft.directory-passwordHashSync-allProperties-allTasks",
      - name: "microsoft.directory/passwordHashSync/allProperties/allTasks",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/provisioningLogs/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all properties of provisioning logs",
      - id: "microsoft.directory-provisioningLogs-allProperties-read-get",
      - name: "microsoft.directory/provisioningLogs/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/roleAssignments/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties on role assignments",
      - id: "microsoft.directory-roleAssignments-standard-read-get",
      - name: "microsoft.directory/roleAssignments/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/roleDefinitions/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties on role definitions",
      - id: "microsoft.directory-roleDefinitions-standard-read-get",
      - name: "microsoft.directory/roleDefinitions/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/appRoleAssignedTo/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read service principal role assignments",
      - id: "microsoft.directory-servicePrincipals-appRoleAssignedTo-read-get",
      - name: "microsoft.directory/servicePrincipals/appRoleAssignedTo/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/appRoleAssignedTo/update: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "update"
      },
    - permissionDetails: [2 items
      - {6 items
        actionVerb: "DELETE",
        description: "Update service principal role assignments",
        id: "microsoft.directory-servicePrincipals-appRoleAssignedTo-update-delete",
        name: "microsoft.directory/servicePrincipals/appRoleAssignedTo/update",
        resourceScopeId: null,
        isPrivileged: false
        },
      - {6 items
        actionVerb: "POST",
        description: "Update service principal role assignments",
        id: "microsoft.directory-servicePrincipals-appRoleAssignedTo-update-post",
        name: "microsoft.directory/servicePrincipals/appRoleAssignedTo/update",
        resourceScopeId: null,
        isPrivileged: false
        }
      ]
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/appRoleAssignments/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read role assignments assigned to service principals",
      - id: "microsoft.directory-servicePrincipals-appRoleAssignments-read-get",
      - name: "microsoft.directory/servicePrincipals/appRoleAssignments/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/audience/update: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "update"
      },
    - permissionDetails: {6 items
      - actionVerb: "PATCH",
      - description: "Update audience properties on service principals",
      - id: "microsoft.directory-servicePrincipals-audience-update-patch",
      - name: "microsoft.directory/servicePrincipals/audience/update",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/authentication/update: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "update"
      },
    - permissionDetails: {6 items
      - actionVerb: "PATCH",
      - description: "Update authentication properties on service principals",
      - id: "microsoft.directory-servicePrincipals-authentication-update-patch",
      - name: "microsoft.directory/servicePrincipals/authentication/update",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/basic/update: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "update"
      },
    - permissionDetails: {6 items
      - actionVerb: "PATCH",
      - description: "Update basic properties on service principals",
      - id: "microsoft.directory-servicePrincipals-basic-update-patch",
      - name: "microsoft.directory/servicePrincipals/basic/update",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/create: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "create"
      },
    - permissionDetails: {6 items
      - actionVerb: "POST",
      - description: "Create service principals",
      - id: "microsoft.directory-servicePrincipals-create-post",
      - name: "microsoft.directory/servicePrincipals/create",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/delete: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "delete"
      },
    - permissionDetails: {6 items
      - actionVerb: "DELETE",
      - description: "Delete service principals",
      - id: "microsoft.directory-servicePrincipals-delete-delete",
      - name: "microsoft.directory/servicePrincipals/delete",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/disable: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "disable"
      },
    - permissionDetails: {6 items
      - actionVerb: "PATCH",
      - description: "Disable service principals",
      - id: "microsoft.directory-servicePrincipals-disable-patch",
      - name: "microsoft.directory/servicePrincipals/disable",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/enable: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "enable"
      },
    - permissionDetails: {6 items
      - actionVerb: "PATCH",
      - description: "Enable service principals",
      - id: "microsoft.directory-servicePrincipals-enable-patch",
