Global Reader f2ef992c-3afb-46b9-b7cf-a126ee74c451 Microsoft Entra Id

Global Reader - f2ef992c-3afb-46b9-b7cf-a126ee74c451
Entra Id Role definition

{

id: "f2ef992c-3afb-46b9-b7cf-a126ee74c451",
displayName: "Global Reader",
description: "Can read everything that a Global Administrator can, but not update anything.",
richDescription: "Users with this role can read everything that a Global Administrator can, but not update anything.",
privileged: true,
categories: "readOnly",
permissionsTotal: 152,
operationActionsCount: 152,
permissionsDirect: 98,
permissionsInherited: true,
permissionsInheritedCount: 54,
permissionsDirectAndInheritedCount: 0,
permissionsDirectAndInherited: null,
permissionsInheritedFrom: [1 item
- {2 items
  - id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
  - displayName: "Directory Readers"
  }
],
permissionsInheritedToCount: 0,
permissionsInheritedTo: null,
permissionsConditionedCount: 0,
permissionsUnConditionedCount: 152,
permissionConditioned: [],
permissionsPrivileged: 2,
permissionsNamespacesCount: 29,
permissionsNamespaces: [29 items
- {1 item
  - microsoft.azure.serviceHealth: 1
  },
- {1 item
  - microsoft.backup: 1
  },
- {1 item
  - microsoft.cloudPC: 1
  },
- {1 item
  - microsoft.commerce.billing: 2
  },
- {1 item
  - microsoft.directory: 120
  },
- {1 item
  - microsoft.edge: 1
  },
- {1 item
  - microsoft.graph.dataConnect: 1
  },
- {1 item
  - microsoft.hardware.support: 3
  },
- {1 item
  - microsoft.insights: 1
  },
- {1 item
  - microsoft.microsoft365.organizationalData: 1
  },
- {1 item
  - microsoft.networkAccess: 1
  },
- {1 item
  - microsoft.office365.copilot: 1
  },
- {1 item
  - microsoft.office365.fileStorageContainers: 1
  },
- {1 item
  - microsoft.office365.messageCenter: 2
  },
- {1 item
  - microsoft.office365.network: 1
  },
- {1 item
  - microsoft.office365.organizationalMessages: 1
  },
- {1 item
  - microsoft.office365.protectionCenter: 1
  },
- {1 item
  - microsoft.office365.securityComplianceCenter: 1
  },
- {1 item
  - microsoft.office365.serviceHealth: 1
  },
- {1 item
  - microsoft.office365.usageReports: 1
  },
- {1 item
  - microsoft.office365.webPortal: 1
  },
- {1 item
  - microsoft.office365.yammer: 1
  },
- {1 item
  - microsoft.permissionsManagement: 1
  },
- {1 item
  - microsoft.teams: 1
  },
- {1 item
  - microsoft.virtualVisits: 1
  },
- {1 item
  - microsoft.viva.glint: 1
  },
- {1 item
  - microsoft.viva.goals: 1
  },
- {1 item
  - microsoft.viva.pulse: 1
  },
- {1 item
  - microsoft.windows.updatesDeployments: 1
  }
],
permissionActionsCount: 4,
permissionActions: [4 items
- {1 item
  - allTasks: 2
  },
- {1 item
  - other: 1
  },
- {1 item
  - read: 148
  },
- {1 item
  - restrictedRead: 1
  }
],
permissionVerbsCount: 3,
permissionVerbs: [3 items
- {1 item
  - GET: 149
  },
- {1 item
  - n/a: 2
  },
- {1 item
  - POST: 1
  }
],
permissionsConsentPolicyAppliesCount: 0,
permissionsConsentPolicies: null,
permissions: [152 items
- {1 item
  - microsoft.azure.serviceHealth/allEntities/allTasks: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "allTasks"
      },
    - permissionDetails: {6 items
      - actionVerb: "n/a",
      - description: "Read and configure Azure Service Health",
      - id: "microsoft.azure.serviceHealth-allEntities-allTasks",
      - name: "microsoft.azure.serviceHealth/allEntities/allTasks",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.backup/allEntities/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all aspects of Microsoft 365 Backup",
      - id: "microsoft.backup-allEntities-allProperties-read-get",
      - name: "microsoft.backup/allEntities/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.cloudPC/allEntities/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all aspects of Windows 365",
      - id: "microsoft.cloudPC-allEntities-allProperties-read-get",
      - name: "microsoft.cloudPC/allEntities/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.commerce.billing/allEntities/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all resources of Office 365 billing",
      - id: "microsoft.commerce.billing-allEntities-allProperties-read-get",
      - name: "microsoft.commerce.billing/allEntities/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.commerce.billing/purchases/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read purchase services in Microsoft 365 admin center.",
      - id: "microsoft.commerce.billing-purchases-standard-read-get",
      - name: "microsoft.commerce.billing/purchases/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/accessReviews/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all properties of access reviews",
      - id: "microsoft.directory-accessReviews-allProperties-read-get",
      - name: "microsoft.directory/accessReviews/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/accessReviews/definitions/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all properties of access reviews of all reviewable resources in Microsoft Entra ID",
      - id: "microsoft.directory-accessReviews-definitions-allProperties-read-get",
      - name: "microsoft.directory/accessReviews/definitions/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/adminConsentRequestPolicy/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all properties of admin consent request policies in Microsoft Entra ID",
      - id: "microsoft.directory-adminConsentRequestPolicy-allProperties-read-get",
      - name: "microsoft.directory/adminConsentRequestPolicy/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/administrativeUnits/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all properties of administrative units, including members",
      - id: "microsoft.directory-administrativeUnits-allProperties-read-get",
      - name: "microsoft.directory/administrativeUnits/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/administrativeUnits/members/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read members of administrative units",
      - id: "microsoft.directory-administrativeUnits-members-read-get",
      - name: "microsoft.directory/administrativeUnits/members/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/administrativeUnits/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties on administrative units",
      - id: "microsoft.directory-administrativeUnits-standard-read-get",
      - name: "microsoft.directory/administrativeUnits/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/appConsent/appConsentRequests/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all properties of consent requests for applications registered with Microsoft Entra ID",
      - id: "microsoft.directory-appConsent-appConsentRequests-allProperties-read-get",
      - name: "microsoft.directory/appConsent/appConsentRequests/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/applicationPolicies/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read standard properties of application policies",
      - id: "microsoft.directory-applicationPolicies-standard-read-get",
      - name: "microsoft.directory/applicationPolicies/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/applications/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all properties (including privileged properties) on all types of applications",
      - id: "microsoft.directory-applications-allProperties-read-get",
      - name: "microsoft.directory/applications/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/applications/owners/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read owners of applications",
      - id: "microsoft.directory-applications-owners-read-get",
      - name: "microsoft.directory/applications/owners/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/applications/policies/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read policies of applications",
      - id: "microsoft.directory-applications-policies-read-get",
      - name: "microsoft.directory/applications/policies/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/applications/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read standard properties of applications",
      - id: "microsoft.directory-applications-standard-read-get",
