Connect Your App to Microsoft Azure Active Directory without Directory.Read.All and instead Group.Read.All or GroupMember.Read.All

nik.baleca · August 11, 2025, 6:48pm

Welcome to the Auth0 Community!

As mentioned in this knowledge article, the Directory.Read.All permission is not strictly necessary. You should be able to set up and use the connection with the User.Read permission and any other ones you deem necessary for your implementation.

If you have any other questions, let me know!

Kind Regards,
Nik

Topic		Replies	Views
Azure AD Does Not Require "Directory.Read.All" Access Privileges Knowledge Articles	1	914	January 23, 2024
Why Read Directory permission is absolutely required for Azure AD connection? Get Help azure-ad	7	6288	April 18, 2020
I want to turn off the "Read Directory" permission for Azure AD connection - what will happen? Get Help azure-ad	4	4205	August 29, 2019
More precisions about why 2 extrat permissions are needed with Azure AD connection Get Help azure-ad , permissions , azure	3	2957	December 7, 2021
Minimum required permissions in Entra to be able to use Microsoft Azure AD Enterprise Connection? Get Help user-management , account-linking	5	101	February 19, 2025

Connect Your App to Microsoft Azure Active Directory without Directory.Read.All and instead Group.Read.All or GroupMember.Read.All

Related topics