      - name: "microsoft.directory/servicePrincipals/enable",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/memberOf/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read the group memberships on service principals",
      - id: "microsoft.directory-servicePrincipals-memberOf-read-get",
      - name: "microsoft.directory/servicePrincipals/memberOf/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/notes/update: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "update"
      },
    - permissionDetails: {6 items
      - actionVerb: "PATCH",
      - description: "Update notes of service principals",
      - id: "microsoft.directory-servicePrincipals-notes-update-patch",
      - name: "microsoft.directory/servicePrincipals/notes/update",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/oAuth2PermissionGrants/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read delegated permission grants on service principals",
      - id: "microsoft.directory-servicePrincipals-oAuth2PermissionGrants-read-get",
      - name: "microsoft.directory/servicePrincipals/oAuth2PermissionGrants/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/ownedObjects/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read owned objects of service principals",
      - id: "microsoft.directory-servicePrincipals-ownedObjects-read-get",
      - name: "microsoft.directory/servicePrincipals/ownedObjects/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/owners/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read owners of service principals",
      - id: "microsoft.directory-servicePrincipals-owners-read-get",
      - name: "microsoft.directory/servicePrincipals/owners/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/owners/update: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "update"
      },
    - permissionDetails: [2 items
      - {6 items
        actionVerb: "DELETE",
        description: "Update owners of service principals",
        id: "microsoft.directory-servicePrincipals-owners-update-delete",
        name: "microsoft.directory/servicePrincipals/owners/update",
        resourceScopeId: null,
        isPrivileged: false
        },
      - {6 items
        actionVerb: "POST",
        description: "Update owners of service principals",
        id: "microsoft.directory-servicePrincipals-owners-update-post",
        name: "microsoft.directory/servicePrincipals/owners/update",
        resourceScopeId: null,
        isPrivileged: false
        }
      ]
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/permissions/update: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "update"
      },
    - permissionDetails: {6 items
      - actionVerb: "PATCH",
      - description: "Update permissions of service principals",
      - id: "microsoft.directory-servicePrincipals-permissions-update-patch",
      - name: "microsoft.directory/servicePrincipals/permissions/update",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/policies/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read policies of service principals",
      - id: "microsoft.directory-servicePrincipals-policies-read-get",
      - name: "microsoft.directory/servicePrincipals/policies/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/policies/update: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "update"
      },
    - permissionDetails: {6 items
      - actionVerb: "PATCH",
      - description: "Update policies of service principals",
      - id: "microsoft.directory-servicePrincipals-policies-update-patch",
      - name: "microsoft.directory/servicePrincipals/policies/update",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties of service principals",
      - id: "microsoft.directory-servicePrincipals-standard-read-get",
      - name: "microsoft.directory/servicePrincipals/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/synchronization.cloudTenantToCloudTenant/credentials/manage: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "manage"
      },
    - permissionDetails: {6 items
      - actionVerb: "POST",
      - description: "Manage cloud tenant to cloud tenant application provisioning secrets and credentials.",
      - id: "microsoft.directory-servicePrincipals-synchronization.cloudTenantToCloudTenant-credentials-manage-post",
      - name: "microsoft.directory/servicePrincipals/synchronization.cloudTenantToCloudTenant/credentials/manage",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/synchronization.cloudTenantToCloudTenant/jobs/manage: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "manage"
      },
    - permissionDetails: {6 items
      - actionVerb: "POST",
      - description: "Start, restart, and pause cloud tenant to cloud tenant application provisioning synchronization jobs.",
      - id: "microsoft.directory-servicePrincipals-synchronization.cloudTenantToCloudTenant-jobs-manage-post",
      - name: "microsoft.directory/servicePrincipals/synchronization.cloudTenantToCloudTenant/jobs/manage",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/synchronization.cloudTenantToCloudTenant/schema/manage: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "manage"
      },
    - permissionDetails: {6 items
      - actionVerb: "POST",
      - description: "Create and manage cloud tenant to cloud tenant application provisioning synchronization jobs and schema.",
