cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Azure Active Directory Global Reader role

%3CLINGO-SUB%20id%3D%22lingo-sub-1029945%22%20slang%3D%22en-US%22%3EAzure%20Active%20Directory%20Global%20Reader%20role%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1029945%22%20slang%3D%22en-US%22%3E%3CDIV%20class%3D%22jwLWP%20_2hXa7%20_3OM4E%20blog-post-text-font%20blog-post-text-color%22%3E%3CDIV%20class%3D%22public-DraftStyleDefault-block%20public-DraftStyleDefault-ltr%22%3E%3CSPAN%3EMicrosoft%20introduced%20a%20new%20Azure%20AD%20built-in%20role%20called%20Global%20Reader.%20Global%20reader%20is%20the%20read-only%20counterpart%20to%20Global%20admin.%20Users%20in%20this%20role%20can%20read%20all%20settings%20and%20administrative%20information%20across%20Microsoft%20365%20services%2C%20but%20cannot%20edit%20anything.%20Please%20note%20that%20Global%20Reader%20is%20not%20supported%20in%20SharePoint%20Admin%20Center%2C%20Privileged%20Access%20Management%20(PAM)%2C%20customer%20lockbox%20requests%20in%20M365%20Admin%20Center%20and%20sensitivity%20labels%20in%20Security%20%26amp%3B%20Compliance%20Center%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22jwLWP%20_2hXa7%20_3OM4E%20blog-post-text-font%20blog-post-text-color%22%3E%3CDIV%20class%3D%22public-DraftStyleDefault-block%20public-DraftStyleDefault-ltr%22%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22jwLWP%20_2hXa7%20_3OM4E%20blog-post-text-font%20blog-post-text-color%22%3E%3CDIV%20class%3D%22public-DraftStyleDefault-block%20public-DraftStyleDefault-ltr%22%3E%3CSPAN%3EI%20found%20this%20role%20more%20suitable%20for%20someone%20who%20wants%20to%20audit%20your%20tenant%20and%20generate%20a%20quick%20report%20or%20some%20wants%20to%20review%20the%20logs%20or%20policies.......%20Except%20the%20sharepoint%20stufff...%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22jwLWP%20_2hXa7%20_3OM4E%20blog-post-text-font%20blog-post-text-color%22%3E%3CDIV%20class%3D%22public-DraftStyleDefault-block%20public-DraftStyleDefault-ltr%22%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22jwLWP%20_2hXa7%20_3OM4E%20blog-post-text-font%20blog-post-text-color%22%3E%3CDIV%20class%3D%22public-DraftStyleDefault-block%20public-DraftStyleDefault-ltr%22%3E%3CSPAN%3EHere%20is%20a%20quick%20sneak%20peak%20of%20what%20we%20can%20do%20in%20reality%20with%20this%20role.%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22jwLWP%20_2hXa7%20_3OM4E%20blog-post-text-font%20blog-post-text-color%22%3E%3CDIV%20class%3D%22public-DraftStyleDefault-block%20public-DraftStyleDefault-ltr%22%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22jwLWP%20_2hXa7%20_3OM4E%20blog-post-text-font%20blog-post-text-color%22%3E%3CDIV%20class%3D%22public-DraftStyleDefault-block%20public-DraftStyleDefault-ltr%22%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22jwLWP%20_2hXa7%20_3OM4E%20blog-post-text-font%20blog-post-text-color%22%3E%3CDIV%20class%3D%22public-DraftStyleDefault-block%20public-DraftStyleDefault-ltr%22%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22jwLWP%20_2hXa7%20_3OM4E%20blog-post-text-font%20blog-post-text-color%22%3E%3CDIV%20class%3D%22public-DraftStyleDefault-block%20public-DraftStyleDefault-ltr%22%3E%3CSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F158742i32C0DAE6F064F12E%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%221-Global%20Reader%20ROle.JPG%22%20title%3D%221-Global%20Reader%20ROle.JPG%22%20%2F%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F158746iBA073F3F446F5B17%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%222-dashboard.JPG%22%20title%3D%222-dashboard.JPG%22%20%2F%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F158747i39D03E3EF97BEE5B%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%223-AzureAD.JPG%22%20title%3D%223-AzureAD.JPG%22%20%2F%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F158745i2C7065107196D78D%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%224-AzureAD.JPG%22%20title%3D%224-AzureAD.JPG%22%20%2F%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F158743i04F15FD5523FCC38%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%225-Teamse.JPG%22%20title%3D%225-Teamse.JPG%22%20%2F%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F158744i7A2A6D57EF4B3671%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22ComplianceDashboard.JPG%22%20title%3D%22ComplianceDashboard.JPG%22%20%2F%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F158748i342A43BE314FBDFD%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22ComplianceScore.JPG%22%20title%3D%22ComplianceScore.JPG%22%20%2F%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F158750i8CE3893AC0F9B7EE%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22DeviceManagement.JPG%22%20title%3D%22DeviceManagement.JPG%22%20%2F%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F158749iA81CF352A7D524A8%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22DeviceManagement2.JPG%22%20title%3D%22DeviceManagement2.JPG%22%20%2F%3E%3C%2FSPAN%3E%3CP%3E%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%3C%2FP%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1029945%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EMicrosoft%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1030181%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Active%20Directory%20Global%20Reader%20role%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1030181%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F133392%22%20target%3D%22_blank%22%3E%40Safeer%20khan%3C%2FA%3E%26nbsp%3BI%20agree%2C%20its%20a%20great%20role!%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3EIt%20can%20be%20very%20useful%20to%20set%20up%20with%20PIM%2FPAM%20and%20let%20your%20IT%20department%20for%20example%20troubleshoot%20authentication%2C%20ConditionalAccess%2C%20logs%20etc%20in%20Azure%20and%20then%20send%20their%20results%20and%20recommended%20action%20to%20a%20Global%20Admin%20that%20can%20then%20implement%20the%20changes%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20think%20this%20role%20will%20make%20it%20possible%20to%20lower%20the%20number%20of%20Global%20Administrators%20in%20many%20customers%20tenants.%20And%20make%20those%20users%20Global%20Readers%20instead%20and%20just%20let%20a%20handfull%20of%20people%20keep%20using%20the%20Global%20Admin%20role%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1072756%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Active%20Directory%20Global%20Reader%20role%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1072756%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F345947%22%20target%3D%22_blank%22%3E%40oliwer_sjoberg%3C%2FA%3E%26nbsp%3B%26nbsp%3B%20Exactly%2C%20I%20have%20reduced%20so%20many%20access%20levels%20on%20tenants%20where%20there%20is%20no%20PIM-PAM%20to%20reader%20role.%20%26nbsp%3B%20%26nbsp%3B%20Its%20great%20feature%20to%20be%20honest.%20%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Safeer khan
Occasional Contributor