      - name: "microsoft.directory/applications/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/applications/synchronization/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read provisioning settings associated with the application object",
      - id: "microsoft.directory-applications-synchronization-standard-read-get",
      - name: "microsoft.directory/applications/synchronization/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/auditLogs/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all properties on audit logs, excluding custom security attributes audit logs",
      - id: "microsoft.directory-auditLogs-allProperties-read-get",
      - name: "microsoft.directory/auditLogs/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/authorizationPolicy/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read standard properties of authorization policy",
      - id: "microsoft.directory-authorizationPolicy-standard-read-get",
      - name: "microsoft.directory/authorizationPolicy/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/bitlockerKeys/key/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read bitlocker metadata and key on devices",
      - id: "microsoft.directory-bitlockerKeys-key-read-get",
      - name: "microsoft.directory/bitlockerKeys/key/read",
      - resourceScopeId: null,
      - isPrivileged: true
      }
    }
  },
- {1 item
  - microsoft.directory/bulkJobs/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all bulk jobs in a directory",
      - id: "microsoft.directory-bulkJobs-standard-read-get",
      - name: "microsoft.directory/bulkJobs/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/cloudAppSecurity/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all properties for Cloud app security",
      - id: "microsoft.directory-cloudAppSecurity-allProperties-read-get",
      - name: "microsoft.directory/cloudAppSecurity/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/conditionalAccessPolicies/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all properties of Conditional Access policies",
      - id: "microsoft.directory-conditionalAccessPolicies-allProperties-read-get",
      - name: "microsoft.directory/conditionalAccessPolicies/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/connectorGroups/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all properties of application proxy connector groups",
      - id: "microsoft.directory-connectorGroups-allProperties-read-get",
      - name: "microsoft.directory/connectorGroups/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/connectors/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all properties of application proxy connectors",
      - id: "microsoft.directory-connectors-allProperties-read-get",
      - name: "microsoft.directory/connectors/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/contacts/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all properties for contacts",
      - id: "microsoft.directory-contacts-allProperties-read-get",
      - name: "microsoft.directory/contacts/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/contacts/memberOf/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read the group membership for all contacts in Microsoft Entra ID",
      - id: "microsoft.directory-contacts-memberOf-read-get",
      - name: "microsoft.directory/contacts/memberOf/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/contacts/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties on contacts in Microsoft Entra ID",
      - id: "microsoft.directory-contacts-standard-read-get",
      - name: "microsoft.directory/contacts/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/contracts/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties on partner contracts",
      - id: "microsoft.directory-contracts-standard-read-get",
      - name: "microsoft.directory/contracts/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/crossTenantAccessPolicy/default/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties of the default cross-tenant access policy",
      - id: "microsoft.directory-crossTenantAccessPolicy-default-standard-read-get",
      - name: "microsoft.directory/crossTenantAccessPolicy/default/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/crossTenantAccessPolicy/partners/identitySynchronization/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties of cross-tenant sync policy",
      - id: "microsoft.directory-crossTenantAccessPolicy-partners-identitySynchronization-standard-read-get",
      - name: "microsoft.directory/crossTenantAccessPolicy/partners/identitySynchronization/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/crossTenantAccessPolicy/partners/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties of cross-tenant access policy for partners",
      - id: "microsoft.directory-crossTenantAccessPolicy-partners-standard-read-get",
      - name: "microsoft.directory/crossTenantAccessPolicy/partners/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/crossTenantAccessPolicy/partners/templates/multiTenantOrganizationIdentitySynchronization/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties of cross tenant sync policy templates for multi-tenant organization",
      - id: "microsoft.directory-crossTenantAccessPolicy-partners-templates-multiTenantOrganizationIdentitySynchronization-standard-read-get",
      - name: "microsoft.directory/crossTenantAccessPolicy/partners/templates/multiTenantOrganizationIdentitySynchronization/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/crossTenantAccessPolicy/partners/templates/multiTenantOrganizationPartnerConfiguration/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties of cross tenant access policy templates for multi-tenant organization",
      - id: "microsoft.directory-crossTenantAccessPolicy-partners-templates-multiTenantOrganizationPartnerConfiguration-standard-read-get",
      - name: "microsoft.directory/crossTenantAccessPolicy/partners/templates/multiTenantOrganizationPartnerConfiguration/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/crossTenantAccessPolicy/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties of cross-tenant access policy",
      - id: "microsoft.directory-crossTenantAccessPolicy-standard-read-get",
      - name: "microsoft.directory/crossTenantAccessPolicy/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/customAuthenticationExtensions/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read custom authentication extensions",
      - id: "microsoft.directory-customAuthenticationExtensions-allProperties-read-get",
      - name: "microsoft.directory/customAuthenticationExtensions/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/deviceLocalCredentials/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all properties of the backed up local administrator account credentials for Microsoft Entra joined devices, except the password",
      - id: "microsoft.directory-deviceLocalCredentials-standard-read-get",
      - name: "microsoft.directory/deviceLocalCredentials/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/deviceManagementPolicies/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read standard properties on mobile device management and mobile app management policies",
      - id: "microsoft.directory-deviceManagementPolicies-standard-read-get",
      - name: "microsoft.directory/deviceManagementPolicies/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/deviceRegistrationPolicy/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read standard properties on device registration policies",
      - id: "microsoft.directory-deviceRegistrationPolicy-standard-read-get",
      - name: "microsoft.directory/deviceRegistrationPolicy/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/devices/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all properties of devices",
      - id: "microsoft.directory-devices-allProperties-read-get",
      - name: "microsoft.directory/devices/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/devices/memberOf/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read device memberships",
      - id: "microsoft.directory-devices-memberOf-read-get",
      - name: "microsoft.directory/devices/memberOf/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/devices/registeredOwners/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read registered owners of devices",
