Microsoft Graph Scoped Role Memberships

Microsoft Graph Scoped Role Memberships let you programmatically assign and manage Azure AD (Microsoft Entra ID) directory roles with a limited scope to an administrative unit, rather than tenant-wide. Exposed through the scopedRoleMembership resource, these assignments delegate administrative permissions (for example, User Administrator or Helpdesk Administrator) so that the assignees authority applies only to the users, groups, or other objects contained in a specific administrative unit. This enables leastprivilege, regional or departmental delegation, supports listing and removing scoped assignments, and provides a way to audit who has which admin capabilities over which subset of the directoryall via Microsoft Graph.