GUID Table for Windows Azure Active Directory Permissions


Introduction

This blog is meant to help users who need to get the Windows Azure Active Directory Permissions (WAAD) Globally Unique Identifiers (GUIDs) in order to create AAD Applications using the Microsoft Graph API, or for other reasons where they just need to get the GUID for a certain WAAD permission. For further information regarding AAD permissions please refer to the blog post : https://blogs.msdn.microsoft.com/aaddevsup/2018/05/21/finding-the-correct-permissions-for-a-microsoft-or-azure-active-directory-graph-call/

 

Note: That these GUIDs are subject to change in the future and may not be the same anymore.

Table

The Resource App ID for the Windows Azure Active Directory is : 00000002-0000-0000-c000-000000000000

GUID of Permission Permission
5778995a-e1bf-45b8-affa-663a9f3f4d04

Type : Role

Read directory data
abefe9df-d5a9-41c6-a60b-27b38eac3efb

Type : Role

Read and write domains
78c8a3c8-a07e-4b9e-af1b-b5ccab50a175

Type : Role

Read and write directory data
1138cb37-bd11-4084-a2b7-9f71582aeddb

Type : Role

Read and write devices
9728c0c4-a06b-4e0e-8d1b-3d694e8ec207

Type : Role

Read all hidden memberships
824c81eb-e3f8-4ee6-8f6d-de7f50d565b7

Type : Role

Manage apps that this app creates or owns
1cda74f2-2616-4834-b122-5cb1b07f8a59

Type : Role

Read and write all applications
aaff0dfd-0295-48b6-a5cc-9f465bc87928

Type : Role

Read and write domains
a42657d6-7f20-40e3-b6f0-cee03008a62a

Type : Scope

Access the directory as the signed-in user
5778995a-e1bf-45b8-affa-663a9f3f4d04

Type : Scope

Read directory data
78c8a3c8-a07e-4b9e-af1b-b5ccab50a175

Type : Scope

Read and write directory data
970d6fa6-214a-4a9b-8513-08fad511e2fd

type: Scope

Read and write all groups
6234d376-f627-4f0f-90e0-dff25c5211a3
type: Scope
Read all groups
c582532d-9d9e-43bd-a97c-2667a28ce295
type: Scope
Read all users' full profiles
cba73afc-7f69-4d86-8450-4978e04ecd1a
type: Scope
Read all users' basic profiles
311a71cc-e848-46a1-bdf8-97ff7156d8e6
type: Scope
Sign in and read user profile
2d05a661-f651-4d57-a595-489c91eda336
type: Scope
Read hidden memberships

 

Conclusion

If you have anymore issues in regards to this please file a support ticket and one of our support engineers will reach out to you to resolve the issue. Please include a fiddler trace of a repro of the issue occurring as well as a summary of the expected behavior versus the current behavior.

Comments (0)

Skip to main content