      - id: "microsoft.directory-devices-registeredOwners-read-get",
      - name: "microsoft.directory/devices/registeredOwners/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/devices/registeredUsers/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read registered users of devices",
      - id: "microsoft.directory-devices-registeredUsers-read-get",
      - name: "microsoft.directory/devices/registeredUsers/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/devices/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties on devices",
      - id: "microsoft.directory-devices-standard-read-get",
      - name: "microsoft.directory/devices/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/directoryRoles/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all properties of directory roles",
      - id: "microsoft.directory-directoryRoles-allProperties-read-get",
      - name: "microsoft.directory/directoryRoles/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/directoryRoles/eligibleMembers/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read the eligible members of Microsoft Entra roles",
      - id: "microsoft.directory-directoryRoles-eligibleMembers-read-get",
      - name: "microsoft.directory/directoryRoles/eligibleMembers/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/directoryRoles/members/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all members of Microsoft Entra roles",
      - id: "microsoft.directory-directoryRoles-members-read-get",
      - name: "microsoft.directory/directoryRoles/members/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/directoryRoles/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties of Microsoft Entra roles",
      - id: "microsoft.directory-directoryRoles-standard-read-get",
      - name: "microsoft.directory/directoryRoles/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/directoryRoleTemplates/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all properties of directory role templates",
      - id: "microsoft.directory-directoryRoleTemplates-allProperties-read-get",
      - name: "microsoft.directory/directoryRoleTemplates/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/domains/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all properties of domains",
      - id: "microsoft.directory-domains-allProperties-read-get",
      - name: "microsoft.directory/domains/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/domains/federationConfiguration/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read standard properties of federation configuration for domains",
      - id: "microsoft.directory-domains-federationConfiguration-standard-read-get",
      - name: "microsoft.directory/domains/federationConfiguration/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/domains/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties on domains",
      - id: "microsoft.directory-domains-standard-read-get",
      - name: "microsoft.directory/domains/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/entitlementManagement/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all properties in Microsoft Entra entitlement management",
      - id: "microsoft.directory-entitlementManagement-allProperties-read-get",
      - name: "microsoft.directory/entitlementManagement/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/externalUserProfiles/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read standard properties of external user profiles in the extended directory for Teams",
      - id: "microsoft.directory-externalUserProfiles-standard-read-get",
      - name: "microsoft.directory/externalUserProfiles/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/groups/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all properties (including privileged properties) on Security groups and Microsoft 365 groups, including role-assignable groups",
      - id: "microsoft.directory-groups-allProperties-read-get",
      - name: "microsoft.directory/groups/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/groups/appRoleAssignments/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read application role assignments of groups",
      - id: "microsoft.directory-groups-appRoleAssignments-read-get",
      - name: "microsoft.directory/groups/appRoleAssignments/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/groups/memberOf/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read the memberOf property on Security groups and Microsoft 365 groups, including role-assignable groups",
      - id: "microsoft.directory-groups-memberOf-read-get",
      - name: "microsoft.directory/groups/memberOf/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/groups/members/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read members of Security groups and Microsoft 365 groups, including role-assignable groups",
      - id: "microsoft.directory-groups-members-read-get",
      - name: "microsoft.directory/groups/members/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/groups/owners/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read owners of Security groups and Microsoft 365 groups, including role-assignable groups",
      - id: "microsoft.directory-groups-owners-read-get",
      - name: "microsoft.directory/groups/owners/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/groups/settings/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read settings of groups",
      - id: "microsoft.directory-groups-settings-read-get",
      - name: "microsoft.directory/groups/settings/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/groups/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read standard properties of Security groups and Microsoft 365 groups, including role-assignable groups",
      - id: "microsoft.directory-groups-standard-read-get",
      - name: "microsoft.directory/groups/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/groupSettings/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all properties of group settings",
      - id: "microsoft.directory-groupSettings-allProperties-read-get",
      - name: "microsoft.directory/groupSettings/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/groupSettings/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties on group settings",
      - id: "microsoft.directory-groupSettings-standard-read-get",
      - name: "microsoft.directory/groupSettings/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/groupSettingTemplates/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all properties of group setting templates",
      - id: "microsoft.directory-groupSettingTemplates-allProperties-read-get",
      - name: "microsoft.directory/groupSettingTemplates/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/groupSettingTemplates/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties on group setting templates",
      - id: "microsoft.directory-groupSettingTemplates-standard-read-get",
      - name: "microsoft.directory/groupSettingTemplates/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/identityProtection/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all resources in Microsoft Entra ID Protection",
      - id: "microsoft.directory-identityProtection-allProperties-read-get",
      - name: "microsoft.directory/identityProtection/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/lifecycleWorkflows/workflows/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all properties of lifecycle workflows and tasks in Microsoft Entra ID",
      - id: "microsoft.directory-lifecycleWorkflows-workflows-allProperties-read-get",
      - name: "microsoft.directory/lifecycleWorkflows/workflows/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/loginOrganizationBranding/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all properties for your organization's branded sign-in page",
      - id: "microsoft.directory-loginOrganizationBranding-allProperties-read-get",
      - name: "microsoft.directory/loginOrganizationBranding/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/multiTenantOrganization/joinRequest/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read properties of a multi-tenant organization join request",
      - id: "microsoft.directory-multiTenantOrganization-joinRequest-standard-read-get",
