| title | Directory Readers |
|---|---|
| description | Directory Readers |
| ms.topic | include |
| ms.date | 01/26/2026 |
| ms.custom | include file |
Users in this role can read basic directory information. This role should be used for:
- Granting a specific set of guest users read access instead of granting it to all guest users.
- Granting a specific set of non-admin users access to Microsoft Entra admin center when "Restrict access to Microsoft Entra admin center" is set to "Yes".
- Granting service principals access to directory where Directory.Read.All is not an option.
[!div class="mx-tableFixed"]
Actions Description microsoft.directory/administrativeUnits/members/read Read members of administrative units microsoft.directory/administrativeUnits/standard/read Read basic properties on administrative units microsoft.directory/applicationPolicies/standard/read Read standard properties of application policies microsoft.directory/applications/owners/read Read owners of applications microsoft.directory/applications/policies/read Read policies of applications microsoft.directory/applications/standard/read Read standard properties of applications microsoft.directory/contacts/memberOf/read Read the group membership for all contacts in Microsoft Entra ID microsoft.directory/contacts/standard/read Read basic properties on contacts in Microsoft Entra ID microsoft.directory/contracts/standard/read Read basic properties on partner contracts microsoft.directory/devices/memberOf/read Read device memberships microsoft.directory/devices/registeredOwners/read Read registered owners of devices microsoft.directory/devices/registeredUsers/read Read registered users of devices microsoft.directory/devices/standard/read Read basic properties on devices microsoft.directory/directoryRoles/eligibleMembers/read Read the eligible members of Microsoft Entra roles microsoft.directory/directoryRoles/members/read Read all members of Microsoft Entra roles microsoft.directory/directoryRoles/standard/read Read basic properties of Microsoft Entra roles microsoft.directory/domains/standard/read Read basic properties on domains microsoft.directory/groups/appRoleAssignments/read Read application role assignments of groups microsoft.directory/groups/memberOf/read Read the memberOf property on Security groups and Microsoft 365 groups, including role-assignable groups microsoft.directory/groups/members/read Read members of Security groups and Microsoft 365 groups, including role-assignable groups microsoft.directory/groups/owners/read Read owners of Security groups and Microsoft 365 groups, including role-assignable groups microsoft.directory/groups/settings/read Read settings of groups microsoft.directory/groups/standard/read Read standard properties of Security groups and Microsoft 365 groups, including role-assignable groups microsoft.directory/groupSettings/standard/read Read basic properties on group settings microsoft.directory/groupSettingTemplates/standard/read Read basic properties on group setting templates microsoft.directory/oAuth2PermissionGrants/standard/read Read basic properties on OAuth 2.0 permission grants microsoft.directory/organization/standard/read Read basic properties on an organization microsoft.directory/organization/trustedCAsForPasswordlessAuth/read Read trusted certificate authorities for passwordless authentication microsoft.directory/roleAssignments/standard/read Read basic properties on role assignments microsoft.directory/roleDefinitions/standard/read Read basic properties on role definitions microsoft.directory/servicePrincipals/appRoleAssignedTo/read Read service principal role assignments microsoft.directory/servicePrincipals/appRoleAssignments/read Read role assignments assigned to service principals microsoft.directory/servicePrincipals/memberOf/read Read the group memberships on service principals microsoft.directory/servicePrincipals/oAuth2PermissionGrants/read Read delegated permission grants on service principals microsoft.directory/servicePrincipals/ownedObjects/read Read owned objects of service principals microsoft.directory/servicePrincipals/owners/read Read owners of service principals microsoft.directory/servicePrincipals/policies/read Read policies of service principals microsoft.directory/servicePrincipals/standard/read Read basic properties of service principals microsoft.directory/subscribedSkus/standard/read Read basic properties on subscriptions microsoft.directory/users/appRoleAssignments/read Read application role assignments for users microsoft.directory/users/deviceForResourceAccount/read Read deviceForResourceAccount of users microsoft.directory/users/directReports/read Read the direct reports for users microsoft.directory/users/invitedBy/read Read the user that invited an external user to a tenant microsoft.directory/users/licenseDetails/read Read license details of users microsoft.directory/users/manager/read Read manager of users microsoft.directory/users/memberOf/read Read the group memberships of users microsoft.directory/users/oAuth2PermissionGrants/read Read delegated permission grants on users microsoft.directory/users/ownedDevices/read Read owned devices of users microsoft.directory/users/ownedObjects/read Read owned objects of users microsoft.directory/users/photo/read Read photo of users microsoft.directory/users/registeredDevices/read Read registered devices of users microsoft.directory/users/scopedRoleMemberOf/read Read user's membership of a Microsoft Entra role, that is scoped to an administrative unit microsoft.directory/users/sponsors/read Read sponsors of users microsoft.directory/users/standard/read Read basic properties on users