Forum Discussion

Steel Contributor

Jul 18, 2018

Solved

Administrative roles and groups

Are there certain administrator roles in Azure AD or Office 365 that have to be assigned to an individual as opposed to a security group? I've found we can add a security group as a member to a role...

VasilMichev
Jul 23, 2018
This script by Paul is a good starting point: https://practical365.com/security/reporting-office-365-admin-role-group-members/

VasilMichev

MVP

Jul 19, 2018

That's specific to the application. None of the Office 365 roles support group assignment. Some of the workload-specific roles do however (intune as you pointed out, Exchange, etc), as do some of the Azure AD roles. As a general rule of thumb, assume they don't support group assignments...

escupham

Steel Contributor

Jul 19, 2018

I need an automated way to review who has elevated access in O365. We have on-prem security groups that are tied into a review process, but it makes it difficult when we can't use groups for some O365 roles. We don't have E5. Any suggestions to do this?

VasilMichev
MVP
Jul 20, 2018
You can easily report on admin role membership via PowerShell. Or you can use Azure AD Privileged Identity Management.
- escupham
  Steel Contributor
  Jul 23, 2018
  Is there one script though to export a list of all admin roles and memberships?
  - VasilMichev
    MVP
    Jul 23, 2018
    This script by Paul is a good starting point: https://practical365.com/security/reporting-office-365-admin-role-group-members/