Home

Global Admin Tasks that require Global Admin (GA) Account Privilege in Microsoft Azure and Microsoft

%3CLINGO-SUB%20id%3D%22lingo-sub-298456%22%20slang%3D%22en-US%22%3EGlobal%20Admin%20Tasks%20that%20require%20Global%20Admin%20(GA)%20Account%20Privilege%20in%20Microsoft%20Azure%20and%20Microsoft%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-298456%22%20slang%3D%22en-US%22%3E%3CP%3EList%20each%20and%20every%20task%20for%20entire%20Office%20365%20and%20Azure%20Resources%20for%20which%20GLOBAL%20ADMIN%20Account%20is%20a%20must%20for%20example%3C%2FP%3E%3CP%3E1.%20To%20be%20able%20Enable%20%2F%20Disable%20Services%20%26amp%3B%20Addins%20(Office%20365%20ADmin%20Center)%20only%20GA%20can%20do%3C%2FP%3E%3CP%3E2.%20Running%20Exchange%20Hybrid%20setup%20only%20GA%20-%20Global%20Admin%20can%20do%3C%2FP%3E%3CP%3E3.%20Adding%20new%20subscriptions%20to%20Azure%3C%2FP%3E%3CP%3E4.%20Installation%20of%20AADConnect%20and%20Object%20Sync%20only%20GA%20-%20Global%20Admin%20can%20do%3C%2FP%3E%3CP%3E5.%20Security%20%26amp%3B%20Compliance%20-%20Retention%20policies%20under%20Data%20Governance%20only%20GA%20-%20Global%20Admin%20can%20do%3C%2FP%3E%3CP%3EI%20need%20the%20full%20List%20asap%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-298456%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EGlobal%20Admin%20Tasks%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-298661%22%20slang%3D%22en-US%22%3ERe%3A%20Global%20Admin%20Tasks%20that%20require%20Global%20Admin%20(GA)%20Account%20Privilege%20in%20Microsoft%20Azure%20and%20Micro%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-298661%22%20slang%3D%22en-US%22%3Eadd%20setup%20domains%20on%20the%20tenant%20etc...%20i%20mean%20the%20objective%20is%20to%20list%20the%20tasks%20that%20only%20Global%20Admin%20can%20perform%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-298659%22%20slang%3D%22en-US%22%3ERe%3A%20Global%20Admin%20Tasks%20that%20require%20Global%20Admin%20(GA)%20Account%20Privilege%20in%20Microsoft%20Azure%20and%20Micro%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-298659%22%20slang%3D%22en-US%22%3EHow%20to%20identify%20tasks%20not%20related%20to%20identity%20for%20example%20to%20how%20to%20know%20who%20can%20run%20exchange%20hyb%20setup%20wizard%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-298658%22%20slang%3D%22en-US%22%3ERe%3A%20Global%20Admin%20Tasks%20that%20require%20Global%20Admin%20(GA)%20Account%20Privilege%20in%20Microsoft%20Azure%20and%20Micro%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-298658%22%20slang%3D%22en-US%22%3E%3CP%3EYou%20forgot%20the%20magic%20word%3F%20This%20article%20lists%20every%20AAD%20related%20task%20and%20the%20minimum%20set%20of%20permissions%20you%20need%20for%20it%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fusers-groups-roles%2Froles-delegate-by-task%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fusers-groups-roles%2Froles-delegate-by-task%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Frequent Contributor

List each and every task for entire Office 365 and Azure Resources for which GLOBAL ADMIN Account is a must for example

1. To be able Enable / Disable Services & Addins (Office 365 ADmin Center) only GA can do

2. Running Exchange Hybrid setup only GA - Global Admin can do

3. Adding new subscriptions to Azure

4. Installation of AADConnect and Object Sync only GA - Global Admin can do

5. Security & Compliance - Retention policies under Data Governance only GA - Global Admin can do

I need the full List asap

3 Replies
Highlighted

You forgot the magic word? This article lists every AAD related task and the minimum set of permissions you need for it: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/roles-delegate-by-task

Highlighted
How to identify tasks not related to identity for example to how to know who can run exchange hyb setup wizard
Highlighted
add setup domains on the tenant etc... i mean the objective is to list the tasks that only Global Admin can perform