SOLVED

What is minimum permission needed to add domains to organizational relationship?

%3CLINGO-SUB%20id%3D%22lingo-sub-1062559%22%20slang%3D%22en-US%22%3EWhat%20is%20minimum%20permission%20needed%20to%20add%20domains%20to%20organizational%20relationship%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1062559%22%20slang%3D%22en-US%22%3E%3CP%3EI'm%20working%20on%20setting%20least-privileges%20for%20tasks.%20In%20Azure%20AD-Organizational%20relationships%20-%20Settings%20what%20is%20the%20least%20priv%20I%20can%20allocate%20that%20allows%20staff%20to%20specify%20domains%20in%20the%20collaboration%20restrictions%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECurrently%20the%20person%20who%20does%20this%20is%20a%20Global%20Admin%20but%20I'm%20sure%20there%20must%20be%20lesser%20privilege%20that%20allows%20this%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1062559%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1063206%22%20slang%3D%22en-US%22%3ERe%3A%20What%20is%20minimum%20permission%20needed%20to%20add%20domains%20to%20organizational%20relationship%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1063206%22%20slang%3D%22en-US%22%3E%3CP%3EOnly%20GA%20can%20do%20that.%20You%20can%20find%20detailed%20role%20descriptions%20down%20to%20the%20individual%20scopes%20here%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fusers-groups-roles%2Fdirectory-assign-admin-roles%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fusers-groups-roles%2Fdirectory-assign-admin-roles%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

I'm working on setting least-privileges for tasks. In Azure AD-Organizational relationships - Settings what is the least priv I can allocate that allows staff to specify domains in the collaboration restrictions?

 

Currently the person who does this is a Global Admin but I'm sure there must be lesser privilege that allows this? 

1 Reply
best response confirmed by Calum_L1 (Occasional Contributor)
Solution

Only GA can do that. You can find detailed role descriptions down to the individual scopes here: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-assign-admin-ro...