In this blog post, I will show you how to use Microsoft.Graph PowerShell module to list all the Entra ID roles in your tenant. The Microsoft.Graph module is the recommended module for working with Entra ID and other Microsoft services, as Microsoft is not planning to invest further in the AzureAD PowerShell module. Therefore, it is advisable to move your automation scripts and tools to the Microsoft.Graph module to ensure that they continue to work in the future.
Strengthen Your Security with Entra ID Assessment
How to install Microsoft.Graph PowerShell Module
Install the module first from the PowerShell Script Gallery.
Install-Module Microsoft.Graph -Force -Verbose
After installing the Microsoft Graph PowerShell module, you can use the Connect-MgGraph cmdlet to establish a connection to the MS Graph API and access the Entra ID directory roles in your tenant. When connecting to the Microsoft Graph API, you need to specify the scope of the permissions you want to grant to your connection. In this example, we have limited the connection to the Directory.Read.All permission, which allows us to read all the directory roles in the tenant.
Once the connection has been established, we can use the Get-MgDirectoryRoleTemplate cmdlet to retrieve all the Entra ID roles in our tenant and export them as a JSON file. This cmdlet returns the role DisplayName, ID, Description
$Scopes = @(
"Directory.Read.All"
)
Connect-MgGraph -Scopes $Scopes
Get-MgDirectoryRoleTemplate |
Select-Object -Property DisplayName,Id,Description |
Sort-Object -Property DisplayName | ConvertTo-Json | Out-File "C:\Reports\AADRoles.JSON"
#Entra ID Role names and IDs on my GitHub account
$URL = "https://raw.githubusercontent.com/Kaidja/AzureActiveDirectory/main/AzureADRoles.json"
#Convert Azure AD Roles from JSON
$AADGitHubRoles = (Invoke-WebRequest -Uri $URL -UseBasicParsing).Content | ConvertFrom-Json
Please check my GitHub account to see all the script examples and Entra ID Roles.