Administration Role

Entra ID – It is now easier to identify privileged administration roles

Entra ID (aka Azure AD) now allows you to quickly identified privileged administration roles. While it is obvious for some roles (such as Global Administrator), some others may be more subject to your own understanding/interpretation of the role. To help you, Entra ID is now showing a privileged tag, which can also be used as […]

Entra ID – It is now easier to identify privileged administration roles Read More »

Azure AD – New administration role available to delegate Windows Updates settings

A new Azure Active Directory administration role is available – called Windows update deployment administrator – to delegate Windows Updates deployments through Windows Update for Business. This role allows you to delegate Windows Update for Business settings like when and how updates are deployed to devices. This will help you delegate Windows Update for Business

Azure AD – New administration role available to delegate Windows Updates settings Read More »

Azure AD – New administration role available to delegate administration of Microsoft Cloud App Security (MCAS)

As you know, Azure AD comes with administration roles to allow you delegate administration tasks with the least privilege. Well, until now if you wanted to delegate Microsoft Cloud App Security (MCAS) administration tasks you had to use either the Security Administrator or Global Administrator roles. Both granting much more permissions than required for MCAS.

Azure AD – New administration role available to delegate administration of Microsoft Cloud App Security (MCAS) Read More »

Azure AD – New administration roles to delegate administration tasks and reduce the need to grant global administrator

As you know, Azure Active Directory provides a large list of administration roles to allow delegating administration tasks and reduce the need to grant the more powerful global administrator role. Well, 2 new roles are now available: Authentication policy administrator to delegate the permissions to manage the authentication methods enabled on Azure AD and associated

Azure AD – New administration roles to delegate administration tasks and reduce the need to grant global administrator Read More »

Azure AD – New administration roles for managing domain name and authentication methods

Good news, you don’t need to be a global administrator to manage Multi Factor Authentication (MFA) or authentication methods. A new role called Authentication Policy Admin allows you to delegate authentication methods management, covering MFA or password protection policies. NOTE the legacy MFA setting is not available for the authentication policy admin role Below is

Azure AD – New administration roles for managing domain name and authentication methods Read More »

Azure AD – You can now enable cloud groups for administration role assignment (preview)

As you know, all administrative permissions to manage any service or capability should be granted by assigning Azure AD administration roles. Well, until now, it was not possible to grant such administration role to a group of users. Good news, this capability is now available in preview. To start using group to grant administration role,

Azure AD – You can now enable cloud groups for administration role assignment (preview) Read More »

Office 365 / Intune – Intune roles management is now integrated with the Office 365 administration portal

If you are using Office 365 and Intune/Endpoint Configuration Manager, you already know you had to manage administration roles from 2 different portals: the Office 365 one for all Office 365 workloads and the Intune/Endpoint Configuration Manager one for all Intune roles. Well, good news, you can now manage both Office 365 and Intune administration

Office 365 / Intune – Intune roles management is now integrated with the Office 365 administration portal Read More »

Intune – New administration roles available

A new administration role for Intune has been made available – Endpoint Security Manager. This new role is an extension of the the Security Administrator role, to allow you The associated permissions with this new Endpoint Security Manager are: Read, Create, Update, Delete, and Assign Device Compliance Policies Read, Delete, and Update Managed devices Read,

Intune – New administration roles available Read More »

Azure AD / Office 365 – 3 new administration roles available

In the way to limit the need and use of the global administrator role, 3 new administration roles have been made available: Groups administrator to delegate groups (Azure AD security groups, Office 365 Groups, Teams or Yammer) management, covering naming convention, expiration policy or even AAD security group restoration Office apps administrator allows you delegating

Azure AD / Office 365 – 3 new administration roles available Read More »

Office 365 – A new administration role is available to delegate administration of Kaizala

You may know Kaizala has been the youngest and latest service added to Office 365, providing phone-based collaboration capabilities. Until then, to manage Kaizala you had to be an Office 365 Global Administrator; well, not anymore, a new administration role is now available to delegate administration of Kaizala without granting global administration: Kaizala admin

Office 365 – A new administration role is available to delegate administration of Kaizala Read More »