Introduction
This blog is meant to help users who need to get the Windows Azure Active Directory Permissions (WAAD) Globally Unique Identifiers (GUIDs) in order to create AAD Applications using the Microsoft Graph API, or for other reasons where they just need to get the GUID for a certain WAAD permission. For further information regarding AAD permissions please refer to the blog post : https://blogs.msdn.microsoft.com/aaddevsup/2018/05/21/finding-the-correct-permissions-for-a-microsoft-or-azure-active-directory-graph-call/
Note: That these GUIDs are subject to change in the future and may not be the same anymore.
Table
The Resource App ID for the Windows Azure Active Directory is : 00000002-0000-0000-c000-000000000000
| GUID of Permission | Permission |
| 5778995a-e1bf-45b8-affa-663a9f3f4d04
Type : Role |
Read directory data |
| abefe9df-d5a9-41c6-a60b-27b38eac3efb
Type : Role |
Read and write domains |
| 78c8a3c8-a07e-4b9e-af1b-b5ccab50a175
Type : Role |
Read and write directory data |
| 1138cb37-bd11-4084-a2b7-9f71582aeddb
Type : Role |
Read and write devices |
| 9728c0c4-a06b-4e0e-8d1b-3d694e8ec207
Type : Role |
Read all hidden memberships |
| 824c81eb-e3f8-4ee6-8f6d-de7f50d565b7
Type : Role |
Manage apps that this app creates or owns |
| 1cda74f2-2616-4834-b122-5cb1b07f8a59
Type : Role |
Read and write all applications |
| aaff0dfd-0295-48b6-a5cc-9f465bc87928
Type : Role |
Read and write domains |
| a42657d6-7f20-40e3-b6f0-cee03008a62a
Type : Scope |
Access the directory as the signed-in user |
| 5778995a-e1bf-45b8-affa-663a9f3f4d04
Type : Scope |
Read directory data |
| 78c8a3c8-a07e-4b9e-af1b-b5ccab50a175
Type : Scope |
Read and write directory data |
| 970d6fa6-214a-4a9b-8513-08fad511e2fd
type: Scope |
Read and write all groups |
| 6234d376-f627-4f0f-90e0-dff25c5211a3 type: Scope |
Read all groups |
| c582532d-9d9e-43bd-a97c-2667a28ce295 type: Scope |
Read all users’ full profiles |
| cba73afc-7f69-4d86-8450-4978e04ecd1a type: Scope |
Read all users’ basic profiles |
| 311a71cc-e848-46a1-bdf8-97ff7156d8e6 type: Scope |
Sign in and read user profile |
| 2d05a661-f651-4d57-a595-489c91eda336 type: Scope |
Read hidden memberships |
Conclusion
If you have anymore issues in regards to this please file a support ticket and one of our support engineers will reach out to you to resolve the issue. Please include a fiddler trace of a repro of the issue occurring as well as a summary of the expected behavior versus the current behavior.