List Microsoft Entra role definitions

1. Sign in to the Microsoft Entra admin center.

2. Browse to Identity > Roles & admins > Roles & admins.

   

3. Select a role name to open the role. Don't add a check mark next to the role.

   

4. Select Description to see the summary and list of permissions for the role.

   The page includes links to relevant documentation to help guide you through managing roles.

   

Follow these steps to list Microsoft Entra roles with PowerShell.

1. Open a PowerShell window. If necessary, use Install-Module to install Microsoft Graph PowerShell. For more information, see Prerequisites to use PowerShell.

   Install-Module Microsoft.Graph -Scope CurrentUser
   

2. In a PowerShell window, use Connect-MgGraph to sign in to your tenant.

   Connect-MgGraph -Environment China -ClientId 'YOUR_CLIENT_ID' -TenantId 'YOUR_TENANT_ID' -Scopes "RoleManagement.Read.All"
   

3. Use Get-MgRoleManagementDirectoryRoleDefinition to get roles.

   # Get all role definitions
   Get-MgRoleManagementDirectoryRoleDefinition
   
   # Get single role definition by ID
   Get-MgRoleManagementDirectoryRoleDefinition -UnifiedRoleDefinitionId 00000000-0000-0000-0000-000000000000
   
   # Get single role definition by templateId
   Get-MgRoleManagementDirectoryRoleDefinition -Filter "TemplateId eq 'c4e39bd9-1100-46d3-8c65-fb160da0071f'"
   
   # Get role definition by displayName
   Get-MgRoleManagementDirectoryRoleDefinition -Filter "displayName eq 'Helpdesk Administrator'"
   

4. To view the list of permissions of a role, use the following cmdlet.

   # Do this avoid truncation of the list of permissions
   $FormatEnumerationLimit = -1
   
   (Get-MgRoleManagementDirectoryRoleDefinition -Filter "displayName eq 'Conditional Access Administrator'").RolePermissions | Format-list
   

Next steps

• List Microsoft Entra role assignments
• Assign Microsoft Entra roles
• Microsoft Entra built-in roles