azure permissions

Uncategorized

When you are in Active Directory, it will tell you what kind of Role you have:

Global admin
Billing admin
Service admin
User

MY_ROLE-Global_Admin

EPAM_ROLE-USER

I have found that apps created by Global admin can access the GRAPH API. For example, a user from the Tenant’s Active Directory signs in, and then hits the Graph API to access their user data such as first name, last name, address, email…etc.

data-received

If you are a Global Admin, and set up the app, users of this app will have permissions to view their own data.

If you are NOT a Global admin, any app you set, will not have permissions to access Graph API.