      - name: "microsoft.directory/multiTenantOrganization/joinRequest/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/multiTenantOrganization/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties of a multi-tenant organization",
      - id: "microsoft.directory-multiTenantOrganization-standard-read-get",
      - name: "microsoft.directory/multiTenantOrganization/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/multiTenantOrganization/tenants/organizationDetails/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read organization details of a tenant participating in a multi-tenant organization",
      - id: "microsoft.directory-multiTenantOrganization-tenants-organizationDetails-read-get",
      - name: "microsoft.directory/multiTenantOrganization/tenants/organizationDetails/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/multiTenantOrganization/tenants/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties of a tenant participating in a multi-tenant organization",
      - id: "microsoft.directory-multiTenantOrganization-tenants-standard-read-get",
      - name: "microsoft.directory/multiTenantOrganization/tenants/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/namedLocations/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties of custom rules that define network locations",
      - id: "microsoft.directory-namedLocations-standard-read-get",
      - name: "microsoft.directory/namedLocations/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/oAuth2PermissionGrants/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all properties of OAuth 2.0 permission grants",
      - id: "microsoft.directory-oAuth2PermissionGrants-allProperties-read-get",
      - name: "microsoft.directory/oAuth2PermissionGrants/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/oAuth2PermissionGrants/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties on OAuth 2.0 permission grants",
      - id: "microsoft.directory-oAuth2PermissionGrants-standard-read-get",
      - name: "microsoft.directory/oAuth2PermissionGrants/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/onPremisesSynchronization/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read standard on-premises directory synchronization information",
      - id: "microsoft.directory-onPremisesSynchronization-standard-read-get",
      - name: "microsoft.directory/onPremisesSynchronization/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/organization/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all properties for an organization",
      - id: "microsoft.directory-organization-allProperties-read-get",
      - name: "microsoft.directory/organization/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/organization/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties on an organization",
      - id: "microsoft.directory-organization-standard-read-get",
      - name: "microsoft.directory/organization/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/organization/trustedCAsForPasswordlessAuth/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read trusted certificate authorities for passwordless authentication",
      - id: "microsoft.directory-organization-trustedCAsForPasswordlessAuth-read-get",
      - name: "microsoft.directory/organization/trustedCAsForPasswordlessAuth/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/pendingExternalUserProfiles/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read standard properties of external user profiles in the extended directory for Teams",
      - id: "microsoft.directory-pendingExternalUserProfiles-standard-read-get",
      - name: "microsoft.directory/pendingExternalUserProfiles/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/permissionGrantPolicies/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read standard properties of permission grant policies",
      - id: "microsoft.directory-permissionGrantPolicies-standard-read-get",
      - name: "microsoft.directory/permissionGrantPolicies/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/policies/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all properties of policies",
      - id: "microsoft.directory-policies-allProperties-read-get",
      - name: "microsoft.directory/policies/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/privilegedIdentityManagement/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all resources in Privileged Identity Management",
      - id: "microsoft.directory-privilegedIdentityManagement-allProperties-read-get",
      - name: "microsoft.directory/privilegedIdentityManagement/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/provisioningLogs/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all properties of provisioning logs",
      - id: "microsoft.directory-provisioningLogs-allProperties-read-get",
      - name: "microsoft.directory/provisioningLogs/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/roleAssignments/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all properties of role assignments",
      - id: "microsoft.directory-roleAssignments-allProperties-read-get",
      - name: "microsoft.directory/roleAssignments/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/roleAssignments/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties on role assignments",
      - id: "microsoft.directory-roleAssignments-standard-read-get",
      - name: "microsoft.directory/roleAssignments/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/roleDefinitions/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all properties of role definitions",
      - id: "microsoft.directory-roleDefinitions-allProperties-read-get",
      - name: "microsoft.directory/roleDefinitions/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/roleDefinitions/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties on role definitions",
      - id: "microsoft.directory-roleDefinitions-standard-read-get",
      - name: "microsoft.directory/roleDefinitions/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/scopedRoleMemberships/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "View members in administrative units",
      - id: "microsoft.directory-scopedRoleMemberships-allProperties-read-get",
      - name: "microsoft.directory/scopedRoleMemberships/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/serviceAction/getAvailableExtentionProperties: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "other"
      },
    - permissionDetails: {6 items
      - actionVerb: "POST",
      - description: "Can perform the getAvailableExtentionProperties service action",
      - id: "microsoft.directory-serviceAction-getAvailableExtentionProperties-post",
      - name: "microsoft.directory/serviceAction/getAvailableExtentionProperties",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipalCreationPolicies/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read standard properties of service principal creation policies",
      - id: "microsoft.directory-servicePrincipalCreationPolicies-standard-read-get",
      - name: "microsoft.directory/servicePrincipalCreationPolicies/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all properties (including privileged properties) on servicePrincipals",
      - id: "microsoft.directory-servicePrincipals-allProperties-read-get",
      - name: "microsoft.directory/servicePrincipals/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/appRoleAssignedTo/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read service principal role assignments",
      - id: "microsoft.directory-servicePrincipals-appRoleAssignedTo-read-get",
      - name: "microsoft.directory/servicePrincipals/appRoleAssignedTo/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/appRoleAssignments/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read role assignments assigned to service principals",
      - id: "microsoft.directory-servicePrincipals-appRoleAssignments-read-get",
      - name: "microsoft.directory/servicePrincipals/appRoleAssignments/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/memberOf/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read the group memberships on service principals",
      - id: "microsoft.directory-servicePrincipals-memberOf-read-get",
