View roles assigned to a group in Azure Active Directory

This section describes how the roles assigned to a group can be viewed using Azure AD admin center. Viewing groups and assigned roles are default user permissions.

  1. Sign in to the Azure AD admin center with any non-admin or admin credentials.

  2. Select the group that you are interested in.

  3. Select Assigned roles. You can now see all the Azure AD roles assigned to this group.

    View all roles assigned to a selected group

Using PowerShell

Get object ID of the group

Get-AzureADMSGroup -SearchString "Contoso_Helpdesk_Administrators"

View role assignment to a group

Get-AzureADMSRoleAssignment -Filter "principalId eq '<object id of group>" 

Using Microsoft Graph API

Get object ID of the group

GET https://graph.microsoft.com/beta/groups?$filter=displayName+eq+'Contoso_Helpdesk_Administrator'

Get role assignments to a group

GET https://graph.microsoft.com/beta/roleManagement/directory/roleAssignments?$filter=principalId eq

Next steps