![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 53%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERT%3C/text%3E%3C/svg%3E)
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 42%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
Hello Robert Thomson,
As per your request, you are looking to export role assignments for PIM-enabled security groups.
Please note that downloading role assignments from Subscription > Access Control (IAM) will not include these groups, as PIM security groups are managed in Microsoft Entra ID and are not treated as resources within the subscription.
To retrieve this information, you can use the Microsoft Graph API to get a list of active and eligible role assignments for PIM groups. However, the response will include the role assignments, but not the group names directly.
Once you identify the group name separately, you can then retrieve and export the list of users within that group.
Please refer to the documentation below for more details.
If you have any questions, feel free to reach out — I’m happy to assist you.