      - name: "microsoft.directory/servicePrincipals/memberOf/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/oAuth2PermissionGrants/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read delegated permission grants on service principals",
      - id: "microsoft.directory-servicePrincipals-oAuth2PermissionGrants-read-get",
      - name: "microsoft.directory/servicePrincipals/oAuth2PermissionGrants/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/ownedObjects/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read owned objects of service principals",
      - id: "microsoft.directory-servicePrincipals-ownedObjects-read-get",
      - name: "microsoft.directory/servicePrincipals/ownedObjects/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/owners/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read owners of service principals",
      - id: "microsoft.directory-servicePrincipals-owners-read-get",
      - name: "microsoft.directory/servicePrincipals/owners/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/policies/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read policies of service principals",
      - id: "microsoft.directory-servicePrincipals-policies-read-get",
      - name: "microsoft.directory/servicePrincipals/policies/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties of service principals",
      - id: "microsoft.directory-servicePrincipals-standard-read-get",
      - name: "microsoft.directory/servicePrincipals/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/synchronization/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read provisioning settings associated with your service principal",
      - id: "microsoft.directory-servicePrincipals-synchronization-standard-read-get",
      - name: "microsoft.directory/servicePrincipals/synchronization/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/signInReports/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all properties on sign-in reports, including privileged properties",
      - id: "microsoft.directory-signInReports-allProperties-read-get",
      - name: "microsoft.directory/signInReports/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/subscribedSkus/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all properties of product subscriptions",
      - id: "microsoft.directory-subscribedSkus-allProperties-read-get",
      - name: "microsoft.directory/subscribedSkus/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/subscribedSkus/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties on subscriptions",
      - id: "microsoft.directory-subscribedSkus-standard-read-get",
      - name: "microsoft.directory/subscribedSkus/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all properties of users",
      - id: "microsoft.directory-users-allProperties-read-get",
      - name: "microsoft.directory/users/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: true
      }
    }
  },
- {1 item
  - microsoft.directory/users/appRoleAssignments/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read application role assignments for users",
      - id: "microsoft.directory-users-appRoleAssignments-read-get",
      - name: "microsoft.directory/users/appRoleAssignments/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/authenticationMethods/standard/restrictedRead: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "restrictedRead"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read standard properties of authentication methods that do not include personally identifiable information for users",
      - id: "microsoft.directory-users-authenticationMethods-standard-restrictedRead-get",
      - name: "microsoft.directory/users/authenticationMethods/standard/restrictedRead",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/deviceForResourceAccount/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read deviceForResourceAccount of users",
      - id: "microsoft.directory-users-deviceForResourceAccount-read-get",
      - name: "microsoft.directory/users/deviceForResourceAccount/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/directReports/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read the direct reports for users",
      - id: "microsoft.directory-users-directReports-read-get",
      - name: "microsoft.directory/users/directReports/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/invitedBy/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read the user that invited an external user to a tenant",
      - id: "microsoft.directory-users-invitedBy-read-get",
      - name: "microsoft.directory/users/invitedBy/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/licenseDetails/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read license details of users",
      - id: "microsoft.directory-users-licenseDetails-read-get",
      - name: "microsoft.directory/users/licenseDetails/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/manager/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read manager of users",
      - id: "microsoft.directory-users-manager-read-get",
      - name: "microsoft.directory/users/manager/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/memberOf/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read the group memberships of users",
      - id: "microsoft.directory-users-memberOf-read-get",
      - name: "microsoft.directory/users/memberOf/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/oAuth2PermissionGrants/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read delegated permission grants on users",
      - id: "microsoft.directory-users-oAuth2PermissionGrants-read-get",
      - name: "microsoft.directory/users/oAuth2PermissionGrants/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/ownedDevices/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read owned devices of users",
      - id: "microsoft.directory-users-ownedDevices-read-get",
      - name: "microsoft.directory/users/ownedDevices/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/ownedObjects/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read owned objects of users",
      - id: "microsoft.directory-users-ownedObjects-read-get",
      - name: "microsoft.directory/users/ownedObjects/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/photo/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read photo of users",
      - id: "microsoft.directory-users-photo-read-get",
      - name: "microsoft.directory/users/photo/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/registeredDevices/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read registered devices of users",
      - id: "microsoft.directory-users-registeredDevices-read-get",
      - name: "microsoft.directory/users/registeredDevices/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/scopedRoleMemberOf/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read user's membership of a Microsoft Entra role, that is scoped to an administrative unit",
      - id: "microsoft.directory-users-scopedRoleMemberOf-read-get",
      - name: "microsoft.directory/users/scopedRoleMemberOf/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/sponsors/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read sponsors of users",
      - id: "microsoft.directory-users-sponsors-read-get",
      - name: "microsoft.directory/users/sponsors/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties on users",
      - id: "microsoft.directory-users-standard-read-get",
      - name: "microsoft.directory/users/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/verifiableCredentials/configuration/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read configuration required to create and manage verifiable credentials",
      - id: "microsoft.directory-verifiableCredentials-configuration-allProperties-read-get",
      - name: "microsoft.directory/verifiableCredentials/configuration/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/verifiableCredentials/configuration/contracts/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read a verifiable credential contract",
      - id: "microsoft.directory-verifiableCredentials-configuration-contracts-allProperties-read-get",
