Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Namespace: microsoft.graph
Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.
Create a new deviceAndAppManagementRoleAssignment object.
This API is available in the following national cloud deployments.
| Global service | US Government L4 | US Government L5 (DOD) | China operated by 21Vianet |
|---|---|---|---|
| ✅ | ✅ | ✅ | ✅ |
Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.
| Permission type | Permissions (from least to most privileged) |
|---|---|
| Delegated (work or school account) | DeviceManagementRBAC.ReadWrite.All |
| Delegated (personal Microsoft account) | Not supported. |
| Application | DeviceManagementRBAC.ReadWrite.All |
HTTP Request
POST /deviceManagement/roleAssignments
Request headers
| Header | Value |
|---|---|
| Authorization | Bearer {token}. Required. Learn more about authentication and authorization. |
| Accept | application/json |
Request body
In the request body, supply a JSON representation for the deviceAndAppManagementRoleAssignment object.
The following table shows the properties that are required when you create the deviceAndAppManagementRoleAssignment.
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the request. This ID is assigned at when the entity is created. Read-only. Inherited from roleAssignment |
| displayName | String | Indicates the display name of the role assignment. For example: 'Houston administrators and users'. Max length is 128 characters. Inherited from roleAssignment |
| description | String | Indicates the description of the role assignment. For example: 'All administrators, employees and scope tags associated with the Houston office.' Max length is 1024 characters. Inherited from roleAssignment |
| resourceScopes | String collection | Indicates the list of resource scope security group Entra IDs. For example: {dec942f4-6777-4998-96b4-522e383b08e2}. Inherited from roleAssignment |
| members | String collection | Indicates the list of role member security group Entra IDs. For example: {dec942f4-6777-4998-96b4-522e383b08e2}. |
Response
If successful, this method returns a 201 Created response code and a deviceAndAppManagementRoleAssignment object in the response body.
Example
Request
Here is an example of the request.
POST https://graph.microsoft.com/v1.0/deviceManagement/roleAssignments
Content-type: application/json
Content-length: 258
{
"@odata.type": "#microsoft.graph.deviceAndAppManagementRoleAssignment",
"displayName": "Display Name value",
"description": "Description value",
"resourceScopes": [
"Resource Scopes value"
],
"members": [
"Members value"
]
}
Response
Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.
HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 307
{
"@odata.type": "#microsoft.graph.deviceAndAppManagementRoleAssignment",
"id": "a12e8ebb-8ebb-a12e-bb8e-2ea1bb8e2ea1",
"displayName": "Display Name value",
"description": "Description value",
"resourceScopes": [
"Resource Scopes value"
],
"members": [
"Members value"
]
}