Enforce least privilege for Entra ID company branding with the new organizational branding role
Published Apr 18 2024 09:00 AM 5,965 Views

Hello friends,   


Im pleased to announce General Availability (GA) of the organizational branding role for Microsoft Entra ID company branding. 


This new role is part of our ongoing efforts to implement Zero Trust network access by enforcing the principle of least privilege for users when customizing their authentication user experience (UX) via Entra ID company branding. 


Previously, users wanting to configure Entra ID company branding required the Global Admin role. This role, though, has sweeping privileges beyond what’s necessary for configuring Entra ID company branding.  


The new organizational branding role limits its privileges to the configuration of Entra ID company branding, significantly improving security and reducing the attack surface associated with its configuration. 


To assign the role to a user, follow these steps: 


1. Log on to Microsoft Entra ID and select Users. 





2. Select and open the user to assign the organizational branding role. 





3. Select Assigned roles and then Add assignments.  





4. Select the Organizational Branding Administrator role and assign it to the user. 




Once the settings are applied, the user will be able to configure the authentication UX via Entra ID Company Branding.  


Learn more about how to configure your company branding and create a consistent sign-in experience for your users.


James Mantu 

Sr. Product Manager, Microsoft identity  

LinkedIn: jamesmantu | LinkedIn 



Learn more about Microsoft Entra: 

Version history
Last update:
‎Apr 22 2024 06:26 AM
Updated by: