Directory roles vs role management (unified roles) in entra id

Question

While learning the Entra ID and RBAC through graph api, I came across two terms DirectoryRole and RoleManagement. I have some questions on it.

1. What is difference between role template and role definition?
2. In the following screenshot, RoleDefinition and RoleTemplate are considered same
3. What is difference between Get-MgDirectoryRoleMember and Get-MgRoleManagementDirectoryRoleAssignment, similarity the difference between Get-MgDirectoryRole and Get-MgRoleManagementDirectoryRoleDefinition?
4. What does it mean by activated roles? How can a role be activated or deactivated in Entra ID?

Answer 1

The set of *-MgRoleManagementDirectoryRole cmdlets correspond to newer implementation, the so-called "Unified RBAC API". Take a look at the note in this article for example: https://learn.microsoft.com/en-us/graph/api/resources/directoryrole?view=graph-rest-1.0

Microsoft recommends that you use the unified RBAC API instead of this API. The unified RBAC API provides more functionality and flexibility. For more information, see unifiedRoleDefinition resource type.

The underlying role definitions/templates are the same, but the "new" API covers more scenarios, and it's the preferred method. You should focus your studies on it.

And yes, roles (templates) can be activated. It's a way for Microsoft to minimize the overhead of having 100+ Entra roles...