Azure AD – Determine App Roles and Scope Permissions – A Cloud Guy (2024)

Adding a new application in Azure AD using a portal can be done with a few clicks in the ‘App Registration’ blade. Adding API permissions in this application is also not a big deal but when you are using PowerShell cmdlets like I did in this earlier blogpost, you will need to know App IDs, App Role ID and Permission Scope IDs.

These also plays a critical role while using Terraform to deploy Azure AD applications, where the required_resource_access argument in terraform azuread_application resource to set the permissions for the app being created.

If you would like to check this, you can check any of your existing Azure AD application’s manifest.

Like I said earlier, if you are creating the app via the portal, you may not need all this information but when you are going down the automation route, these values play a vital role in setting up the Azure AD applications properly.

See Also
Dach öffnet nicht / bleibt stehen, Fehlermeldung CC Freunde Forum[308cc] Reparatur Kabelbaum Klappdach CC Freunde ForumAzure AD privilege escalation - Taking over default application permissions as Application AdminVerify first-party Microsoft applications in sign-in reports - Azure

Using the Azure CLI we can get a list of all Azure AD service principals. I used the ImportExcel PowerShell module to export the list of all App IDs,

Below are some of common application IDs for some Microsoft resources. But you can find an extensive list of all the applications in the excel sheet exported with the above lines in Azure CLI.

Theaz ad sp is part of Azure CLI and not a PS cmdlet. You’ll need to have Azure CLIinstalledand doaz loginas well before running this.

See Also
Get --startvm error when I double click on icon for any of my VMs. (#18207)

In the Azure AD portal, Role permissions are displayed as Application and scope permissions are displayed as Delegated.

Role permissions are displayed in the AppRoles worksheet. Scope permissions are displayed in the ApplicationScopeIDs and DelegatedScopeIDs worksheets respectively. The worksheet ApplicationScopeIDs contains the API permissions that need admin consent, is indicated by the column type=admin and the DelegatedScopeIDs contains the API permissions that need user consent, is indicated by the column type=user.

I’ve included the output of the script with AppID = 00000003-0000-0000-c000-000000000000 (MS Graph) at the end of this post. It might help you if you are in a hurry and just needed Permissions ID of a single role or permission scope. And hope this post helped you out in one way or another. 😁