      - id: "microsoft.directory-servicePrincipals-synchronization.cloudTenantToCloudTenant-schema-manage-post",
      - name: "microsoft.directory/servicePrincipals/synchronization.cloudTenantToCloudTenant/schema/manage",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/synchronization.cloudTenantToExternalSystem/credentials/manage: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "manage"
      },
    - permissionDetails: {6 items
      - actionVerb: "POST",
      - description: "Manage application provisioning secrets and credentials.",
      - id: "microsoft.directory-servicePrincipals-synchronization.cloudTenantToExternalSystem-credentials-manage-post",
      - name: "microsoft.directory/servicePrincipals/synchronization.cloudTenantToExternalSystem/credentials/manage",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/synchronization.cloudTenantToExternalSystem/jobs/manage: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "manage"
      },
    - permissionDetails: {6 items
      - actionVerb: "POST",
      - description: "Start, restart, and pause application provisioning synchronization jobs.",
      - id: "microsoft.directory-servicePrincipals-synchronization.cloudTenantToExternalSystem-jobs-manage-post",
      - name: "microsoft.directory/servicePrincipals/synchronization.cloudTenantToExternalSystem/jobs/manage",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/synchronization.cloudTenantToExternalSystem/schema/manage: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "manage"
      },
    - permissionDetails: {6 items
      - actionVerb: "POST",
      - description: "Create and manage application provisioning synchronization jobs and schema.",
      - id: "microsoft.directory-servicePrincipals-synchronization.cloudTenantToExternalSystem-schema-manage-post",
      - name: "microsoft.directory/servicePrincipals/synchronization.cloudTenantToExternalSystem/schema/manage",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/synchronization/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read provisioning settings associated with your service principal",
      - id: "microsoft.directory-servicePrincipals-synchronization-standard-read-get",
      - name: "microsoft.directory/servicePrincipals/synchronization/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/synchronizationCredentials/manage: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "manage"
      },
    - permissionDetails: {6 items
      - actionVerb: "POST",
      - description: "Manage application provisioning secrets and credentials",
      - id: "microsoft.directory-servicePrincipals-synchronizationCredentials-manage-post",
      - name: "microsoft.directory/servicePrincipals/synchronizationCredentials/manage",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/synchronizationJobs/manage: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "manage"
      },
    - permissionDetails: {6 items
      - actionVerb: "POST",
      - description: "Start, restart, and pause application provisioning synchronization jobs",
      - id: "microsoft.directory-servicePrincipals-synchronizationJobs-manage-post",
      - name: "microsoft.directory/servicePrincipals/synchronizationJobs/manage",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/synchronizationSchema/manage: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "manage"
      },
    - permissionDetails: {6 items
      - actionVerb: "POST",
      - description: "Create and manage application provisioning synchronization jobs and schema",
      - id: "microsoft.directory-servicePrincipals-synchronizationSchema-manage-post",
      - name: "microsoft.directory/servicePrincipals/synchronizationSchema/manage",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/tag/update: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "update"
      },
    - permissionDetails: {6 items
      - actionVerb: "PATCH",
      - description: "Update the tag property for service principals",
      - id: "microsoft.directory-servicePrincipals-tag-update-patch",
      - name: "microsoft.directory/servicePrincipals/tag/update",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/signInReports/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all properties on sign-in reports, including privileged properties",
      - id: "microsoft.directory-signInReports-allProperties-read-get",
      - name: "microsoft.directory/signInReports/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/subscribedSkus/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties on subscriptions",
      - id: "microsoft.directory-subscribedSkus-standard-read-get",
      - name: "microsoft.directory/subscribedSkus/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/appRoleAssignments/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read application role assignments for users",
      - id: "microsoft.directory-users-appRoleAssignments-read-get",
      - name: "microsoft.directory/users/appRoleAssignments/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/authorizationInfo/update: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "update"
      },
    - permissionDetails: {6 items
      - actionVerb: "PATCH",
      - description: "Update the multivalued Certificate user IDs property of users",
