Forum Discussion

Bedrich Chaloupka's avatar
Bedrich Chaloupka
Copper Contributor
Sep 10, 2018

Security & Compliance Center RBAC vs Azure AD admin roles

Please is there any clear documentation (mapping) of what is relation between AAD admin roles and the Security & Compliance Center (SCC) RBAC roles? In both admin centers is possible to add someone as member of Security Administrator, Security Reader, Compliance Administrator and other roles, but the administrative features set available in the SCC is different based on whether the role was assigned in AAD or in SCC. I know the roles have same names and different purpose, but obviously the AAD admin roles enable some admin features in SCC, but different than expected. Did not find this anywhere documented except a not that Global admin gets automatically Organization Management role in SCC. This looks quite chaotic.

  • Well it is even more complex. Microsoft's documentation says that the Global admin is automatically added as member of Organization Management role in SCC, but if you open SCC Admin site as Global admin you will see different management options then if you just add somebody to the Organization Management role in SCC. The same happens with Compliance Administrator, Security Administrator or Reader, which are AAD admin roles as well as SCC admin roles.

Resources