Exchange/Azure AD higher risk security roles

Hi CRIB111,

Here are some of the higher risk admin roles in Exchange Online and Azure AD:

1. Global Administrator: This role, the highest in Azure AD, empowers users to assign admin access, reset other administrators' passwords, and oversee critical functions.

2. User Administrator: With the ability to create and manage users and groups, as well as reset passwords, this role is essential for those handling user-related tasks.

3. Privileged Role Administrator: Recently introduced in Azure AD, this role streamlines the management of reports in Azure AD Identity Protection and Privileged Identity Management (PIM).

4. Security Administrator: Another new role in Azure AD, the Security Administrator simplifies the management and access to reports in Azure AD Identity Protection and PIM.

5. Security Reader: Designed for read-only access to security information and policies, this role provides a non-intrusive way to stay informed.
   
   What's the difference between Azure roles and Azure AD roles? - Microsoft Community Hub
   
   #AzureAD updated with new admin roles - Microsoft Community Hub
   
   Best practices for Microsoft Entra roles - Microsoft Entra ID | Microsoft Learn
   
   

   
   

   
   Please click Mark as Best Response & Like if my post helped you to solve your issue.
   This will help others to find the correct solution easily. It also closes the item.

   
   

   If the post was useful in other ways, please consider giving it Like.

   
   

   Kindest regards,

   
   

   Leon Pavesic
   (LinkedIn)