First published on CloudBlogs on Jul, 30 2018
Today, I am excited to share the details of a brand new roles and administrators experience to make managing and controlling user assignments easier than ever in Azure AD. The new roles and administrators feature—now in preview—provides you with a complete list and description of the built-in directory roles, a streamlined process to manage roles, and links to relevant documentation to help you utilize directory roles. Now you can quickly answer questions like “How many global administrators do I have?” or “What are my assigned roles?”
The new roles and administrators experience is accessed from the left navigation pane of the Azure AD Overview.
Overview of the roles and administrators experience
Start by clicking
Roles and administrators
to display the complete list and a brief description of all the built-in directory roles—including the
new delegated app management roles
. You can also see your active Azure AD role assignment (if you have one) and can click
to access the list of your active assigned roles.
List of roles and descriptions under Roles and administrators.
A frequent question we’re asked is “What do all these roles do?” With that in mind—we added a super-detailed list of permissions granted to all members of the role. How cool is that!
Description of permissions granted to all members of the displayed role.
In addition to role permission details, we included links to relevant documentation to help you best utilize directory roles. But that’s not all… We also updated the user profile experience, so you can see all the roles assigned to a user—such as user, global administrator, or limited administrator. You can also add roles from a menu of roles not yet assigned—streamlining the role assignment process.
Assigning administrator roles in Azure Active Directory
to learn more.
List of a user’s assigned roles with the Add role button.
You can assign one or more privileged roles to a user. And you only see roles available to assign, not roles they already assigned.
List of available roles for selected user.
Back in the list of roles, you can jump directly to the new detailed description of the role or select the entire row to view the list of assigned members. Just click the
on the right side of each row.
List of members assigned to a role.
Support for privileged role administrators and global admins
If you are a privileged role administrator or global admin, you can easily add or remove members, as well as modify the filter to see only guest members or service principal objects. You can also select a row and go directly to a member’s directory roles profile page where you’ll see their active assigned roles. Privileged role administrators can manage both permanent and eligible assignments.
Support for Azure AD PIM
For folks who use Azure AD Privileged Identity Management (PIM) to limit standing admin access there is a dedicated link to a brand-new experience in those blades as well.
If your organization hasn’t enabled PIM, click the
Manage in PIM
button for information on what PIM can do to protect your administrators and
sign up for a trial
. If you’re not familiar with these terms or Azure AD PIM, we included information on the ways it keeps your admins safe here.
The Manage in PIM button provides information about Privileged Identity Management.