      - id: "microsoft.directory-users-authorizationInfo-update-patch",
      - name: "microsoft.directory/users/authorizationInfo/update",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/deviceForResourceAccount/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read deviceForResourceAccount of users",
      - id: "microsoft.directory-users-deviceForResourceAccount-read-get",
      - name: "microsoft.directory/users/deviceForResourceAccount/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/directReports/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read the direct reports for users",
      - id: "microsoft.directory-users-directReports-read-get",
      - name: "microsoft.directory/users/directReports/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/invitedBy/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read the user that invited an external user to a tenant",
      - id: "microsoft.directory-users-invitedBy-read-get",
      - name: "microsoft.directory/users/invitedBy/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/licenseDetails/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read license details of users",
      - id: "microsoft.directory-users-licenseDetails-read-get",
      - name: "microsoft.directory/users/licenseDetails/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/manager/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read manager of users",
      - id: "microsoft.directory-users-manager-read-get",
      - name: "microsoft.directory/users/manager/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/memberOf/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read the group memberships of users",
      - id: "microsoft.directory-users-memberOf-read-get",
      - name: "microsoft.directory/users/memberOf/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/oAuth2PermissionGrants/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read delegated permission grants on users",
      - id: "microsoft.directory-users-oAuth2PermissionGrants-read-get",
      - name: "microsoft.directory/users/oAuth2PermissionGrants/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/ownedDevices/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read owned devices of users",
      - id: "microsoft.directory-users-ownedDevices-read-get",
      - name: "microsoft.directory/users/ownedDevices/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/ownedObjects/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read owned objects of users",
      - id: "microsoft.directory-users-ownedObjects-read-get",
      - name: "microsoft.directory/users/ownedObjects/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/photo/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read photo of users",
      - id: "microsoft.directory-users-photo-read-get",
      - name: "microsoft.directory/users/photo/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/registeredDevices/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read registered devices of users",
      - id: "microsoft.directory-users-registeredDevices-read-get",
      - name: "microsoft.directory/users/registeredDevices/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/scopedRoleMemberOf/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read user's membership of a Microsoft Entra role, that is scoped to an administrative unit",
      - id: "microsoft.directory-users-scopedRoleMemberOf-read-get",
      - name: "microsoft.directory/users/scopedRoleMemberOf/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/sponsors/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read sponsors of users",
      - id: "microsoft.directory-users-sponsors-read-get",
      - name: "microsoft.directory/users/sponsors/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties on users",
      - id: "microsoft.directory-users-standard-read-get",
      - name: "microsoft.directory/users/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.office365.messageCenter/messages/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read messages in Message Center in the Microsoft 365 admin center, excluding security messages",
      - id: "microsoft.office365.messageCenter-messages-read-get",
      - name: "microsoft.office365.messageCenter/messages/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.office365.serviceHealth/allEntities/allTasks: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "allTasks"
      },
    - permissionDetails: {6 items
      - actionVerb: "n/a",
      - description: "Read and configure Service Health in the Microsoft 365 admin center",
      - id: "microsoft.office365.serviceHealth-allEntities-allTasks",
      - name: "microsoft.office365.serviceHealth/allEntities/allTasks",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.office365.supportTickets/allEntities/allTasks: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "allTasks"
      },
    - permissionDetails: {6 items
      - actionVerb: "n/a",
      - description: "Create and manage Microsoft 365 service requests",
      - id: "microsoft.office365.supportTickets-allEntities-allTasks",
      - name: "microsoft.office365.supportTickets/allEntities/allTasks",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.office365.webPortal/allEntities/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties on all resources in the Microsoft 365 admin center",
