Administrator Roles

Question 1

Application Administrator

Answer 1

Can administer enterprise applications, application registrations, and application proxy settings.

Question 2

Application Developer

Answer 2

Can create application registrations.

Question 3

Authentication Administrator

Answer 3

Can view current authentication method settings. Can set or reset non-password credentials. Can force MFA on next sign on.

Question 4

Billing Administrator

Answer 4

Can purchase and manage subscriptions. Can manage support tickets and monitor service health.

Question 5

Cloud Application Administrator

Answer 5

Can manage all aspects of enterprise applications and registrations, but cannot manage application proxy.

Question 6

Cloud Device Administrator

Answer 6

Can enable, disable, and remove devices in Azure AD. Can view Windows 10 BitLocker Drive Encryption Keys through Azure portal.

Question 7

Compliance Administrator

Answer 7

Manage features in the Microsoft 365 compliance Center, Microsoft 365 Admin Center and Microsoft 365 Security and Compliance Center.

Question 8

Conditional Access Administrator

Answer 8

Administrative rights over Azure AD conditional access configuration.

Question 9

Customer Lockbox access approver

Answer 9

Manage customer lockbox requests. Can also enable and disable the customer lockbox feature.

Question 10

Device Administrators

Answer 10

Users assigned this role will become local administrators on all computers running Windows 10 that are joined to Azure AD.

Question 11

Directory Readers

Answer 11

Role for applications that do not support consent framework. Should not be assigned to users.

Question 12

Directory Synchronization Accounts

Answer 12

Assigned to the Azure AD Connect service and not used for user accounts.

Question 13

Directory Writers

Answer 13

A legacy role assigned to applications that do not support the consent framework. Should only be assigned to applications and not user accounts.

Question 14

Dynamics 365 Administrator/ CRM Administrator

Answer 14

Administrative access to Dynamics 365 Online

Question 15

Exchange Administrator

Answer 15

Administrative Access to Exchange Online

Question 16

Global Administrator/ Company Administrator

Answer 16

Administrative access to all Azure AD features. This includes administrative access to services that use Azure AD Identities including Microsoft 365 security center, Microsoft 365 compliance center, Exchange Online, SharePoint Online, and Skype for Business Online. The account used to sign up for the tenancy becomes the global admin. Global admins can reset the password of any user, including other global admins.

Question 17

Guest Inviter

Answer 17

Can manage Azure AD B2B guest user invitations.

Question 18

Information Protection Administrator

Answer 18

Has the ability to manage all aspects of Azure Information Protection including configuring labels, managing protection templates, and activating protection.

Question 19

Intune Administrator

Answer 19

Has full administrative rights to Microsoft Intune

Question 20

License Administrator

Answer 20

Can manage license assignments on users and groups. Cannot purchase or manage subscriptions.

Question 21

Message Center Reader

Answer 21

Can monitor notification and Microsoft advisories in the Microsoft 365 Message Center.

Question 22

Password Administrator / Helpdesk Administrator

Answer 22

Able to perform the following tasks for all users except those that have administrative roles:

• Change passwords
• Invalidate refresh tokens
• Manage service requests
• Monitor service health

Question 23

Power BI Administrator

Answer 23

Has administrator permissions over Power BI

Question 24

Privileged Role Administrator

Answer 24

Can manage all aspects of Azure AD Privileged Identity Management. Can manage role assignments in Azure AD.

Question 25

Reports Reader

Answer 25

Can view reporting data in the Microsoft 365 reports dashboard

Question 26

Security Administrator

Answer 26

Has administrator level access to manage security features in the Microsoft 365 security center, Azure AD Identity Protection, Azure Information Protection, And Microsoft 365 Security and Compliance Center.

Question 27

Security Reader

Answer 27

Has read-only access to security Microsoft 365 related services.

Question 28

Service Support Administrator

Answer 28

Can open and view support requests with Microsoft for Microsoft 365 related services.

Question 29

SharePoint Administrator

Answer 29

Has global administrator permissions for SharePoint Online workloads.

Question 30

Skype for Business / Lync Administrator

Answer 30

Has global administrator permissions for Skype for Business workloads.

Question 31

Teams Administrator

Answer 31

Can administer all elements of Microsoft Teams

Question 32

Teams Communications Administrator

Answer 32

Can manage Teams workloads related to voice and telephony including telephone number assignment, voice and meeting policies.

Question 33

Teams Communications Support Engineer

Answer 33

Can troubleshoot communication issues within Teams & Skype for Business. Can view details of call records for all participants in a conversation.

Question 34

Teams Communications Support Specialist

Answer 34

Can troubleshoot communication issues with Teams & Skype for Business. Can only view user details in the call for a specific user.

Question 35

User Account Administrator

Answer 35

Can create and manage user accounts. Can create and manage groups. Can manage user views, support tickets and monitor service health.