| author | kengaderdus |
|---|---|
| ms.service | active-directory-b2c |
| ms.subservice | B2C |
| ms.topic | include |
| ms.date | 11/20/2023 |
| ms.author | kengaderdus |
- Under Manage, select API permissions.
- Under Configured permissions, select Add a permission.
- Select the Microsoft APIs tab, then select Microsoft Graph.
- Select Application permissions.
- Expand the appropriate permission group and select the check box of the permission to grant to your management application. For example:
- User > User.ReadWrite.All: For user migration or user management scenarios.
- Group > Group.ReadWrite.All: For creating groups, read and update group memberships, and delete groups.
- AuditLog > AuditLog.Read.All: For reading the directory's audit logs.
- Policy > Policy.ReadWrite.TrustFramework: For continuous integration/continuous delivery (CI/CD) scenarios. For example, custom policy deployment with Azure Pipelines.
- Select Add permissions. As directed, wait a few minutes before proceeding to the next step.
- Select Grant admin consent for (your tenant name).
- Sign in with an account in your Azure AD B2C tenant that has the Cloud Application Administrator role assigned to it, then select Grant admin consent for (your tenant name).
- Select Refresh, then verify that "Granted for ..." appears under Status. It might take a few minutes for the permissions to propagate.