Get-AzureADMSRoleDefinition

This article provides migration details from Get-AzureADMSRoleDefinition command to Microsoft Graph PowerShell.

Summary

Permissions

For the directory (Microsoft Entra ID) provider

Permission type Permissions (from least to most privileged)
Delegated (work or school account) RoleManagement.Read.Directory, Directory.Read.All, RoleManagement.ReadWrite.Directory, Directory.ReadWrite.All
Delegated (personal Microsoft account) Not supported.
Application RoleManagement.Read.Directory, Directory.Read.All, RoleManagement.ReadWrite.Directory, Directory.ReadWrite.All

For the entitlement management provider

Permission type Permissions (from least to most privileged)
Delegated (work or school account) EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All
Delegated (personal Microsoft account) Not supported.

View more details on permissions.

Property Mapping

Azure AD Name Microsoft Graph Name
All All
Filter Filter
ObjectId UnifiedRoleDefinitionId
SearchString NA
Top Top