Microsoft Graph Directory Roles

Microsoft Graph Directory Roles provides a REST API to discover, activate, and manage Microsoft Entra ID (formerly Azure Active Directory) directory rolesthe RBAC roles that control permissions across Microsoft 365 and Entra. Through the API you can list which roles are active in a tenant, read role definitions from templates, activate builtin roles, enumerate a roles members, and add or remove assignments for users, groups, or service principals. It also supports change tracking (delta queries) to monitor role membership over time. This enables organizations to automate leastprivilege access, inventory and audit who has what permissions, and integrate role governance into provisioning and compliance workflows.