-
Notifications
You must be signed in to change notification settings - Fork 353
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Updating list of privileged groups as per https://learn.microsoft.com…
- Loading branch information
Showing
1 changed file
with
19 additions
and
17 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,26 +1,28 @@ | ||
| "azureadrole","isprvilegedadrole","description" | ||
| """Application Administrator""","True","Can create and manage all aspects of app registrations and enterprise apps." | ||
| """Application Developer""","True","Can create application registrations independent of the 'Users can register applications' setting." | ||
| """Authentication Administrator""","True","Can access to view, set and reset authentication method information for any non-admin user." | ||
| """Authentication Policy Administrator""","True","Can create and manage the authentication methods policy, tenant-wide MFA settings, password protection policy, and verifiable credentials." | ||
| """Azure AD Joined Device Local Administrator""","True","Users assigned to this role are added to the local administrators group on Azure AD-joined devices." | ||
| """Azure DevOps Administrator""","True","Can manage Azure DevOps policies and settings." | ||
| """Azure Information Protection Administrator""","True","Can manage all aspects of the Azure Information Protection product." | ||
| """Authentication Extensibility Administrator""","True","Customize sign in and sign up experiences for users by creating and managing custom authentication extensions." | ||
| """B2C IEF Keyset Administrator""","True","Can manage secrets for federation and encryption in the Identity Experience Framework (IEF)." | ||
| """Cloud Application Administrator""","True","Can create and manage all aspects of app registrations and enterprise apps except App Proxy." | ||
| """Cloud Device Administrator""","True","Limited access to manage devices in Azure AD." | ||
| """Compliance Administrator""","True","Can read and manage compliance configuration and reports in Azure AD and Microsoft 365." | ||
| """Cloud Device Administrator""","True","Limited access to manage devices in Microsoft Entra ID." | ||
| """Conditional Access Administrator""","True","Can manage Conditional Access capabilities." | ||
| """Exchange Administrator""","True","Can manage all aspects of the Exchange product." | ||
| """Directory Synchronization Accounts""","True","Only used by Microsoft Entra Connect and Microsoft Entra Cloud Sync services." | ||
| """Directory Writers""","True","Can read and write basic directory information. For granting access to applications, not intended for users." | ||
| """Domain Name Administrator""","True","Can manage domain names in cloud and on-premises." | ||
| """External Identity Provider Administrator""","True","Can configure identity providers for use in direct federation." | ||
| """Groups Administrator""","True","Members of this role can create/manage groups, create/manage groups settings like naming and expiration policies, and view groups activity and audit reports." | ||
| """Global Administrator""","True","Can manage all aspects of Microsoft Entra ID and Microsoft services that use Microsoft Entra identities." | ||
| """Global Reader""","True","Can read everything that a Global Administrator can, but not update anything." | ||
| """Helpdesk Administrator""","True","Can reset passwords for non-administrators and Helpdesk Administrators." | ||
| """Hybrid Identity Administrator""","True","Can manage AD to Azure AD cloud provisioning, Azure AD Connect, Pass-through Authentication (PTA), Password hash synchronization (PHS), Seamless Single sign-on (Seamless SSO), and federation settings." | ||
| """Hybrid Identity Administrator""","True","Manage Active Directory to Microsoft Entra cloud provisioning, Microsoft Entra Connect, pass-through authentication (PTA), password hash synchronization (PHS), seamless single sign-on (seamless SSO), and federation settings. Does not have access to manage Microsoft Entra Connect Health." | ||
| """Intune Administrator""","True","Can manage all aspects of the Intune product." | ||
| """License Administrator""","True","Can manage product licenses on users and groups." | ||
| """Network Administrator""","True","Can manage network locations and review enterprise network design insights for Microsoft 365 Software as a Service applications." | ||
| """Lifecycle Workflows Administrator""","True","Create and manage all aspects of workflows and tasks associated with Lifecycle Workflows in Microsoft Entra ID." | ||
| """Partner Tier1 Support""","True","Do not use - not intended for general use." | ||
| """Partner Tier2 Support""","True","Do not use - not intended for general use." | ||
| """Password Administrator""","True","Can reset passwords for non-administrators and Password Administrators." | ||
| """Privileged Role Administrator""","True","Can manage role assignments in Azure AD, and all aspects of Privileged Identity Management." | ||
| """Security Administrator""","True","Can read security information and reports, and manage configuration in Azure AD and Office 365." | ||
| """SharePoint Administrator""","True","Can manage all aspects of the SharePoint service." | ||
| """Teams Administrator""","True","Can manage the Microsoft Teams service." | ||
| """Privileged Authentication Administrator""","True","Can access to view, set and reset authentication method information for any user (admin or non-admin)." | ||
| """Privileged Role Administrator""","True","Can manage role assignments in Microsoft Entra ID, and all aspects of Privileged Identity Management." | ||
| """Security Administrator""","True","Can read security information and reports, and manage configuration in Microsoft Entra ID and Office 365." | ||
| """Security Operator""","True","Creates and manages security events." | ||
| """Security Reader""","True","Can read security information and reports in Microsoft Entra ID and Office 365." | ||
| """User Administrator""","True","Can manage all aspects of users and groups, including resetting passwords for limited admins." | ||
| """Windows 365 Administrator""","True","Can provision and manage all aspects of Cloud PCs." | ||
|
|