      - name: "microsoft.directory/verifiableCredentials/configuration/contracts/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/verifiableCredentials/configuration/contracts/cards/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read a verifiable credential card",
      - id: "microsoft.directory-verifiableCredentials-configuration-contracts-cards-allProperties-read-get",
      - name: "microsoft.directory/verifiableCredentials/configuration/contracts/cards/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.edge/allEntities/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all aspects of Microsoft Edge",
      - id: "microsoft.edge-allEntities-allProperties-read-get",
      - name: "microsoft.edge/allEntities/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.graph.dataConnect/allEntities/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read aspects of Microsoft Graph Data Connect",
      - id: "microsoft.graph.dataConnect-allEntities-allProperties-read-get",
      - name: "microsoft.graph.dataConnect/allEntities/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.hardware.support/shippingAddress/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read shipping addresses for Microsoft hardware warranty claims, including existing shipping addresses created by others",
      - id: "microsoft.hardware.support-shippingAddress-allProperties-read-get",
      - name: "microsoft.hardware.support/shippingAddress/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.hardware.support/shippingStatus/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read shipping status for open Microsoft hardware warranty claims",
      - id: "microsoft.hardware.support-shippingStatus-allProperties-read-get",
      - name: "microsoft.hardware.support/shippingStatus/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.hardware.support/warrantyClaims/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read Microsoft hardware warranty claims",
      - id: "microsoft.hardware.support-warrantyClaims-allProperties-read-get",
      - name: "microsoft.hardware.support/warrantyClaims/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.insights/allEntities/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all aspects of Viva Insights",
      - id: "microsoft.insights-allEntities-allProperties-read-get",
      - name: "microsoft.insights/allEntities/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.microsoft365.organizationalData/allEntities/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all aspects of organizational data in Microsoft 365",
      - id: "microsoft.microsoft365.organizationalData-allEntities-allProperties-read-get",
      - name: "microsoft.microsoft365.organizationalData/allEntities/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.networkAccess/allEntities/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all aspects of Entra Network Access",
      - id: "microsoft.networkAccess-allEntities-allProperties-read-get",
      - name: "microsoft.networkAccess/allEntities/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.office365.copilot/allEntities/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all settings for Microsoft 365 Copilot",
      - id: "microsoft.office365.copilot-allEntities-allProperties-read-get",
      - name: "microsoft.office365.copilot/allEntities/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.office365.fileStorageContainers/allEntities/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read entities and permissions of SharePoint Embedded containers",
      - id: "microsoft.office365.fileStorageContainers-allEntities-allProperties-read-get",
      - name: "microsoft.office365.fileStorageContainers/allEntities/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.office365.messageCenter/messages/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read messages in Message Center in the Microsoft 365 admin center, excluding security messages",
      - id: "microsoft.office365.messageCenter-messages-read-get",
      - name: "microsoft.office365.messageCenter/messages/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.office365.messageCenter/securityMessages/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read security messages in Message Center in the Microsoft 365 admin center",
      - id: "microsoft.office365.messageCenter-securityMessages-read-get",
      - name: "microsoft.office365.messageCenter/securityMessages/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.office365.network/performance/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all network performance properties in the Microsoft 365 admin center",
      - id: "microsoft.office365.network-performance-allProperties-read-get",
      - name: "microsoft.office365.network/performance/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.office365.organizationalMessages/allEntities/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all aspects of Microsoft 365 Organizational Messages",
      - id: "microsoft.office365.organizationalMessages-allEntities-allProperties-read-get",
      - name: "microsoft.office365.organizationalMessages/allEntities/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.office365.protectionCenter/allEntities/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all properties in the Security and Compliance centers",
      - id: "microsoft.office365.protectionCenter-allEntities-allProperties-read-get",
      - name: "microsoft.office365.protectionCenter/allEntities/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.office365.securityComplianceCenter/allEntities/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read standard properties in Microsoft 365 Security and Compliance Center",
      - id: "microsoft.office365.securityComplianceCenter-allEntities-read-get",
      - name: "microsoft.office365.securityComplianceCenter/allEntities/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.office365.serviceHealth/allEntities/allTasks: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "allTasks"
      },
    - permissionDetails: {6 items
      - actionVerb: "n/a",
      - description: "Read and configure Service Health in the Microsoft 365 admin center",
      - id: "microsoft.office365.serviceHealth-allEntities-allTasks",
      - name: "microsoft.office365.serviceHealth/allEntities/allTasks",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.office365.usageReports/allEntities/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read Office 365 usage reports",
      - id: "microsoft.office365.usageReports-allEntities-allProperties-read-get",
      - name: "microsoft.office365.usageReports/allEntities/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.office365.webPortal/allEntities/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties on all resources in the Microsoft 365 admin center",
      - id: "microsoft.office365.webPortal-allEntities-standard-read-get",
      - name: "microsoft.office365.webPortal/allEntities/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.office365.yammer/allEntities/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all aspects of Yammer",
      - id: "microsoft.office365.yammer-allEntities-allProperties-read-get",
      - name: "microsoft.office365.yammer/allEntities/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.permissionsManagement/allEntities/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all aspects of Entra Permissions Management",
      - id: "microsoft.permissionsManagement-allEntities-allProperties-read-get",
      - name: "microsoft.permissionsManagement/allEntities/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.teams/allEntities/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all properties of Microsoft Teams",
      - id: "microsoft.teams-allEntities-allProperties-read-get",
      - name: "microsoft.teams/allEntities/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.virtualVisits/allEntities/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all aspects of Virtual Visits",
      - id: "microsoft.virtualVisits-allEntities-allProperties-read-get",
      - name: "microsoft.virtualVisits/allEntities/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.viva.glint/allEntities/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all Microsoft Viva Glint settings in the Microsoft 365 admin center",
      - id: "microsoft.viva.glint-allEntities-allProperties-read-get",
