Administrative roles and groups

Erin Scupham · ‎Jul 18 2018

Are there certain administrator roles in Azure AD or Office 365 that have to be assigned to an individual as opposed to a security group? I've found we can add a security group as a member to a role in Intune, such as Help Desk Administrator, but if I try to assign a security group as a member to the Security Reader role in Azure it doesn't let me.

Vasil Michev · ‎Jul 19 2018

That's specific to the application. None of the Office 365 roles support group assignment. Some of the workload-specific roles do however (intune as you pointed out, Exchange, etc), as do some of the Azure AD roles. As a general rule of thumb, assume they don't support group assignments...

Erin Scupham · ‎Jul 19 2018

I need an automated way to review who has elevated access in O365. We have on-prem security groups that are tied into a review process, but it makes it difficult when we can't use groups for some O365 roles. We don't have E5. Any suggestions to do this?

Vasil Michev · ‎Jul 20 2018

You can easily report on admin role membership via PowerShell. Or you can use Azure AD Privileged Identity Management.

Erin Scupham · ‎Jul 23 2018

Is there one script though to export a list of all admin roles and memberships?

Erin Scupham · ‎Jul 23 2018

This script by Paul is a good starting point: https://practical365.com/security/reporting-office-365-admin-role-group-members/

Administrative roles and groups

Administrative roles and groups

Re: Administrative roles and groups

Re: Administrative roles and groups

Re: Administrative roles and groups

Re: Administrative roles and groups

Re: Administrative roles and groups

Products (64)

Special Topics (44)

Video Hub (976)

Most Active Hubs

Most Active Hubs

Video Hub

Administrative roles and groups