Admin Role

Entra ID – It is now easier to identify privileged administration roles

Entra ID (aka Azure AD) now allows you to quickly identified privileged administration roles. While it is obvious for some roles (such as Global Administrator), some others may be more subject to your own understanding/interpretation of the role. To help you, Entra ID is now showing a privileged tag, which can also be used as […]

Entra ID – It is now easier to identify privileged administration roles Read More »

Azure AD – New administration role available to delegate Windows Updates settings

A new Azure Active Directory administration role is available – called Windows update deployment administrator – to delegate Windows Updates deployments through Windows Update for Business. This role allows you to delegate Windows Update for Business settings like when and how updates are deployed to devices. This will help you delegate Windows Update for Business

Azure AD – New administration role available to delegate Windows Updates settings Read More »

Azure AD – New administration role available to delegate administration of Microsoft Cloud App Security (MCAS)

As you know, Azure AD comes with administration roles to allow you delegate administration tasks with the least privilege. Well, until now if you wanted to delegate Microsoft Cloud App Security (MCAS) administration tasks you had to use either the Security Administrator or Global Administrator roles. Both granting much more permissions than required for MCAS.

Azure AD – New administration role available to delegate administration of Microsoft Cloud App Security (MCAS) Read More »

Azure AD – New administration roles to delegate administration tasks and reduce the need to grant global administrator

As you know, Azure Active Directory provides a large list of administration roles to allow delegating administration tasks and reduce the need to grant the more powerful global administrator role. Well, 2 new roles are now available: Authentication policy administrator to delegate the permissions to manage the authentication methods enabled on Azure AD and associated

Azure AD – New administration roles to delegate administration tasks and reduce the need to grant global administrator Read More »

Azure AD – New administration roles for managing domain name and authentication methods

Good news, you don’t need to be a global administrator to manage Multi Factor Authentication (MFA) or authentication methods. A new role called Authentication Policy Admin allows you to delegate authentication methods management, covering MFA or password protection policies. NOTE the legacy MFA setting is not available for the authentication policy admin role Below is

Azure AD – New administration roles for managing domain name and authentication methods Read More »

Azure AD – You can now enable cloud groups for administration role assignment (preview)

As you know, all administrative permissions to manage any service or capability should be granted by assigning Azure AD administration roles. Well, until now, it was not possible to grant such administration role to a group of users. Good news, this capability is now available in preview. To start using group to grant administration role,

Azure AD – You can now enable cloud groups for administration role assignment (preview) Read More »

Azure AD / Office 365 – 3 new administration roles available

In the way to limit the need and use of the global administrator role, 3 new administration roles have been made available: Groups administrator to delegate groups (Azure AD security groups, Office 365 Groups, Teams or Yammer) management, covering naming convention, expiration policy or even AAD security group restoration Office apps administrator allows you delegating

Azure AD / Office 365 – 3 new administration roles available Read More »

Office 365 – A new administration role is available to delegate administration of Kaizala

You may know Kaizala has been the youngest and latest service added to Office 365, providing phone-based collaboration capabilities. Until then, to manage Kaizala you had to be an Office 365 Global Administrator; well, not anymore, a new administration role is now available to delegate administration of Kaizala without granting global administration: Kaizala admin

Office 365 – A new administration role is available to delegate administration of Kaizala Read More »

Office 365 – You can define Favorites administration roles

As you already know, the Roles page on Office 365 administration portal (https://admin.microsoft.com/) allows you to manage Office 365 roles assigned to your users. Well, you can now define your favorites administration roles (aka the one you use/manage the most) to filter the available roles to only those ones. To set an administration role as

Office 365 – You can define Favorites administration roles Read More »

Exchange Online – A new administration role is being deployed: Quarantine Administrator

This was a missing role since the beginning of Office 365 and Exchange Online to allow the delegation of the administration of the quarantine. Before you had to create your very own Exchange Role with the correct permissions – Mail Recipient, Message Tracking, Transport Hygiene and View-Only Configuration (which was not easy to find as

Exchange Online – A new administration role is being deployed: Quarantine Administrator Read More »