‎11-25-2019 02:32 AM

‎11-25-2019 02:32 AM

Azure Active Directory Global Reader role

Microsoft introduced a new Azure AD built-in role called Global Reader. Global reader is the read-only counterpart to Global admin. Users in this role can read all settings and administrative information across Microsoft 365 services, but cannot edit anything. Please note that Global Reader is not supported in SharePoint Admin Center, Privileged Access Management (PAM), customer lockbox requests in M365 Admin Center and sensitivity labels in Security & Compliance Center
 
I found this role more suitable for someone who wants to audit your tenant and generate a quick report or some wants to review the logs or policies....... Except the sharepoint stufff...
 
Here is a quick sneak peak of what we can do in reality with this role.
 
 
 
 1-Global Reader ROle.JPG2-dashboard.JPG3-AzureAD.JPG4-AzureAD.JPG5-Teamse.JPGComplianceDashboard.JPGComplianceScore.JPGDeviceManagement.JPGDeviceManagement2.JPG

         

Labels:
2,518 Views
0 Likes
2 Replies
Reply
2 Replies
oliwer_sjoberg

‎11-25-2019 04:23 AM

‎11-25-2019 04:23 AM

Re: Azure Active Directory Global Reader role

@Safeer khan I agree, its a great role! 

It can be very useful to set up with PIM/PAM and let your IT department for example troubleshoot authentication, ConditionalAccess, logs etc in Azure and then send their results and recommended action to a Global Admin that can then implement the changes 

 

I think this role will make it possible to lower the number of Global Administrators in many customers tenants. And make those users Global Readers instead and just let a handfull of people keep using the Global Admin role 

 

 

0 Likes
Reply
Safeer khan

‎12-18-2019 12:05 PM

‎12-18-2019 12:05 PM

Re: Azure Active Directory Global Reader role

@oliwer_sjoberg   Exactly, I have reduced so many access levels on tenants where there is no PIM-PAM to reader role.     Its great feature to be honest.  

1 Like
Reply