      - name: "microsoft.viva.glint/allEntities/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.viva.goals/allEntities/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all aspects of Microsoft Viva Goals",
      - id: "microsoft.viva.goals-allEntities-allProperties-read-get",
      - name: "microsoft.viva.goals/allEntities/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.viva.pulse/allEntities/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all aspects of Microsoft Viva Pulse",
      - id: "microsoft.viva.pulse-allEntities-allProperties-read-get",
      - name: "microsoft.viva.pulse/allEntities/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.windows.updatesDeployments/allEntities/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all aspects of Windows Update Service",
      - id: "microsoft.windows.updatesDeployments-allEntities-allProperties-read-get",
      - name: "microsoft.windows.updatesDeployments/allEntities/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  }
]

}

{

@odata.context: "https://graph.microsoft.com/v1.0/$metadata#roleManagement/directory/roleDefinitions/$entity",
id: "f2ef992c-3afb-46b9-b7cf-a126ee74c451",
description: "Can read everything that a Global Administrator can, but not update anything.",
displayName: "Global Reader",
isBuiltIn: true,
isEnabled: true,
resourceScopes: [1 item
- "/"
],
templateId: "f2ef992c-3afb-46b9-b7cf-a126ee74c451",
version: "1",
rolePermissions: [1 item
- {2 items
  - allowedResourceActions: [98 items
    - "microsoft.azure.serviceHealth/allEntities/allTasks",
    - "microsoft.backup/allEntities/allProperties/read",
    - "microsoft.cloudPC/allEntities/allProperties/read",
    - "microsoft.commerce.billing/allEntities/allProperties/read",
    - "microsoft.commerce.billing/purchases/standard/read",
    - "microsoft.directory/accessReviews/allProperties/read",
    - "microsoft.directory/accessReviews/definitions/allProperties/read",
    - "microsoft.directory/adminConsentRequestPolicy/allProperties/read",
    - "microsoft.directory/administrativeUnits/allProperties/read",
    - "microsoft.directory/appConsent/appConsentRequests/allProperties/read",
    - "microsoft.directory/applications/allProperties/read",
    - "microsoft.directory/applications/synchronization/standard/read",
    - "microsoft.directory/auditLogs/allProperties/read",
    - "microsoft.directory/authorizationPolicy/standard/read",
    - "microsoft.directory/bitlockerKeys/key/read",
    - "microsoft.directory/bulkJobs/standard/read",
    - "microsoft.directory/cloudAppSecurity/allProperties/read",
    - "microsoft.directory/conditionalAccessPolicies/allProperties/read",
    - "microsoft.directory/connectorGroups/allProperties/read",
    - "microsoft.directory/connectors/allProperties/read",
    - "microsoft.directory/contacts/allProperties/read",
    - "microsoft.directory/crossTenantAccessPolicy/default/standard/read",
    - "microsoft.directory/crossTenantAccessPolicy/partners/identitySynchronization/standard/read",
    - "microsoft.directory/crossTenantAccessPolicy/partners/standard/read",
    - "microsoft.directory/crossTenantAccessPolicy/partners/templates/multiTenantOrganizationIdentitySynchronization/standard/read",
    - "microsoft.directory/crossTenantAccessPolicy/partners/templates/multiTenantOrganizationPartnerConfiguration/standard/read",
    - "microsoft.directory/crossTenantAccessPolicy/standard/read",
    - "microsoft.directory/customAuthenticationExtensions/allProperties/read",
    - "microsoft.directory/deviceLocalCredentials/standard/read",
    - "microsoft.directory/deviceManagementPolicies/standard/read",
    - "microsoft.directory/deviceRegistrationPolicy/standard/read",
    - "microsoft.directory/devices/allProperties/read",
    - "microsoft.directory/directoryRoles/allProperties/read",
    - "microsoft.directory/directoryRoleTemplates/allProperties/read",
    - "microsoft.directory/domains/allProperties/read",
    - "microsoft.directory/domains/federationConfiguration/standard/read",
    - "microsoft.directory/entitlementManagement/allProperties/read",
    - "microsoft.directory/externalUserProfiles/standard/read",
    - "microsoft.directory/groups/allProperties/read",
    - "microsoft.directory/groupSettings/allProperties/read",
    - "microsoft.directory/groupSettingTemplates/allProperties/read",
    - "microsoft.directory/identityProtection/allProperties/read",
    - "microsoft.directory/lifecycleWorkflows/workflows/allProperties/read",
    - "microsoft.directory/loginOrganizationBranding/allProperties/read",
    - "microsoft.directory/multiTenantOrganization/joinRequest/standard/read",
    - "microsoft.directory/multiTenantOrganization/standard/read",
    - "microsoft.directory/multiTenantOrganization/tenants/organizationDetails/read",
    - "microsoft.directory/multiTenantOrganization/tenants/standard/read",
    - "microsoft.directory/namedLocations/standard/read",
    - "microsoft.directory/oAuth2PermissionGrants/allProperties/read",
    - "microsoft.directory/onPremisesSynchronization/standard/read",
    - "microsoft.directory/organization/allProperties/read",
    - "microsoft.directory/pendingExternalUserProfiles/standard/read",
    - "microsoft.directory/permissionGrantPolicies/standard/read",
    - "microsoft.directory/policies/allProperties/read",
    - "microsoft.directory/privilegedIdentityManagement/allProperties/read",
    - "microsoft.directory/provisioningLogs/allProperties/read",
    - "microsoft.directory/roleAssignments/allProperties/read",
    - "microsoft.directory/roleDefinitions/allProperties/read",
    - "microsoft.directory/scopedRoleMemberships/allProperties/read",
    - "microsoft.directory/serviceAction/getAvailableExtentionProperties",
    - "microsoft.directory/servicePrincipalCreationPolicies/standard/read",
    - "microsoft.directory/servicePrincipals/allProperties/read",
    - "microsoft.directory/servicePrincipals/synchronization/standard/read",
    - "microsoft.directory/signInReports/allProperties/read",
    - "microsoft.directory/subscribedSkus/allProperties/read",
    - "microsoft.directory/users/allProperties/read",
    - "microsoft.directory/users/authenticationMethods/standard/restrictedRead",
    - "microsoft.directory/verifiableCredentials/configuration/allProperties/read",
    - "microsoft.directory/verifiableCredentials/configuration/contracts/allProperties/read",
    - "microsoft.directory/verifiableCredentials/configuration/contracts/cards/allProperties/read",
    - "microsoft.edge/allEntities/allProperties/read",
    - "microsoft.graph.dataConnect/allEntities/allProperties/read",
    - "microsoft.hardware.support/shippingAddress/allProperties/read",
    - "microsoft.hardware.support/shippingStatus/allProperties/read",
    - "microsoft.hardware.support/warrantyClaims/allProperties/read",
    - "microsoft.insights/allEntities/allProperties/read",
    - "microsoft.microsoft365.organizationalData/allEntities/allProperties/read",
    - "microsoft.networkAccess/allEntities/allProperties/read",
    - "microsoft.office365.copilot/allEntities/allProperties/read",
    - "microsoft.office365.fileStorageContainers/allEntities/allProperties/read",
    - "microsoft.office365.messageCenter/messages/read",
    - "microsoft.office365.messageCenter/securityMessages/read",
    - "microsoft.office365.network/performance/allProperties/read",
    - "microsoft.office365.organizationalMessages/allEntities/allProperties/read",
    - "microsoft.office365.protectionCenter/allEntities/allProperties/read",
    - "microsoft.office365.securityComplianceCenter/allEntities/read",
    - "microsoft.office365.serviceHealth/allEntities/allTasks",
    - "microsoft.office365.usageReports/allEntities/allProperties/read",
    - "microsoft.office365.webPortal/allEntities/standard/read",
    - "microsoft.office365.yammer/allEntities/allProperties/read",
    - "microsoft.permissionsManagement/allEntities/allProperties/read",
    - "microsoft.teams/allEntities/allProperties/read",
    - "microsoft.virtualVisits/allEntities/allProperties/read",
    - "microsoft.viva.glint/allEntities/allProperties/read",
    - "microsoft.viva.goals/allEntities/allProperties/read",
    - "microsoft.viva.pulse/allEntities/allProperties/read",
    - "microsoft.windows.updatesDeployments/allEntities/allProperties/read"
