List all Entra ID Roles using PowerShell

In this blog post, I will show you how to use Microsoft.Graph PowerShell module to list all the Entra ID roles in your tenant. The Microsoft.Graph module is the recommended module for working with Entra ID and other Microsoft services, as Microsoft is not planning to invest further in the AzureAD PowerShell module. Therefore, it is advisable to move your automation scripts and tools to the Microsoft.Graph module to ensure that they continue to work in the future.

Strengthen Your Security with Entra ID Assessment

Take control of your organization's security posture with an Entra ID assessment. Identify risks, and implement effective security measures. Contact us now to schedule your assessment and protect your digital assets.

Schedule a Call

Call to Action

How to install Microsoft.Graph PowerShell Module

Install the module first from the PowerShell Script Gallery.

				
					Install-Module Microsoft.Graph -Force -Verbose

After installing the Microsoft Graph PowerShell module, you can use the Connect-MgGraph cmdlet to establish a connection to the MS Graph API and access the Entra ID directory roles in your tenant. When connecting to the Microsoft Graph API, you need to specify the scope of the permissions you want to grant to your connection. In this example, we have limited the connection to the Directory.Read.All permission, which allows us to read all the directory roles in the tenant.

Once the connection has been established, we can use the Get-MgDirectoryRoleTemplate cmdlet to retrieve all the Entra ID roles in our tenant and export them as a JSON file. This cmdlet returns the role DisplayName, ID, Description

				
					$Scopes = @(
    "Directory.Read.All"
)

Connect-MgGraph -Scopes $Scopes

Get-MgDirectoryRoleTemplate | 
    Select-Object -Property DisplayName,Id,Description | 
    Sort-Object -Property DisplayName | ConvertTo-Json | Out-File "C:\Reports\AADRoles.JSON"

Get-MgDirectoryRoleTemplate output

After storing the Entra ID directory roles on your GitHub account, you can use them to build various automation use cases. For example, you can use the following code snippet to list all the roles from GitHub and then add additional logic as needed:

				
					#Entra ID Role names and IDs on my GitHub account
$URL = "https://raw.githubusercontent.com/Kaidja/AzureActiveDirectory/main/AzureADRoles.json"
#Convert Azure AD Roles from JSON
$AADGitHubRoles = (Invoke-WebRequest -Uri $URL -UseBasicParsing).Content | ConvertFrom-Json

Please check my GitHub account to see all the script examples and Entra ID Roles.

Kaidja/EntraID: Automation around Entra ID (github.com)

Contact me

If you’re interested in learning about List all Entra ID Roles using PowerShell. I can help you understand how this solution can benefit your organization and provide a customized solution tailored to your specific needs.