Thank you for stopping by. ✌

Scope NameIDtypeDisplayName
AccessReview.Read.Allebfcd32b-babb-40f4-a14b-42706e83bd28AdminRead all access reviews that user can access
AccessReview.ReadWrite.Alle4aa47b9-9a69-4109-82ed-36ec70d85ff1AdminManage all access reviews that user can access
AccessReview.ReadWrite.Membership5af8c3f5-baca-439a-97b0-ea58a435e269AdminManage access reviews for group and app memberships
AdministrativeUnit.Read.All3361d15d-be43-4de6-b441-3c746d05163dAdminRead administrative units
AdministrativeUnit.ReadWrite.All7b8a2d34-6b3f-4542-a343-54651608ad81AdminRead and write administrative units
Agreement.Read.Allaf2819c9-df71-4dd3-ade7-4d7c9dc653b7AdminRead all terms of use agreements
Agreement.ReadWrite.Allef4b5d93-3104-4664-9053-a5c49ab44218AdminRead and write all terms of use agreements
AgreementAcceptance.Read0b7643bb-5336-476f-80b5-18fbfbc91806AdminRead user terms of use acceptance statuses
AgreementAcceptance.Read.Alla66a5341-e66e-4897-9d52-c2df58c2bfb9AdminRead terms of use acceptance statuses that user can access
APIConnectors.Read.All1b6ff35f-31df-4332-8571-d31ea5a4893fAdminRead API connectors for authentication flows
APIConnectors.ReadWrite.Allc67b52c5-7c69-48b6-9d48-7b3af3ded914AdminRead and write API connectors for authentication flows
AppCatalog.ReadWrite.All1ca167d5-1655-44a1-8adf-1414072e1ef9AdminRead and write to all app catalogs
Application.Read.Allc79f8feb-a9db-4090-85f9-90d820caa0ebAdminRead applications
Application.ReadWrite.Allbdfbf15f-ee85-4955-8675-146e8e5296b5AdminRead and write all applications
AppRoleAssignment.ReadWrite.All84bccea3-f856-4a8a-967b-dbe0a3d53a64AdminManage app permission grants and app role assignments
Approval.Read.All1196552e-b226-4363-b01e-b8901fe10a11AdminRead approvals
Approval.ReadWrite.All1d3d0bc7-4b3a-427a-ae9f-6de4e1edc95fAdminRead and write approvals
AttackSimulation.Read.All104a7a4b-ca76-4677-b7e7-2f4bc482f381AdminRead attack simulation data of an organization
AuditLog.Read.Alle4c9e354-4dc5-45b8-9e7c-e1393b0b1a20AdminRead audit log data
AuthenticationContext.Read.All57b030f1-8c35-469c-b0d9-e4a077debe70AdminRead all authentication context information
AuthenticationContext.ReadWrite.Allba6d575a-1344-4516-b777-1404f5593057AdminRead and write all authentication context information
BitlockerKey.Read.Allb27a61ec-b99c-4d6a-b126-c4375d08ae30AdminRead BitLocker keys
BitlockerKey.ReadBasic.All5a107bfc-4f00-4e1a-b67e-66451267bc68AdminRead BitLocker keys basic information
Channel.Create101147cf-4178-4455-9d58-02b5c164e759AdminCreate channels
Channel.Delete.Allcc83893a-e232-4723-b5af-bd0b01bcfe65AdminDelete channels
ChannelMember.Read.All2eadaff8-0bce-4198-a6b9-2cfc35a30075AdminRead the members of channels
ChannelMember.ReadWrite.All0c3e411a-ce45-4cd1-8f30-f99a3efa7b11AdminAdd and remove members from channels
ChannelMessage.Read.All767156cb-16ae-4d10-8f8b-41b657c8c8c8AdminRead user channel messages
ChannelMessage.ReadWrite5922d31f-46c8-4404-9eaf-2117e390a8a4AdminRead and write user channel messages
ChannelSettings.Read.All233e0cf1-dd62-48bc-b65b-b38fe87fcf8eAdminRead the names, descriptions, and settings of channels
ChannelSettings.ReadWrite.Alld649fb7c-72b4-4eec-b2b4-b15acf79e378AdminRead and write the names, descriptions, and settings of channels
ChatMember.Readc5a9e2b1-faf6-41d4-8875-d381aa549b24AdminRead the members of chats
ChatMember.ReadWritedea13482-7ea6-488f-8b98-eb5bbecf033dAdminAdd and remove members from chats
CloudPC.ReadWrite.All9d77138f-f0e2-47ba-ab33-cd246c8b79d1AdminRead and write Cloud PCs
ConsentRequest.Read.Allf3bfad56-966e-4590-a536-82ecf548ac1eAdminRead consent requests
ConsentRequest.ReadWrite.All497d9dfa-3bd1-481a-baab-90895e54568cAdminRead and write consent requests
CrossTenantInformation.ReadBasic.All81594d25-e88e-49cf-ac8c-fecbff49f994AdminRead cross-tenant basic information
CrossTenantUserProfileSharing.Readcb1ba48f-d22b-4325-a07f-74135a62ee41AdminRead shared cross-tenant user profile and export data
CrossTenantUserProfileSharing.Read.All759dcd16-3c90-463c-937e-abf89f991c18AdminRead all shared cross-tenant user profiles and export their data
CrossTenantUserProfileSharing.ReadWriteeed0129d-dc60-4f30-8641-daf337a39ffdAdminRead shared cross-tenant user profile and export or delete data
CrossTenantUserProfileSharing.ReadWrite.All64dfa325-cbf8-48e3-938d-51224a0cac01AdminRead all shared cross-tenant user profiles and export or delete their data
CustomAuthenticationExtension.Read.Allb2052569-c98c-4f36-a5fb-43e5c111e6d0AdminRead your oganization’s custom authentication extensions
CustomAuthenticationExtension.ReadWrite.All8dfcf82f-15d0-43b3-bc78-a958a13a5792AdminRead and write your organization’s custom authentication extensions
CustomSecAttributeAssignment.Read.Allb46ffa80-fe3d-4822-9a1a-c200932d54d0AdminRead custom security attribute assignments
CustomSecAttributeAssignment.ReadWrite.Allca46335e-8453-47cd-a001-8459884efeaeAdminRead and write custom security attribute assignments
CustomSecAttributeDefinition.Read.Allce026878-a0ff-4745-a728-d4fedd086c07AdminRead custom security attribute definitions
CustomSecAttributeDefinition.ReadWrite.All8b0160d4-5743-482b-bb27-efc0a485ca4aAdminRead and write custom security attribute definitions
DelegatedAdminRelationship.Read.All0c0064ea-477b-4130-82a5-4c2cc4ff68aaAdminRead Delegated Admin relationships with customers
DelegatedAdminRelationship.ReadWrite.All885f682f-a990-4bad-a642-36736a74b0c7AdminManage Delegated Admin relationships with customers