      - id: "microsoft.office365.webPortal-allEntities-standard-read-get",
      - name: "microsoft.office365.webPortal/allEntities/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  }
]

}

{

@odata.context: "https://graph.microsoft.com/v1.0/$metadata#roleManagement/directory/roleDefinitions/$entity",
id: "8ac3fc64-6eca-42ea-9e69-59f4c7b60eb2",
description: "Can manage Active Directory to Microsoft Entra cloud provisioning, Microsoft Entra Connect, and federation settings.",
displayName: "Hybrid Identity Administrator",
isBuiltIn: true,
isEnabled: true,
resourceScopes: [1 item
- "/"
],
templateId: "8ac3fc64-6eca-42ea-9e69-59f4c7b60eb2",
version: "1",
rolePermissions: [1 item
- {2 items
  - allowedResourceActions: [60 items
    - "microsoft.azure.serviceHealth/allEntities/allTasks",
    - "microsoft.azure.supportTickets/allEntities/allTasks",
    - "microsoft.directory/applications/appRoles/update",
    - "microsoft.directory/applications/audience/update",
    - "microsoft.directory/applications/authentication/update",
    - "microsoft.directory/applications/basic/update",
    - "microsoft.directory/applications/create",
    - "microsoft.directory/applications/delete",
    - "microsoft.directory/applications/notes/update",
    - "microsoft.directory/applications/owners/update",
    - "microsoft.directory/applications/permissions/update",
    - "microsoft.directory/applications/policies/update",
    - "microsoft.directory/applications/synchronization/standard/read",
    - "microsoft.directory/applications/tag/update",
    - "microsoft.directory/applicationTemplates/instantiate",
    - "microsoft.directory/auditLogs/allProperties/read",
    - "microsoft.directory/cloudProvisioning/allProperties/allTasks",
    - "microsoft.directory/deletedItems.applications/delete",
    - "microsoft.directory/deletedItems.applications/restore",
    - "microsoft.directory/domains/allProperties/read",
    - "microsoft.directory/domains/federationConfiguration/basic/update",
    - "microsoft.directory/domains/federationConfiguration/create",
    - "microsoft.directory/domains/federationConfiguration/delete",
    - "microsoft.directory/domains/federationConfiguration/standard/read",
    - "microsoft.directory/domains/federation/update",
    - "microsoft.directory/hybridAuthenticationPolicy/allProperties/allTasks",
    - "microsoft.directory/onPremisesSynchronization/basic/update",
    - "microsoft.directory/onPremisesSynchronization/standard/read",
    - "microsoft.directory/organization/dirSync/update",
    - "microsoft.directory/passwordHashSync/allProperties/allTasks",
    - "microsoft.directory/provisioningLogs/allProperties/read",
    - "microsoft.directory/servicePrincipals/appRoleAssignedTo/update",
    - "microsoft.directory/servicePrincipals/audience/update",
    - "microsoft.directory/servicePrincipals/authentication/update",
    - "microsoft.directory/servicePrincipals/basic/update",
    - "microsoft.directory/servicePrincipals/create",
    - "microsoft.directory/servicePrincipals/delete",
    - "microsoft.directory/servicePrincipals/disable",
    - "microsoft.directory/servicePrincipals/enable",
    - "microsoft.directory/servicePrincipals/notes/update",
    - "microsoft.directory/servicePrincipals/owners/update",
    - "microsoft.directory/servicePrincipals/permissions/update",
    - "microsoft.directory/servicePrincipals/policies/update",
    - "microsoft.directory/servicePrincipals/synchronization.cloudTenantToCloudTenant/credentials/manage",
    - "microsoft.directory/servicePrincipals/synchronization.cloudTenantToCloudTenant/jobs/manage",
    - "microsoft.directory/servicePrincipals/synchronization.cloudTenantToCloudTenant/schema/manage",
    - "microsoft.directory/servicePrincipals/synchronization.cloudTenantToExternalSystem/credentials/manage",
    - "microsoft.directory/servicePrincipals/synchronization.cloudTenantToExternalSystem/jobs/manage",
    - "microsoft.directory/servicePrincipals/synchronization.cloudTenantToExternalSystem/schema/manage",
    - "microsoft.directory/servicePrincipals/synchronizationCredentials/manage",
    - "microsoft.directory/servicePrincipals/synchronizationJobs/manage",
    - "microsoft.directory/servicePrincipals/synchronizationSchema/manage",
    - "microsoft.directory/servicePrincipals/synchronization/standard/read",
    - "microsoft.directory/servicePrincipals/tag/update",
    - "microsoft.directory/signInReports/allProperties/read",
    - "microsoft.directory/users/authorizationInfo/update",
    - "microsoft.office365.messageCenter/messages/read",
    - "microsoft.office365.serviceHealth/allEntities/allTasks",
    - "microsoft.office365.supportTickets/allEntities/allTasks",
    - "microsoft.office365.webPortal/allEntities/standard/read"
    ],
  - condition: null
  }
],
inheritsPermissionsFrom@odata.context: "https://graph.microsoft.com/v1.0/$metadata#roleManagement/directory/roleDefinitions('8ac3fc64-6eca-42ea-9e69-59f4c7b60eb2')/inheritsPermissionsFrom",
inheritsPermissionsFrom: [1 item
- {1 item
  - id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b"
  }
]

}

{

@odata.context: "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/roleDefinitions/$entity",
