About

Hi folks,

Merill here 👋. I've been working with Microsoft Graph for a while now and I've seen a lot of folks struggle with understanding the permissions and the APIs that are available when they consent to an application.

While the Microsoft Graph reference page provides a summary of all the permissions, it's not easy to find out all the graph APIs for a given permission scope. As an admin, it is important to understand the permissions that an application is requesting and the APIs that it will call.

This site is an attempt to make it easier for developers, admins, and cybersecurity folks to quickly find the APIs available for a given permission scope.

How it works

This site is generated by parsing the Graph API reference docs, extracting the permissions and the APIs that are available for each permission. This information is then merged with the Microsoft Graph metadata and reference to generate the site.

An automation runs once a day to update the site with the latest Graph APIs and permissions.

A csv file containing the permissions and the APIs is also available for download.

• Permission.csv - Inventory of all the permissions, Graph APIs, permission type (delegated/app-only).

Auditing the permissions granted to applications in your tenant

If you are an admin and want to audit the permissions granted to applications in your tenant, you can run the Export-MsIdAppConsentGrantReport command.

Here's a quick demo of this command in action.

Reporting issues

Please submit feedback and any issues here or tag me on Twitter @merill or LinkedIn.

Disclaimer

This site is not affiliated with Microsoft. It's a personal project to help admins, developers and cybersecurity folks quickly find the APIs available for a given permission scope.