DelegatedPermissionGrant.ReadWrite.All41ce6ca6-6826-4807-84f1-1c82854f7ee5AdminManage all delegated permission grants
Device.Read.All951183d1-1a61-466f-a6d1-1fde911bfd95AdminRead all devices
DeviceManagementApps.Read.All4edf5f54-4666-44af-9de9-0144fb4b6e8cAdminRead Microsoft Intune apps
DeviceManagementApps.ReadWrite.All7b3f05d5-f68c-4b8d-8c59-a2ecd12f24afAdminRead and write Microsoft Intune apps
DeviceManagementConfiguration.Read.Allf1493658-876a-4c87-8fa7-edb559b3476aAdminRead Microsoft Intune Device Configuration and Policies
DeviceManagementConfiguration.ReadWrite.All0883f392-0a7a-443d-8c76-16a6d39c7b63AdminRead and write Microsoft Intune Device Configuration and Policies
DeviceManagementManagedDevices.PrivilegedOperations.All3404d2bf-2b13-457e-a330-c24615765193AdminPerform user-impacting remote actions on Microsoft Intune devices
DeviceManagementManagedDevices.Read.All314874da-47d6-4978-88dc-cf0d37f0bb82AdminRead Microsoft Intune devices
DeviceManagementManagedDevices.ReadWrite.All44642bfe-8385-4adc-8fc6-fe3cb2c375c3AdminRead and write Microsoft Intune devices
DeviceManagementRBAC.Read.All49f0cc30-024c-4dfd-ab3e-82e137ee5431AdminRead Microsoft Intune RBAC settings
DeviceManagementRBAC.ReadWrite.All0c5e8a55-87a6-4556-93ab-adc52c4d862dAdminRead and write Microsoft Intune RBAC settings
DeviceManagementServiceConfig.Read.All8696daa5-bce5-4b2e-83f9-51b6defc4e1eAdminRead Microsoft Intune configuration
DeviceManagementServiceConfig.ReadWrite.All662ed50a-ac44-4eef-ad86-62eed9be2a29AdminRead and write Microsoft Intune configuration
Directory.AccessAsUser.All0e263e50-5827-48a4-b97c-d940288653c7AdminAccess directory as the signed in user
Directory.Read.All06da0dbc-49e2-44d2-8312-53f166ab848aAdminRead directory data
Directory.ReadWrite.Allc5366453-9fb0-48a5-a156-24f0c49a4b84AdminRead and write directory data
Directory.Write.Restrictedcba5390f-ed6a-4b7f-b657-0efc2210ed20AdminManage restricted resources in the directory
DirectoryRecommendations.Read.All34d3bd24-f6a6-468c-b67c-0c365c1d6410AdminRead Azure AD recommendations
DirectoryRecommendations.ReadWrite.Allf37235e8-90a0-4189-93e2-e55b53867ccdAdminRead and update Azure AD recommendations
Domain.Read.All2f9ee017-59c1-4f1d-9472-bd5529a7b311AdminRead domains.
Domain.ReadWrite.All0b5d694c-a244-4bde-86e6-eb5cd07730feAdminRead and write domains
eDiscovery.Read.All99201db3-7652-4d5a-809a-bdb94f85fe3cAdminRead all eDiscovery objects
eDiscovery.ReadWrite.Allacb8f680-0834-4146-b69e-4ab1b39745adAdminRead and write all eDiscovery objects
EduAdministration.Read8523895c-6081-45bf-8a5d-f062a2f12c9fAdminRead education app settings
EduAdministration.ReadWrite63589852-04e3-46b4-bae9-15d5b1050748AdminManage education app settings
EduAssignments.Read091460c9-9c4a-49b2-81ef-1f3d852acce2AdminRead users’ class assignments and their grades
EduAssignments.ReadBasicc0b0103b-c053-4b2e-9973-9f3a544ec9b8AdminRead users’ class assignments without grades
EduAssignments.ReadWrite2f233e90-164b-4501-8bce-31af2559a2d3AdminRead and write users’ class assignments and their grades
EduAssignments.ReadWriteBasic2ef770a1-622a-47c4-93ee-28d6adbed3a0AdminRead and write users’ class assignments without grades
EduRoster.Reada4389601-22d9-4096-ac18-36a927199112AdminRead users’ view of the roster
EduRoster.ReadBasic5d186531-d1bf-4f07-8cea-7c42119e1bd9AdminRead a limited subset of users’ view of the roster
EduRoster.ReadWrite359e19a6-e3fa-4d7f-bcab-d28ec592b51eAdminRead and write users’ view of the roster
EntitlementManagement.Read.All5449aa12-1393-4ea2-a7c7-d0e06c1a56b2AdminRead all entitlement management resources
EntitlementManagement.ReadWrite.Allae7a573d-81d7-432b-ad44-4ed5c9d89038AdminRead and write entitlement management resources
EventListener.Read.Allf7dd3bed-5eec-48da-bc73-1c0ef50bc9a1AdminRead your organization’s authentication event listeners
EventListener.ReadWrite.Alld11625a6-fe21-4fc6-8d3d-063eba5525adAdminRead and write your organization’s authentication event listeners
ExternalConnection.Read.Alla38267a5-26b6-4d76-9493-935b7599116bAdminRead all external connections
ExternalConnection.ReadWrite.Allbbbbd9b3-3566-4931-ac37-2b2180d9e334AdminRead and write all external connections
ExternalConnection.ReadWrite.OwnedBy4082ad95-c812-4f02-be92-780c4c4f1830AdminRead and write external connections
ExternalItem.Read.All922f9392-b1b7-483c-a4be-0089be7704fbAdminRead items in external datasets
ExternalItem.ReadWrite.Allb02c54f8-eb48-4c50-a9f0-a149e5a2012fAdminRead and write all external items
ExternalItem.ReadWrite.OwnedBy4367b9d7-cee7-4995-853c-a0bdfe95c1f9AdminRead and write external items
Group.Read.All5f8c59db-677d-491f-a6b8-5f174b11ec1dAdminRead all groups
Group.ReadWrite.All4e46008b-f24c-477d-8fff-7bb4ec7aafe0AdminRead and write all groups
GroupMember.Read.Allbc024368-1153-4739-b217-4326f2e966d0AdminRead group memberships
GroupMember.ReadWrite.Allf81125ac-d3b7-4573-a3b2-7099cc39df9eAdminRead and write group memberships
IdentityProvider.Read.All43781733-b5a7-4d1b-98f4-e8edff23e1a9AdminRead identity providers
IdentityProvider.ReadWrite.Allf13ce604-1677-429f-90bd-8a10b9f01325AdminRead and write identity providers
IdentityRiskEvent.Read.All8f6a01e7-0391-4ee5-aa22-a3af122cef27AdminRead identity risk event information
IdentityRiskEvent.ReadWrite.All9e4862a5-b68f-479e-848a-4e07e25c9916AdminRead and write risk event information
