Microsoft 365 – Graph APIs – Managing guest permissions level in our Tenant using Microsoft Graph

by Prasham Sabadra · April 5, 2025

Graph Explorer - Updating the current value for Guest user permission level - guestUserRoleId

Hi All,

Greetings for the day!!!

On Microsoft 365 Junction, we will continue to explore Microsoft Graph APIs.

In this article I am discussing Microsoft Graph APIs for configuring/managing guest permissions in our tenant.

Microsoft Entra ID allows us to restrict what external guest users can see
Guest users are set to a limited permission level by default

Permissions levels for Guest users

Same as member users
Limited access (default)
Restricted access

Permission level	Access level	Value (Role ID)
Same as member users	Guests have the same access to Microsoft Entra resources as member users	a0b1b346-4d3e-4e8b-98f8-753987be4970
Limited access (default)	Guests can see membership of all non-hidden groups	10dae51f-b6af-4016-8d66-8c2a99b929b3
Restricted access (new)	Guests can’t see membership of any groups	2af84b1e-32c8-42b7-82bc-daa82404023b

Table: Permission level for Guest users

We can manage (update) these permissions level either through Entra admin center or through Microsoft Graph.

snap: Microsoft Entra admin center >> External Identities >> External collaboration settings

In this article we will explore Graph APIs available for guest permission level.

Permissions required for managing GUEST permission level

snap: Permission consent for reading / writing authorization policy

Managing GUEST permission level with Graph API

Here, for demo purpose I will use Graph Explorer.

Scenario 1 – How to know the current permission level for guest users

We have Graph API

GET https://graph.microsoft.com/beta/policies/authorizationPolicy/authorizationPolicy

Graph Explorer - Getting the current value for Guest user permission level - guestUserRoleId — snap: Graph Explorer – Getting the current value for Guest user permission level – guestUserRoleId

Scenario 2 – Updating existing permission level – PATCH request

We will use PATCH request to update guest users permission level
In “Request body” we will update value of “guestUserRoleId”
Refer above table “Permission level for Guest users” to know specific role id for given permission level

https://graph.microsoft.com/beta/policies/authorizationPolicy/authorizationPolicy

Thanks for reading the article !!! Please feel free to discuss in case any issues / suggestions / thoughts / questions !!!

HAVE A GREAT TIME AHEAD !!! LIFE IS BEAUTIFUL 🙂

Tags: authorization policies Configure guest permissions in our Tenant using Microsoft Graph configuring guest permissions in our tenant.entra entra admin center Entra Id Entra ID guest users External collaboration settings External Identities >> External collaboration settings Graph APIs Graph APIs - Configure guest permissions in our Tenant using Microsoft Graph Graph Explorer Graph Explorer - Getting the current value for Guest user permission level Graph Explorer - Getting the current value for Guest user permission level - guestUserRoleId Graph Explorer - Updating the current value for Guest user permission level - guestUserRoleId guest permissions in our tenant guest user permission level guest users in Entra ID M365 Managing GUEST permission level with Graph API Managing guest permissions level in our Tenant using Microsoft Graph Microsoft 365 Microsoft 365 - Graph APIs - Configure guest permissions in our Tenant using Microsoft Graph Microsoft 365 guest users Microsoft Entra Microsoft Entra admin center >> External Identities >> External collaboration settings Microsoft Entra ID Microsoft Entra ID - Microsoft Entra admin center Microsoft Graph Microsoft Graph APIs Microsoft Graph Explorer O365 Office 365 office 365 guest users Permission consent for reading / writing authorization policy Permission level for Guest users SharePoint SharePoint online updating permission level of guest users updating permission level of guest users using Graph API

Prasham Sabadra

LIFE IS VERY BEAUTIFUL. ENJOY THE WHOLE JOURNEY :) Founder of Microsoft 365 Junction, Speaker, Author, Learner, Developer, Passionate Techie. Certified Professional Workshop Facilitator / Public Speaker. Believe in knowledge sharing. Around 20+ years of total IT experience and 17+ years of experience in SharePoint and Microsoft 365 services Please feel free me to contact for any SharePoint / Microsoft 365 queries. I am also very much interested in behavioral (life changing) sessions like motivational speeches, Success, Goal Setting, About Life, How to live Life etc. My book - Microsoft 365 Power Shell hand book for Administrators and Beginners and 100 Power Shell Interview Questions - https://www.amazon.in/Microsoft-Administrators-Beginners-Interview-Questions/dp/9394901639/ref=tmm_pap_swatch_0?_encoding=UTF8&qid=1679029081&sr=8-11

You may also like...

Leave a ReplyCancel reply

Trending Articles

Recent Posts

Archives

Microsoft 365 – Graph APIs – Managing guest permissions level in our Tenant using Microsoft Graph

Share this:

Like this:

Related Articles

You may also like...

Microsoft 365 – Governance implementation – Verifying User Presence in SharePoint Site Collections Based on SipAddress

M365 : Microsoft Graph – Graph Explorer – New preview version of most popular tool Graph Explorer

Microsoft Graph – GRAPH APIs queries for Attribute Set and Custom security attributes at one place

Leave a ReplyCancel reply

Trending Articles

Recent Posts

Archives

Discover more from Microsoft 365