Microsoft Entra ID Permissions

While using a Microsoft Entra ID identity store with Microsoft Entra ID, the user must have certain role assignments and application permissions on the registered app in Microsoft Entra ID.

This topic lists those roles and permissions Directory Manager needs to perform operations in a Microsoft Entra ID provider.

See the Licensing topic for additional information on Directory Manager licensing.

Graph API Application Permissions

The following application permissions are required.

Microsoft Entra ID Application Permissions - Channel

Microsoft Entra ID Application Permissions - Directory

Microsoft Entra ID Application Permissions - Group

Microsoft Entra ID Application Permissions - Mail

Microsoft Entra ID Application Permissions - User

Microsoft Entra ID Application Permissions - User Password and Phone

Office 365 Exchange Online Permissions

Microsoft Entra ID Office 365 Exchange Online Permissions - ExchangeManageAsApp

SharePoint Delegated Permissions

allsites

Graph API Application Permissions​

Office 365 Exchange Online Permissions​

SharePoint Delegated Permissions​

Graph API Application Permissions

Office 365 Exchange Online Permissions

SharePoint Delegated Permissions