Azure Active Directory Global Reader role

Safeer khan · ‎Nov 25 2019

Microsoft introduced a new Azure AD built-in role called Global Reader. Global reader is the read-only counterpart to Global admin. Users in this role can read all settings and administrative information across Microsoft 365 services, but cannot edit anything. Please note that Global Reader is not supported in SharePoint Admin Center, Privileged Access Management (PAM), customer lockbox requests in M365 Admin Center and sensitivity labels in Security & Compliance Center

I found this role more suitable for someone who wants to audit your tenant and generate a quick report or some wants to review the logs or policies....... Except the sharepoint stufff...

Here is a quick sneak peak of what we can do in reality with this role.

oliwer_sundgren · ‎Nov 25 2019

@Safeer khan I agree, its a great role!

It can be very useful to set up with PIM/PAM and let your IT department for example troubleshoot authentication, ConditionalAccess, logs etc in Azure and then send their results and recommended action to a Global Admin that can then implement the changes

I think this role will make it possible to lower the number of Global Administrators in many customers tenants. And make those users Global Readers instead and just let a handfull of people keep using the Global Admin role

Safeer khan · ‎Dec 18 2019

@oliwer_sundgren Exactly, I have reduced so many access levels on tenants where there is no PIM-PAM to reader role. Its great feature to be honest.

Azure Active Directory Global Reader role

Azure Active Directory Global Reader role

Re: Azure Active Directory Global Reader role

Re: Azure Active Directory Global Reader role

Products (68)

Special Topics (42)

Video Hub (898)

Most Active Hubs

Most Active Hubs

Video Hub

Azure Active Directory Global Reader role

Azure Active Directory Global Reader role

Re: Azure Active Directory Global Reader role

Re: Azure Active Directory Global Reader role