IdentityRiskyServicePrincipal.Read.Allea5c4ab0-5a73-4f35-8272-5d5337884e5dAdminRead all identity risky service principal information
IdentityRiskyServicePrincipal.ReadWrite.Allbb6f654c-d7fd-4ae3-85c3-fc380934f515AdminRead and write all identity risky service principal information
IdentityRiskyUser.Read.Alld04bb851-cb7c-4146-97c7-ca3e71baf56cAdminRead identity risky user information
IdentityRiskyUser.ReadWrite.Alle0a7cdbb-08b0-4697-8264-0069786e9674AdminRead and write risky user information
IdentityUserFlow.Read.All2903d63d-4611-4d43-99ce-a33f3f52e343AdminRead all identity user flows
IdentityUserFlow.ReadWrite.All281892cc-4dbf-4e3a-b6cc-b21029bb4e82AdminRead and write all identity user flows
LearningContent.Read.Allea4c1fd9-6a9f-4432-8e5d-86e06cc0da77AdminRead learning content
LearningContent.ReadWrite.All53cec1c4-a65f-4981-9dc1-ad75dbf1c077AdminManagelearningcontent
LearningProvider.Readdd8ce36f-9245-45ea-a99e-8ac398c22861AdminRead learning provider
LearningProvider.ReadWrite40c2eb57-abaf-49f5-9331-e90fd01f7130AdminManagelearningprovider
LicenseAssignment.ReadWrite.Allf55016cc-149c-447e-8f21-7cf3ec1d6350AdminManage all license assignments
LifecycleWorkflows.Read.All9bcb9916-765a-42af-bf77-02282e26b01aAdminRead all lifecycle workflows resources
LifecycleWorkflows.ReadWrite.All84b9d731-7db8-4454-8c90-fd9e95350179AdminRead and write all lifecycle workflows resources
ManagedTenants.Read.Alldc34164e-6c4a-41a0-be89-3ae2fbad7cd3AdminRead all managed tenant information
ManagedTenants.ReadWrite.Allb31fa710-c9b3-4d9e-8f5e-8036eecddab9AdminRead and write all managed tenant information
Member.Read.Hiddenf6a3db3e-f7e8-4ed2-a414-557c8c9830beAdminRead hidden memberships
OnlineMeetingRecording.Read.All190c2bb6-1fdd-4fec-9aa2-7d571b5e1fe3AdminRead all recordings of online meetings.
OnlineMeetingTranscript.Read.All30b87d18-ebb1-45db-97f8-82ccb1f0190cAdminRead all transcripts of online meetings.
OnPremisesPublishingProfiles.ReadWrite.All8c4d5184-71c2-4bf8-bb9d-bc3378c9ad42AdminManage on-premises published resources
Organization.Read.All4908d5b9-3fb2-4b1e-9336-1888b7937185AdminRead organization information
Organization.ReadWrite.All46ca0847-7e6b-426e-9775-ea810a948356AdminRead and write organization information
OrgContact.Read.All08432d1b-5911-483c-86df-7980af5cdee0AdminRead organizational contacts
People.Read.Allb89f9189-71a5-4e70-b041-9887f0bc7e4aAdminRead all users’ relevant people lists
Place.Read.Allcb8f45a0-5c2e-4ea1-b803-84b870a7d7ecAdminRead all company places
Place.ReadWrite.All4c06a06a-098a-4063-868e-5dfee3827264AdminRead and write organization places
Policy.Read.All572fea84-0151-49b2-9301-11cb16974376AdminRead your organization’s policies
Policy.Read.PermissionGrant414de6ea-2d92-462f-b120-6e2a809a6d01AdminRead consent and permission grant policies
Policy.ReadWrite.AccessReview4f5bc9c8-ea54-4772-973a-9ca119cb0409AdminRead and write your organization’s directory access review default policy
Policy.ReadWrite.ApplicationConfigurationb27add92-efb2-4f16-84f5-8108ba77985cAdminRead and write your organization’s application configuration policies
Policy.ReadWrite.AuthenticationFlowsedb72de9-4252-4d03-a925-451deef99db7AdminRead and write authentication flow policies
Policy.ReadWrite.AuthenticationMethod7e823077-d88e-468f-a337-e18f1f0e6c7cAdminRead and write authentication method policies
Policy.ReadWrite.Authorizationedd3c878-b384-41fd-95ad-e7407dd775beAdminRead and write your organization’s authorization policy
Policy.ReadWrite.ConditionalAccessad902697-1014-4ef5-81ef-2b4301988e8cAdminRead and write your organization’s conditional access policies
Policy.ReadWrite.ConsentRequest4d135e65-66b8-41a8-9f8b-081452c91774AdminRead and write consent request policy
Policy.ReadWrite.CrossTenantAccess014b43d0-6ed4-4fc6-84dc-4b6f7bae7d85AdminRead and write your organization’s cross tenant access policies
Policy.ReadWrite.DeviceConfiguration40b534c3-9552-4550-901b-23879c90bcf9AdminRead and write your organization’s device configuration policies
Policy.ReadWrite.FeatureRollout92a38652-f13b-4875-bc77-6e1dbb63e1b2AdminRead and write your organization’s feature rollout policies
Policy.ReadWrite.MobilityManagementa8ead177-1889-4546-9387-f25e658e2a79AdminRead and write your organization’s mobility management policies
Policy.ReadWrite.PermissionGrant2672f8bb-fd5e-42e0-85e1-ec764dd2614eAdminManage consent and permission grant policies
Policy.ReadWrite.TrustFrameworkcefba324-1a70-4a6e-9c1d-fd670b7ae392AdminRead and write your organization’s trust framework policies
PrintConnector.Read.Alld69c2d6d-4f72-4f99-a6b9-663e32f8cf68AdminRead print connectors
PrintConnector.ReadWrite.All79ef9967-7d59-4213-9c64-4b10687637d8AdminRead and write print connectors
Printer.Create90c30bed-6fd1-4279-bf39-714069619721AdminRegister printers
Printer.FullControl.All93dae4bd-43a1-4a23-9a1a-92957e1d9121AdminRegister, read, update, and unregister printers
Printer.Read.All3a736c8a-018e-460a-b60c-863b2683e8bfAdminRead printers
Printer.ReadWrite.All89f66824-725f-4b8f-928e-e1c5258dc565AdminRead and update printers
PrinterShare.ReadWrite.All06ceea37-85e2-40d7-bec3-91337a46038fAdminRead and write printer shares
PrintJob.Read.Allafdd6933-a0d8-40f7-bd1a-b5d778e8624bAdminRead print jobs
PrintJob.ReadBasic.All04ce8d60-72ce-4867-85cf-6d82f36922f3AdminRead basic information of print jobs
PrintJob.ReadWrite.All036b9544-e8c5-46ef-900a-0646cc42b271AdminRead and write print jobs