id: "8ac3fc64-6eca-42ea-9e69-59f4c7b60eb2",
assignmentMode: "allowed",
categories: "identity",
description: "Can manage Active Directory to Microsoft Entra cloud provisioning, Microsoft Entra Connect, and federation settings.",
displayName: "Hybrid Identity Administrator",
isBuiltIn: true,
isEnabled: true,
isPrivileged: true,
resourceScopes: [1 item
- "/"
],
richDescription: "Users in this role can create, manage, and deploy provisioning configuration setup from Active Directory to Microsoft Entra ID using Cloud Provisioning as well as manage federation settings. Users can also troubleshoot and monitor logs using this role.",
templateId: "8ac3fc64-6eca-42ea-9e69-59f4c7b60eb2",
version: "1",
rolePermissions: [1 item
- {2 items
  - allowedResourceActions: [60 items
    - "microsoft.azure.serviceHealth/allEntities/allTasks",
    - "microsoft.azure.supportTickets/allEntities/allTasks",
    - "microsoft.directory/applications/appRoles/update",
    - "microsoft.directory/applications/audience/update",
    - "microsoft.directory/applications/authentication/update",
    - "microsoft.directory/applications/basic/update",
    - "microsoft.directory/applications/create",
    - "microsoft.directory/applications/delete",
    - "microsoft.directory/applications/notes/update",
    - "microsoft.directory/applications/owners/update",
    - "microsoft.directory/applications/permissions/update",
    - "microsoft.directory/applications/policies/update",
    - "microsoft.directory/applications/synchronization/standard/read",
    - "microsoft.directory/applications/tag/update",
    - "microsoft.directory/applicationTemplates/instantiate",
    - "microsoft.directory/auditLogs/allProperties/read",
    - "microsoft.directory/cloudProvisioning/allProperties/allTasks",
    - "microsoft.directory/deletedItems.applications/delete",
    - "microsoft.directory/deletedItems.applications/restore",
    - "microsoft.directory/domains/allProperties/read",
    - "microsoft.directory/domains/federationConfiguration/basic/update",
    - "microsoft.directory/domains/federationConfiguration/create",
    - "microsoft.directory/domains/federationConfiguration/delete",
    - "microsoft.directory/domains/federationConfiguration/standard/read",
    - "microsoft.directory/domains/federation/update",
    - "microsoft.directory/hybridAuthenticationPolicy/allProperties/allTasks",
    - "microsoft.directory/onPremisesSynchronization/basic/update",
    - "microsoft.directory/onPremisesSynchronization/standard/read",
    - "microsoft.directory/organization/dirSync/update",
    - "microsoft.directory/passwordHashSync/allProperties/allTasks",
    - "microsoft.directory/provisioningLogs/allProperties/read",
    - "microsoft.directory/servicePrincipals/appRoleAssignedTo/update",
    - "microsoft.directory/servicePrincipals/audience/update",
    - "microsoft.directory/servicePrincipals/authentication/update",
    - "microsoft.directory/servicePrincipals/basic/update",
    - "microsoft.directory/servicePrincipals/create",
    - "microsoft.directory/servicePrincipals/delete",
    - "microsoft.directory/servicePrincipals/disable",
    - "microsoft.directory/servicePrincipals/enable",
    - "microsoft.directory/servicePrincipals/notes/update",
    - "microsoft.directory/servicePrincipals/owners/update",
    - "microsoft.directory/servicePrincipals/permissions/update",
    - "microsoft.directory/servicePrincipals/policies/update",
    - "microsoft.directory/servicePrincipals/synchronization.cloudTenantToCloudTenant/credentials/manage",
    - "microsoft.directory/servicePrincipals/synchronization.cloudTenantToCloudTenant/jobs/manage",
    - "microsoft.directory/servicePrincipals/synchronization.cloudTenantToCloudTenant/schema/manage",
    - "microsoft.directory/servicePrincipals/synchronization.cloudTenantToExternalSystem/credentials/manage",
    - "microsoft.directory/servicePrincipals/synchronization.cloudTenantToExternalSystem/jobs/manage",
    - "microsoft.directory/servicePrincipals/synchronization.cloudTenantToExternalSystem/schema/manage",
    - "microsoft.directory/servicePrincipals/synchronizationCredentials/manage",
    - "microsoft.directory/servicePrincipals/synchronizationJobs/manage",
    - "microsoft.directory/servicePrincipals/synchronizationSchema/manage",
    - "microsoft.directory/servicePrincipals/synchronization/standard/read",
    - "microsoft.directory/servicePrincipals/tag/update",
    - "microsoft.directory/signInReports/allProperties/read",
    - "microsoft.directory/users/authorizationInfo/update",
    - "microsoft.office365.messageCenter/messages/read",
    - "microsoft.office365.serviceHealth/allEntities/allTasks",
    - "microsoft.office365.supportTickets/allEntities/allTasks",
    - "microsoft.office365.webPortal/allEntities/standard/read"
    ],
  - condition: null
  }
],
inheritsPermissionsFrom@odata.context: "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/roleDefinitions('8ac3fc64-6eca-42ea-9e69-59f4c7b60eb2')/inheritsPermissionsFrom",
inheritsPermissionsFrom: [1 item
- {1 item
  - id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b"
  }
]

}

Hybrid Identity Administrator - 8ac3fc64-6eca-42ea-9e69-59f4c7b60eb2Entra Id Role definition

Hybrid Identity Administrator - 8ac3fc64-6eca-42ea-9e69-59f4c7b60eb2
Entra Id Role definition