Roles Flashcards
Application administrator
Can create and manage all aspects of app registrations and enterprise apps
Application developer
Can create application registrations independent of the ‘Users can register applications’ setting
Authentication administrator
Has access to view, set, and reset authentication method information for any non-admin user
Azure DevOps administrator
Can manage Azure DevOps organization policy and settings
Azure Information Protection administrator
Can manage all aspects of the Azure Information Protection product
B2C IEF Keyset administrator
Can manage secrets for federation and encryption in the Identity Experience Framework.
B2C IEF Policy administrator
Can create and manage trust framework policies in the Identity Experience Framework.
B2C user flow administrator
Can create and manage all aspects of user flows.
B2C user flow attribute administrator
Can create and manage the attribute schema available to all user flows
Billing administrator
Can perform common billing related tasks like updating payment information.
Cloud application administrator
Can create and manage all aspects of app registrations and enterprise apps except App Proxy.
Cloud device administrator
Full access to manage devices in Azure AD.
Compliance administrator
Can read and manage compliance configuration and reports in Azure AD and Office 365.
Compliance data administrator
Can create and manage compliance content.
Conditional Access administrator
Can manage conditional access capabilities.
Directory readers
Can read basic directory information. Commonly used to grant directory read access to applications and guests.
Global reader
Can read everything that a global administrator can, but not update anything.
Groups administrator
Can manage all aspects of groups and group settings like naming and expiration policies.
Guest inviter
Can invite guest users independent of the ‘members can invite guests’ setting.
Helpdesk administrator
Can reset passwords for non-administrators and Helpdesk administrators
Message center privacy reader
Can read Message Center posts, data privacy messages, groups, domains and subscriptions.
Message center reader
Can read messages and updates for their organization in Office 365 Message Center only.
Office apps administrator
Users in this role can manage Office 365 apps cloud settings. This includes managing cloud policies, self-service download management and the ability to view Office apps related report. This role additionally grants the ability to manage support tickets, and monitor service health within the main admin center. Users assigned to this role can also manage communication of new features in Office apps.
Password administrator
Can reset passwords for non-administrators and Password administrators.
Privileged authentication administrator
Allowed to view, set and reset authentication method information for any user (admin or non-admin).
Privileged role administrator
Can manage role assignments in Azure AD, and all aspects of Privileged Identity Management.
Reports reader
Can read sign-in and audit reports
Search administrator
Can create and manage all aspects of Microsoft Search settings.
Security administrator
Can read security information and reports, and manage configuration in Azure AD and Office 365.
Security operator
Can create and manage security events.
Security reader
Can read security information and reports in Azure AD and Office 365.
Service administrator
Can read service health information and manage support tickets.
Teams Communications Administrator
Can manage calling and meetings features within the Microsoft Teams service.
Teams Communications Support Engineer
Can troubleshoot communications issues within Teams using advanced tools.
Teams Communications Support Specialist
Can troubleshoot communications issues within Teams using basic tools.
Teams Service Administrator
Can manage the Microsoft Teams service.