PrintJob.ReadWriteBasic.All3a0db2f6-0d2a-4c19-971b-49109b19ad3dAdminRead and write basic information of print jobs
PrintSettings.Read.All490f32fd-d90f-4dd7-a601-ff6cdc1a3f6cAdminRead tenant-wide print settings
PrintSettings.ReadWrite.All9ccc526a-c51c-4e5c-a1fd-74726ef50b8fAdminRead and write tenant-wide print settings
PrivilegedAccess.Read.AzureADb3a539c9-59cb-4ad5-825a-041ddbdc2bdbAdminRead privileged access to Azure AD
PrivilegedAccess.Read.AzureADGroupd329c81c-20ad-4772-abf9-3f6fdb7e5988AdminRead privileged access to Azure AD groups
PrivilegedAccess.Read.AzureResources1d89d70c-dcac-4248-b214-903c457af83aAdminRead privileged access to Azure resources
PrivilegedAccess.ReadWrite.AzureAD3c3c74f5-cdaa-4a97-b7e0-4e788bfcfb37AdminRead and write privileged access to Azure AD
PrivilegedAccess.ReadWrite.AzureADGroup32531c59-1f32-461f-b8df-6f8a3b89f73bAdminRead and write privileged access to Azure AD groups
PrivilegedAccess.ReadWrite.AzureResourcesa84a9652-ffd3-496e-a991-22ba5529156aAdminRead and write privileged access to Azure resources
ProgramControl.Read.Allc492a2e1-2f8f-4caa-b076-99bbf6e40fe4AdminRead all programs that user can access
ProgramControl.ReadWrite.All50fd364f-9d93-4ae1-b170-300e87cccf84AdminManage all programs that user can access
RecordsManagement.Read.All07f995eb-fc67-4522-ad66-2b8ca8ea3efdAdminRead Records Management configuration,labels, and policies
RecordsManagement.ReadWrite.Allf2833d75-a4e6-40ab-86d4-6dfe73c97605AdminRead and write Records Management configuration, labels, and policies
Reports.Read.All02e97553-ed7b-43d0-ab3c-f8bace0d040cAdminRead all usage reports
ReportSettings.Read.All84fac5f4-33a9-4100-aa38-a20c6d29e5e7AdminRead admin report settings
ReportSettings.ReadWrite.Allb955410e-7715-4a88-a940-dfd551018df3AdminRead and write admin report settings
RoleAssignmentSchedule.Read.Directory344a729c-0285-42c6-9014-f12b9b8d6129AdminRead all active role assignments for your company’s directory
RoleAssignmentSchedule.ReadWrite.Directory8c026be3-8e26-4774-9372-8d5d6f21daffAdminRead, update, and delete all active role assignments for your company’s directory
RoleEligibilitySchedule.Read.Directoryeb0788c2-6d4e-4658-8c9e-c0fb8053f03dAdminRead all eligible role assignments for your company’s directory
RoleEligibilitySchedule.ReadWrite.Directory62ade113-f8e0-4bf9-a6ba-5acb31db32fdAdminRead, update, and delete all eligible role assignments for your company’s directory
RoleManagement.Read.All48fec646-b2ba-4019-8681-8eb31435adedAdminRead role management data for all RBAC providers
RoleManagement.Read.CloudPC9619b88a-8a25-48a7-9571-d23be0337a79AdminRead Cloud PC RBAC settings
RoleManagement.Read.Directory741c54c3-0c1e-44a1-818b-3f97ab4e8c83AdminRead directory RBAC settings
RoleManagement.ReadWrite.CloudPC501d06f8-07b8-4f18-b5c6-c191a4af7a82AdminRead and write Cloud PC RBAC settings
RoleManagement.ReadWrite.Directoryd01b97e9-cbc0-49fe-810a-750afd5527a3AdminRead and write directory RBAC settings
RoleManagementPolicy.Read.Directory3de2cdbe-0ff5-47d5-bdee-7f45b4749eadAdminRead all policies for privileged role assignments of your company’s directory
RoleManagementPolicy.ReadWrite.Directory1ff1be21-34eb-448c-9ac9-ce1f506b2a68AdminRead, update, and delete all policies for privileged role assignments of your company’s directory
Schedule.Read.Allfccf6dd8-5706-49fa-811f-69e2e1b585d0AdminRead user schedule items
Schedule.ReadWrite.All63f27281-c9d9-4f29-94dd-6942f7f1feb0AdminRead and write user schedule items
SearchConfiguration.Read.All7d307522-aa38-4cd0-bd60-90c6f0ac50bdAdminRead your organization’s search configuration
SearchConfiguration.ReadWrite.Allb1a7d408-cab0-47d2-a2a5-a74a3733600dAdminRead and write your organization’s search configuration
SecurityActions.Read.All1638cddf-07a4-4de2-8645-69c96cacad73AdminRead your organization’s security actions
SecurityActions.ReadWrite.Alldc38509c-b87d-4da0-bd92-6bec988bac4aAdminRead and update your organization’s security actions
SecurityAlert.Read.Allbc257fb8-46b4-4b15-8713-01e91bfbe4eaAdminRead all security alerts
SecurityAlert.ReadWrite.All471f2a7f-2a42-4d45-a2bf-594d0838070dAdminRead and write to all security alerts
SecurityEvents.Read.All64733abd-851e-478a-bffb-e47a14b18235AdminRead your organizations security events
SecurityEvents.ReadWrite.All6aedf524-7e1c-45a7-bd76-ded8cab8d0fcAdminRead and update your organizations security events
SecurityIncident.Read.Allb9abcc4f-94fc-4457-9141-d20ce80ec952AdminRead incidents
SecurityIncident.ReadWrite.All128ca929-1a19-45e6-a3b8-435ec44a36baAdminRead and write to incidents
ServiceHealth.Read.All55896846-df78-47a7-aa94-8d3d4442ca7fAdminRead service health
ServiceMessage.Read.Alleda39fa6-f8cf-4c3c-a909-432c683e4c9bAdminRead service announcement messages
ServiceMessageViewpoint.Write636e1b0b-1cc2-4b1c-9aa9-4eeed9b9761bAdminUpdate user status on service announcement messages
ServicePrincipalEndpoint.Read.All9f9ce928-e038-4e3b-8faf-7b59049a8ddcAdminRead service principal endpoints
ServicePrincipalEndpoint.ReadWrite.All7297d82c-9546-4aed-91df-3d4f0a9b3ff0AdminRead and update service principal endpoints
SharePointTenantSettings.Read.All2ef70e10-5bfd-4ede-a5f6-67720500b258AdminRead SharePoint and OneDrive tenant settings
SharePointTenantSettings.ReadWrite.Allaa07f155-3612-49b8-a147-6c590df35536AdminRead and change SharePoint and OneDrive tenant settings
Sites.FullControl.All5a54b8b3-347c-476d-8f8e-42d5c7424d29AdminHave full control of all site collections