    ],
  - condition: null
  }
],
inheritsPermissionsFrom@odata.context: "https://graph.microsoft.com/v1.0/$metadata#roleManagement/directory/roleDefinitions('f2ef992c-3afb-46b9-b7cf-a126ee74c451')/inheritsPermissionsFrom",
inheritsPermissionsFrom: [1 item
- {1 item
  - id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b"
  }
]

}

{

@odata.context: "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/roleDefinitions/$entity",
id: "f2ef992c-3afb-46b9-b7cf-a126ee74c451",
assignmentMode: "allowed",
categories: "readOnly",
description: "Can read everything that a Global Administrator can, but not update anything.",
displayName: "Global Reader",
isBuiltIn: true,
isEnabled: true,
isPrivileged: true,
resourceScopes: [1 item
- "/"
],
richDescription: "Users with this role can read everything that a Global Administrator can, but not update anything.",
templateId: "f2ef992c-3afb-46b9-b7cf-a126ee74c451",
version: "1",
rolePermissions: [1 item
- {2 items
  - allowedResourceActions: [98 items
    - "microsoft.azure.serviceHealth/allEntities/allTasks",
    - "microsoft.backup/allEntities/allProperties/read",
    - "microsoft.cloudPC/allEntities/allProperties/read",
    - "microsoft.commerce.billing/allEntities/allProperties/read",
    - "microsoft.commerce.billing/purchases/standard/read",
    - "microsoft.directory/accessReviews/allProperties/read",
    - "microsoft.directory/accessReviews/definitions/allProperties/read",
    - "microsoft.directory/adminConsentRequestPolicy/allProperties/read",
    - "microsoft.directory/administrativeUnits/allProperties/read",
    - "microsoft.directory/appConsent/appConsentRequests/allProperties/read",
    - "microsoft.directory/applications/allProperties/read",
    - "microsoft.directory/applications/synchronization/standard/read",
    - "microsoft.directory/auditLogs/allProperties/read",
    - "microsoft.directory/authorizationPolicy/standard/read",
    - "microsoft.directory/bitlockerKeys/key/read",
    - "microsoft.directory/bulkJobs/standard/read",
    - "microsoft.directory/cloudAppSecurity/allProperties/read",
    - "microsoft.directory/conditionalAccessPolicies/allProperties/read",
    - "microsoft.directory/connectorGroups/allProperties/read",
    - "microsoft.directory/connectors/allProperties/read",
    - "microsoft.directory/contacts/allProperties/read",
    - "microsoft.directory/crossTenantAccessPolicy/default/standard/read",
    - "microsoft.directory/crossTenantAccessPolicy/partners/identitySynchronization/standard/read",
    - "microsoft.directory/crossTenantAccessPolicy/partners/standard/read",
    - "microsoft.directory/crossTenantAccessPolicy/partners/templates/multiTenantOrganizationIdentitySynchronization/standard/read",
    - "microsoft.directory/crossTenantAccessPolicy/partners/templates/multiTenantOrganizationPartnerConfiguration/standard/read",
    - "microsoft.directory/crossTenantAccessPolicy/standard/read",
    - "microsoft.directory/customAuthenticationExtensions/allProperties/read",
    - "microsoft.directory/deviceLocalCredentials/standard/read",
    - "microsoft.directory/deviceManagementPolicies/standard/read",
    - "microsoft.directory/deviceRegistrationPolicy/standard/read",
    - "microsoft.directory/devices/allProperties/read",
    - "microsoft.directory/directoryRoles/allProperties/read",
    - "microsoft.directory/directoryRoleTemplates/allProperties/read",
    - "microsoft.directory/domains/allProperties/read",
    - "microsoft.directory/domains/federationConfiguration/standard/read",
    - "microsoft.directory/entitlementManagement/allProperties/read",
    - "microsoft.directory/externalUserProfiles/standard/read",
    - "microsoft.directory/groups/allProperties/read",
    - "microsoft.directory/groupSettings/allProperties/read",
    - "microsoft.directory/groupSettingTemplates/allProperties/read",
    - "microsoft.directory/identityProtection/allProperties/read",
    - "microsoft.directory/lifecycleWorkflows/workflows/allProperties/read",
    - "microsoft.directory/loginOrganizationBranding/allProperties/read",
    - "microsoft.directory/multiTenantOrganization/joinRequest/standard/read",
    - "microsoft.directory/multiTenantOrganization/standard/read",
    - "microsoft.directory/multiTenantOrganization/tenants/organizationDetails/read",
    - "microsoft.directory/multiTenantOrganization/tenants/standard/read",
    - "microsoft.directory/namedLocations/standard/read",
    - "microsoft.directory/oAuth2PermissionGrants/allProperties/read",
    - "microsoft.directory/onPremisesSynchronization/standard/read",
    - "microsoft.directory/organization/allProperties/read",
    - "microsoft.directory/pendingExternalUserProfiles/standard/read",
    - "microsoft.directory/permissionGrantPolicies/standard/read",
    - "microsoft.directory/policies/allProperties/read",
    - "microsoft.directory/privilegedIdentityManagement/allProperties/read",
    - "microsoft.directory/provisioningLogs/allProperties/read",
    - "microsoft.directory/roleAssignments/allProperties/read",
    - "microsoft.directory/roleDefinitions/allProperties/read",
    - "microsoft.directory/scopedRoleMemberships/allProperties/read",
    - "microsoft.directory/serviceAction/getAvailableExtentionProperties",
    - "microsoft.directory/servicePrincipalCreationPolicies/standard/read",
    - "microsoft.directory/servicePrincipals/allProperties/read",
    - "microsoft.directory/servicePrincipals/synchronization/standard/read",
    - "microsoft.directory/signInReports/allProperties/read",
    - "microsoft.directory/subscribedSkus/allProperties/read",
    - "microsoft.directory/users/allProperties/read",
    - "microsoft.directory/users/authenticationMethods/standard/restrictedRead",
    - "microsoft.directory/verifiableCredentials/configuration/allProperties/read",
    - "microsoft.directory/verifiableCredentials/configuration/contracts/allProperties/read",
    - "microsoft.directory/verifiableCredentials/configuration/contracts/cards/allProperties/read",
    - "microsoft.edge/allEntities/allProperties/read",
    - "microsoft.graph.dataConnect/allEntities/allProperties/read",
    - "microsoft.hardware.support/shippingAddress/allProperties/read",
    - "microsoft.hardware.support/shippingStatus/allProperties/read",
    - "microsoft.hardware.support/warrantyClaims/allProperties/read",
    - "microsoft.insights/allEntities/allProperties/read",
    - "microsoft.microsoft365.organizationalData/allEntities/allProperties/read",
    - "microsoft.networkAccess/allEntities/allProperties/read",
    - "microsoft.office365.copilot/allEntities/allProperties/read",
    - "microsoft.office365.fileStorageContainers/allEntities/allProperties/read",
    - "microsoft.office365.messageCenter/messages/read",
    - "microsoft.office365.messageCenter/securityMessages/read",
    - "microsoft.office365.network/performance/allProperties/read",
    - "microsoft.office365.organizationalMessages/allEntities/allProperties/read",
    - "microsoft.office365.protectionCenter/allEntities/allProperties/read",
    - "microsoft.office365.securityComplianceCenter/allEntities/read",
    - "microsoft.office365.serviceHealth/allEntities/allTasks",
    - "microsoft.office365.usageReports/allEntities/allProperties/read",
    - "microsoft.office365.webPortal/allEntities/standard/read",
    - "microsoft.office365.yammer/allEntities/allProperties/read",
    - "microsoft.permissionsManagement/allEntities/allProperties/read",
    - "microsoft.teams/allEntities/allProperties/read",
    - "microsoft.virtualVisits/allEntities/allProperties/read",
    - "microsoft.viva.glint/allEntities/allProperties/read",
    - "microsoft.viva.goals/allEntities/allProperties/read",
    - "microsoft.viva.pulse/allEntities/allProperties/read",
    - "microsoft.windows.updatesDeployments/allEntities/allProperties/read"
    ],
  - condition: null
  }
],
inheritsPermissionsFrom@odata.context: "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/roleDefinitions('f2ef992c-3afb-46b9-b7cf-a126ee74c451')/inheritsPermissionsFrom",
inheritsPermissionsFrom: [1 item
- {1 item
  - id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b"
  }
]

}

Global Reader - f2ef992c-3afb-46b9-b7cf-a126ee74c451Entra Id Role definition

Global Reader - f2ef992c-3afb-46b9-b7cf-a126ee74c451
Entra Id Role definition