VerifiedId-Profile.Read.All
This role can read Verified Id profiles in a tenant.
Merill's Note
For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the
VerifiedId-Profile.Read.Allpermission.If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the
Export-MsIdAppConsentGrantReportcommand. See How To: Run a quick OAuth app audit of your tenant
| Category | Application | Delegated |
|---|---|---|
| Identifier | e227c591-dd64-4a8a-a033-816167f7c938 | 604b2056-41ed-4c56-aad5-1241d4ef7333 |
| DisplayText | Read Verified Id profiles | Read Verified Id profiles |
| Description | This role can read Verified Id profiles in a tenant. | This role can read Verified Id profiles in a tenant. |
| AdminConsentRequired | Yes | Yes |
Graph Methods
→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)
| Methods |
|---|
Resources
Granting this permission allows the calling application to access (and/or update) the following information in your tenant.
Graph reference: verifiedIdProfile
| Property | Type | Description |
|---|---|---|
| description | String | Description for the verified ID profile. Required. |
| faceCheckConfiguration | faceCheckConfiguration | Set of properties configuring Entra Verified ID Face Check behavior. Required. |
| id | String | Profile identifier. Inherited from entity. |
| lastModifiedDateTime | DateTimeOffset | DateTime the profile was last modified. Optional. |
| name | String | Display name for the verified ID profile. Required. |
| priority | Int32 | Defines profile processing priority if multiple profiles are configured. Optional. |
| state | verifiedIdProfileState | Enablement state for the profile. The possible values are: enabled, disabled, unknownFutureValue. Required. |
| verifierDid | String | Decentralized Identifier (DID) string that represents the verifier in the verifiable credential exchange. Required. |
| verifiedIdProfileConfiguration | verifiedIdProfileConfiguration | Set of properties expressing the accepted issuer, claims binding, and credential type. Required. |
| verifiedIdUsageConfigurations | verifiedIdUsageConfiguration collection | Collection defining the usage purpose for the profile. The possible values are: recovery, onboarding, all, unknownFutureValue. Required. |