SubjectRightsRequest.Read.All9c3af74c-fd0f-4db4-b17a-71939e2a9d77AdminRead subject rights requests
SubjectRightsRequest.ReadWrite.All2b8fcc74-bce1-4ae3-a0e8-60c53739299dAdminRead and write subject rights requests
Subscription.Read.All5f88184c-80bb-4d52-9ff2-757288b2e9b7AdminRead all webhook subscriptions
TeamMember.Read.All2497278c-d82d-46a2-b1ce-39d4cdde5570AdminRead the members of teams
TeamMember.ReadWrite.All4a06efd2-f825-4e34-813e-82a57b03d1eeAdminAdd and remove members from teams
TeamMember.ReadWriteNonOwnerRole.All2104a4db-3a2f-4ea0-9dba-143d457dc666AdminAdd and remove members with non-owner role for all teams
TeamsAppInstallation.ReadForTeam5248dcb1-f83b-4ec3-9f4d-a4428a961a72AdminRead installed Teams apps in teams
TeamsAppInstallation.ReadWriteForChataa85bf13-d771-4d5d-a9e6-bca04ce44edfAdminManage installed Teams apps in chats
TeamsAppInstallation.ReadWriteForTeam2e25a044-2580-450d-8859-42eeb6e996c0AdminManage installed Teams apps in teams
TeamsAppInstallation.ReadWriteForUser093f8818-d05f-49b8-95bc-9d2a73e9a43cAdminManage user’s installed Teams apps
TeamsAppInstallation.ReadWriteSelfForChat0ce33576-30e8-43b7-99e5-62f8569a4002AdminAllow the Teams app to manage itself in chats
TeamsAppInstallation.ReadWriteSelfForTeam0f4595f7-64b1-4e13-81bc-11a249df07a9AdminAllow the app to manage itself in teams
TeamSettings.Read.All48638b3c-ad68-4383-8ac4-e6880ee6ca57AdminRead teams’ settings
TeamSettings.ReadWrite.All39d65650-9d3e-4223-80db-a335590d027eAdminRead and change teams’ settings
TeamsTab.Createa9ff19c2-f369-4a95-9a25-ba9d460efc8eAdminCreate tabs in Microsoft Teams.
TeamsTab.Read.All59dacb05-e88d-4c13-a684-59f1afc8cc98AdminRead tabs in Microsoft Teams.
TeamsTab.ReadWrite.Allb98bfd41-87c6-45cc-b104-e2de4f0dafb9AdminRead and write tabs in Microsoft Teams.
TeamsTab.ReadWriteForChatee928332-e9c2-4747-b4a0-f8c164b68de6AdminAllow the Teams app to manage all tabs in chats
TeamsTab.ReadWriteForTeamc975dd04-a06e-4fbb-9704-62daad77bb49AdminAllow the Teams app to manage all tabs in teams
TeamsTab.ReadWriteSelfForChat0c219d04-3abf-47f7-912d-5cca239e90e6AdminAllow the Teams app to manage only its own tabs in chats
TeamsTab.ReadWriteSelfForTeamf266662f-120a-4314-b26a-99b08617c7efAdminAllow the Teams app to manage only its own tabs in teams
TeamworkDevice.Read.Allb659488b-9d28-4208-b2be-1c6652b3c970AdminRead Teams devices
TeamworkDevice.ReadWrite.Allddd97ecb-5c31-43db-a235-0ee20e635c40AdminRead and write Teams devices
TeamworkTag.Read57587d0b-8399-45be-b207-8050cec54575AdminRead tags in Teams
TeamworkTag.ReadWrite539dabd7-b5b6-4117-b164-d60cd15a8671AdminRead and write tags in Teams
TermStore.Read.All297f747b-0005-475b-8fef-c890f5152b38AdminRead term store data
TermStore.ReadWrite.All6c37c71d-f50f-4bff-8fd3-8a41da390140AdminRead and write term store data
ThreatAssessment.ReadWrite.Allcac97e40-6730-457d-ad8d-4852fddab7adAdminRead and write threat assessment requests
ThreatHunting.Read.Allb152eca8-ea73-4a48-8c98-1a6742673d99AdminRun hunting queries
ThreatIndicators.Read.All9cc427b4-2004-41c5-aa22-757b755e9796AdminRead all threat indicators
ThreatIndicators.ReadWrite.OwnedBy91e7d36d-022a-490f-a748-f8e011357b42AdminManage threat indicators this app creates or owns
ThreatSubmission.Read.All7083913a-4966-44b6-9886-c5822a5fd910AdminRead all threat submissions
ThreatSubmission.ReadWrite.All8458e264-4eb9-4922-abe9-768d58f13c7fAdminRead and write all threat submissions
ThreatSubmissionPolicy.ReadWrite.All059e5840-5353-4c68-b1da-666a033fc5e8AdminRead and write all threat submission policies
TrustFrameworkKeySet.Read.All7ad34336-f5b1-44ce-8682-31d7dfcd9ab9AdminRead trust framework key sets
TrustFrameworkKeySet.ReadWrite.All39244520-1e7d-4b4a-aee0-57c65826e427AdminRead and write trust framework key sets
UnifiedGroupMember.Read.AsGuest73e75199-7c3e-41bb-9357-167164dbb415AdminRead unified group memberships as guest
User.Export.All405a51b5-8d8d-430b-9842-8be4b0e9f324AdminExport user’s data
User.Invite.All63dd7cd9-b489-4adf-a28c-ac38b9a0f962AdminInvite guest users to the organization
User.ManageIdentities.All637d7bec-b31e-4deb-acc9-24275642a2c9AdminManage user identities
User.Read.Alla154be20-db9c-4678-8ab7-66f6cc099a59AdminRead all users’ full profiles
User.ReadWrite.All204e0828-b5ca-4ad8-b9f3-f32a958e7cc4AdminRead and write all users’ full profiles
UserAuthenticationMethod.Read1f6b61c5-2f65-4135-9c9f-31c0f8d32b52AdminRead user authentication methods.
UserAuthenticationMethod.Read.Allaec28ec7-4d02-4e8c-b864-50163aea77ebAdminRead all users’ authentication methods
UserAuthenticationMethod.ReadWrite48971fc1-70d7-4245-af77-0beb29b53ee2AdminRead and write user authentication methods
UserAuthenticationMethod.ReadWrite.Allb7887744-6746-4312-813d-72daeaee7e2dAdminRead and write all users’ authentication methods.
WindowsUpdates.ReadWrite.All11776c0c-6138-4db3-a668-ee621bea2555AdminRead and write all Windows update deployment settings
WorkforceIntegration.Read.Allf1ccd5a7-6383-466a-8db8-1a656f7d06faAdminRead workforce integrations
WorkforceIntegration.ReadWrite.All08c4b377-0d23-4a8b-be2a-23c1c1d88545AdminRead and write workforce integrations
Analytics.Reade03cf23f-8056-446a-8994-7d93dfc8b50eUserRead your activity statistics
AppCatalog.Read.All88e58d74-d3df-44f3-ad47-e89edf4472e4UserRead all app catalogs
AppCatalog.Submit3db89e36-7fa6-4012-b281-85f3d9d9fd2eUserSubmit application packages to your organization’s catalog and cancel pending submissions
