Microsoft Graph Role Management

Microsoft Graph Role Management provides a unified API to programmatically manage role-based access across Microsoft Entra ID (Azure AD) and supported services like Microsoft 365 and Intune. It lets you list and inspect built-in and custom role definitions, create or update custom roles, and assign roles to users, groups, or service principals at tenant-wide or resource-scoped levels. The APIs also integrate with Privileged Identity Management (PIM) for just-in-time access, enabling eligibility, time-bound assignments, approvals, activation, and auditing. With these endpoints, you can automate least-privilege governancediscover who has which permissions, manage lifecycle changes to roles and assignments, and embed RBAC operations into provisioning and compliance workflows.