Microsoft Graph Required Scopes list ?

farismalaeb 

If you really want to get funky, just pull it from PowerShell.

This is something I do (though not this way) in identity management to dynamically cater to the addition and removal (not that I've actually seen a removal) of app roles when I'm flagging users with privileged rights in key Azure platforms.

Anyhow, to keep things simple, this example uses the Get-MgServicePrincipal commandlet against the beta endpoint.

Get-MgServicePrincipal (Microsoft.Graph.Applications) | Microsoft Docs

(Get-MgServicePrincipal -ServicePrincipalId 0e5cbc2e-764b-4147-8ac8-429decdbb48a -Property AppRoles).AppRoles |
    Where-Object { $_.Value -match "(read)(?!.*write)" } |
        ForEach-Object {
            [PSCustomObject] @{
                Id = $_.Id;
                Name = $_.Value;
                Enabled = $_.IsEnabled;
                DisplayName = $_.DisplayName;
                AppliesTo = $_.AllowedMemberTypes;
            }
        } | Sort-Object -Property Name | Format-Table -AutoSize;

Which produces the following output (there's more results than can fit on the screen, so take this as a guide only.)

Clearly, you can fiddle with the "where" clause to your heart's content to include more or reduce it further.

Cheers,

Lain