Bookings.Manage.All7f36b48e-542f-4d3b-9bcb-8406f0ab9fdbUserManage bookings information
Bookings.Read.All33b1df99-4b29-4548-9339-7a7b83eaeebcUserRead bookings information
Bookings.ReadWrite.All948eb538-f19d-4ec5-9ccc-f059e1ea4c72UserRead and write bookings information
BookingsAppointment.ReadWrite.All02a5a114-36a6-46ff-a102-954d89d9ab02UserRead and write booking appointments
Calendars.Read465a38f9-76ea-45b9-9f34-9e8b0d4b0b42UserRead your calendars
Calendars.Read.Shared2b9c4092-424d-4249-948d-b43879977640UserRead calendarsyou can access
Calendars.ReadWrite1ec239c2-d7c9-4623-a91a-a9775856bb36UserHave full access to your calendars
Calendars.ReadWrite.Shared12466101-c9b8-439a-8589-dd09ee67e8e9UserRead and write to your and shared calendars
Channel.ReadBasic.All9d8982ae-4365-4f57-95e9-d6032a4c0b87UserRead the names and descriptions of channels
ChannelMessage.Edit2b61aa8a-6d36-4b2f-ac7b-f29867937c53UserEdit your channel messages
ChannelMessage.Sendebf0f66e-9fb1-49e4-a278-222f76911cf4UserSend channel messages
Chat.Create38826093-1258-4dea-98f0-00003be2b8d0UserCreate chats
Chat.Readf501c180-9344-439a-bca0-6cbf209fd270UserRead your chat messages
Chat.ReadBasic9547fcb5-d03f-419d-9948-5928bbf71b0fUserRead names and members of your chat threads
Chat.ReadWrite9ff7295e-131b-4d94-90e1-69fde507ac11UserRead and write your chat messages
ChatMessage.Readcdcdac3a-fd45-410d-83ef-554db620e5c7UserRead user chat messages
ChatMessage.Send116b7235-7cc6-461e-b163-8e55691d839eUserSend chat messages
CloudPC.Read.All5252ec4e-fd40-4d92-8c68-89dd1d3c6110UserRead Cloud PCs
Contacts.Readff74d97f-43af-4b68-9f2a-b77ee6968c5dUserRead your contacts
Contacts.Read.Shared242b9d9e-ed24-4d09-9a52-f43769beb9d4UserRead your and shared contacts
Contacts.ReadWrited56682ec-c09e-4743-aaf4-1a3aac4caa21UserHave full access of your contacts
Contacts.ReadWrite.Sharedafb6c84b-06be-49af-80bb-8f3f77004eabUserRead and write to your and shared contacts
Device.Commandbac3b9c2-b516-4ef4-bd3b-c2ef73d8d804UserCommunicate with your other devices
Device.Read11d4cd79-5ba5-460f-803f-e22c8ab85ccdUserView your list of devices
EAS.AccessAsUser.Allff91d191-45a0-43fd-b837-bd682c4a0b0fUserAccess your mailboxes
email64a6cdd6-aab1-4aaf-94b8-3cc8405e90d0UserView your email address
EWS.AccessAsUser.All9769c687-087d-48ac-9cb3-c37dde652038UserAccess your mailboxes
Family.Read3a1e4806-a744-4c70-80fc-223bf8582c46UserRead your family info
Files.Read10465720-29dd-4523-a11a-6a75c743c9d9UserRead your files
Files.Read.Alldf85f4d6-205c-4ac5-a5ea-6bf408dba283UserRead all files that you have access to
Files.Read.Selected5447fe39-cb82-4c1a-b977-520e67e724ebUserRead selected files
Files.ReadWrite5c28f0bf-8a70-41f1-8ab2-9032436ddb65UserHave full access to your files
Files.ReadWrite.All863451e7-0667-486c-a5d6-d135439485f0UserHave full access to all files you have access to
Files.ReadWrite.AppFolder8019c312-3263-48e6-825e-2b833497195bUserHave full access to the application’s folder
Files.ReadWrite.Selected17dde5bd-8c17-420f-a486-969730c1b827UserRead and write selected files
Financials.ReadWrite.Allf534bf13-55d4-45a9-8f3c-c92fe64d6131UserRead and write financials data
IMAP.AccessAsUser.All652390e4-393a-48de-9484-05f9b1212954UserRead and write access to your mail.
InformationProtectionPolicy.Read4ad84827-5578-4e18-ad7a-86530b12f884UserRead user sensitivity labels and label policies.
Mail.Read570282fd-fa5c-430d-a7fd-fc8dc98a9dcaUserRead your mail
Mail.Read.Shared7b9103a5-4610-446b-9670-80643382c1faUserRead mail you can access
Mail.ReadBasica4b8392a-d8d1-4954-a029-8e668a39a170UserRead user basic mail
Mail.ReadWrite024d486e-b451-40bb-833d-3e66d98c5c73UserRead and write access to your mail
Mail.ReadWrite.Shared5df07973-7d5d-46ed-9847-1271055cbd51UserRead and write mailyou can access
Mail.Sende383f46e-2787-4529-855e-0e479a3ffac0UserSend mail as you
Mail.Send.Shareda367ab51-6b49-43bf-a716-a1fb06d2a174UserSend mail on behalf of others or yourself
MailboxSettings.Read87f447af-9fa4-4c32-9dfa-4a57a73d18ceUserRead your mailbox settings
MailboxSettings.ReadWrite818c620a-27a9-40bd-a6a5-d96f7d610b4bUserRead and write to your mailbox settings
Notes.Create9d822255-d64d-4b7a-afdb-833b9a97ed02UserCreate your OneNote notebooks
Notes.Read371361e4-b9e2-4a3f-8315-2a301a3b0a3dUserRead your OneNote notebooks
Notes.Read.Alldfabfca6-ee36-4db2-8208-7a28381419b3UserRead all OneNote notebooks that you can access
Notes.ReadWrite615e26af-c38a-4150-ae3e-c3b0d4cb1d6aUserRead and write your OneNote notebooks
Notes.ReadWrite.All64ac0503-b4fa-45d9-b544-71a463f05da0UserRead and write all OneNote notebooks that you can access
Notes.ReadWrite.CreatedByApped68249d-017c-4df5-9113-e684c7f8760bUserLimited access to your OneNote notebooks for this app (preview)
Notifications.ReadWrite.CreatedByApp89497502-6e42-46a2-8cb2-427fd3df970aUserDeliver and manage your notifications for this app
offline_access7427e0e9-2fba-42fe-b0c0-848c9e6a8182UserMaintain access to data you have given it access to
OnlineMeetingArtifact.Read.All110e5abb-a10c-4b59-8b55-9b4daa4ef743UserRead user’s online meeting artifacts
OnlineMeetings.Read9be106e1-f4e3-4df5-bdff-e4bc531cbe43UserRead your online meetings
OnlineMeetings.ReadWritea65f2972-a4f8-4f5e-afd7-69ccb046d5dcUserRead and create your online meetings
openid37f7f235-527c-4136-accd-4a02d197296eUserSign in as you
People.Readba47897c-39ec-4d83-8086-ee8256fa737dUserRead your relevant people list
Policy.Read.ConditionalAccess633e0fce-8c58-4cfb-9495-12bbd5a24f7cUserRead your organization’s conditional access policies
POP.AccessAsUser.Alld7b7f2d9-0f45-4ea1-9d42-e50810c06991UserRead and write access to your mail.
Presence.Read76bc735e-aecd-4a1d-8b4c-2b915deabb79UserRead your presence information
Presence.Read.All9c7a330d-35b3-4aa1-963d-cb2b9f927841UserRead presence information of all users in your organization
Presence.ReadWrite8d3c54a7-cf58-4773-bf81-c0cd6ad522bbUserRead and write your presence information
PrinterShare.Read.Alled11134d-2f3f-440d-a2e1-411efada2502UserRead printer shares
PrinterShare.ReadBasic.All5fa075e9-b951-4165-947b-c63396ff0a37UserRead basic information about printer shares
PrintJob.Create21f0d9c0-9f13-48b3-94e0-b6b231c7d320UserCreate your print jobs
PrintJob.Read248f5528-65c0-4c88-8326-876c7236df5eUserRead your print jobs
PrintJob.ReadBasic6a71a747-280f-4670-9ca0-a9cbf882b274UserRead basic information of your print jobs
PrintJob.ReadWriteb81dd597-8abb-4b3f-a07a-820b0316ed04UserRead and update your print jobs
PrintJob.ReadWriteBasic6f2d22f2-1cb6-412c-a17c-3336817eaa82UserRead and write basic information of your print jobs
profile14dad69e-099b-42c9-810b-d002981feec1UserView your basic profile
ShortNotes.Read50f66e47-eb56-45b7-aaa2-75057d9afe08UserRead your short notes
ShortNotes.ReadWrite328438b7-4c01-4c07-a840-e625a749bb89UserRead, create, edit, and delete your short notes
Sites.Manage.All65e50fdc-43b7-4915-933e-e8138f11f40aUserCreate, edit, and delete items and lists in all your site collections
Sites.Read.All205e70e5-aba6-4c52-a976-6d2d46c48043UserRead items in all site collections
Sites.ReadWrite.All89fe6a52-be36-487e-b7d8-d061c450a026UserEdit or delete items in all site collections
SMTP.Send258f6531-6087-4cc4-bb90-092c5fb3ed3fUserAccess to sending emails from your mailbox.
Tasks.Readf45671fb-e0fe-4b4b-be20-3d3ce43f1bcbUserRead your tasks and task lists
Tasks.Read.Shared88d21fd4-8e5a-4c32-b5e2-4a1c95f34f72UserRead your and shared tasks
Tasks.ReadWrite2219042f-cab5-40cc-b0d2-16b1540b4c5fUserCreate, read, update, and delete your tasks and task lists
Tasks.ReadWrite.Sharedc5ddf11b-c114-4886-8558-8a4e557cd52bUserRead and write to your and shared tasks
Team.Create7825d5d6-6049-4ce7-bdf6-3b8d53f4bcd0UserCreate teams
Team.ReadBasic.All485be79e-c497-4b35-9400-0e3fa7f2a5d4UserRead the names and descriptions of teams
TeamsActivity.Read0e755559-83fb-4b44-91d0-4cc721b9323eUserRead your teamwork activity feed
TeamsActivity.Send7ab1d787-bae7-4d5d-8db6-37ea32df9186UserSend a teamwork activity
TeamsAppInstallation.ReadForChatbf3fbf03-f35f-4e93-963e-47e4d874c37aUserRead installed Teams apps in chats
TeamsAppInstallation.ReadForUserc395395c-ff9a-4dba-bc1f-8372ba9dca84UserRead your installed Teams apps
TeamsAppInstallation.ReadWriteSelfForUser207e0cb1-3ce7-4922-b991-5a760c346ebcUserAllow the Teams app to manage itself for you
TeamsTab.ReadWriteForUserc37c9b61-7762-4bff-a156-afc0005847a0UserAllow the Teams app to manage all tabs for you
TeamsTab.ReadWriteSelfForUser395dfec1-a0b9-465f-a783-8250a430cb8cUserAllow the Teams app to manage only its own tabs for you
ThreatSubmission.Readfd5353c6-26dd-449f-a565-c4e16b9fce78UserRead threat submissions
ThreatSubmission.ReadWrite68a3156e-46c9-443c-b85c-921397f082b5UserRead and write threat submissions
User.Reade1fe6dd8-ba31-4d61-89e7-88639da4683dUserSign you in and read your profile
User.ReadBasic.Allb340eb25-3456-403f-be2f-af7a0d370277UserRead all users’ basic profiles
User.ReadWriteb4e74841-8e56-480b-be8b-910348b18b4cUserRead and update your profile
UserActivity.ReadWrite.CreatedByApp47607519-5fb1-47d9-99c7-da4b48f369b1UserRead and write app activity to your activity feed
UserNotification.ReadWrite.CreatedByApp26e2f3e8-b2a1-47fc-9620-89bb5b042024UserDeliver and manage your notifications
UserTimelineActivity.Write.CreatedByApp367492fc-594d-4972-a9b5-0d58c622c91cUserWrite app activity to your timeline
Azure AD – Determine App Roles and Scope Permissions – A Cloud Guy (2024)
Top Articles
Matt Rife Biography: Age, Wife, Net Worth, Parents, Children, Tour, Show, Tickets, Manager | TheCityCeleb
Matt Rife's Net Worth, Family, Career, Girlfriend, and More
Support for DJI Air 2S - DJI
DJI Air 2S Gesetze und Regeln
Austin’s Craigslist: Your Ultimate Guide to Buying, Selling, and Discovering
Word Chum Cheats Grabber
Algebra I Common Core Regents Exam - June 2019 (worksheets, videos, solutions, questions, activities)
The Ultimate Guide to Passing the Algebra 2 Regents Exam — Mashup Math
Edt National Board
BOO Your Teacher Buddies! - Classroom Freebies
Used Pickup Trucks for Sale in Mankato, MN
Mankato, MN Real Estate & Homes for Sale | realtor.com®
Latest Posts
Mlb Xm Radio
Matt Rife Net Worth: Unveiling the Comedian's Financial Success
Article information

Author: Pres. Carey Rath

Last Updated:

Views: 6396

Rating: 4 / 5 (41 voted)

Reviews: 80% of readers found this page helpful

Author information

Name: Pres. Carey Rath

Birthday: 1997-03-06

Address: 14955 Ledner Trail, East Rodrickfort, NE 85127-8369

Phone: +18682428114917

Job: National Technology Representative

Hobby: Sand art, Drama, Web surfing, Cycling, Brazilian jiu-jitsu, Leather crafting, Creative writing

Introduction: My name is Pres. Carey Rath, I am a faithful, funny, vast, joyous, lively, brave, glamorous person who loves writing and wants to share my knowledge and understanding with you.