Child pages
  • AAD role fulfillment (appropriate account types and change practices) copy--original lives in 644- MI internal docs)

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

DisplayNameRole (object) IDGroupAccount TypesAlso Known AsNotes
AdHoc License Administratore16ba35f-f77e-495c-b104-5e11912f4f75
n/a
no-longer-exists
Application Administrator6a6e5507-110c-4ffa-bbba-4785ad42e726u_msinf_aad_role_applicationadministratorsadm or service principal

Company Administratorc440139e-fbc0-4185-a54d-3578d3d4e6a5u_msinf_aad_role_companyadministratortadm (aad-only) or service principalGlobal Administrator
Compliance Administratoref8a2142-85a4-4108-8da6-5f84d77cd0b9u_msinf_aad_role_complianceadministratortadm (aad-only) or service principal
Scope appears to be broader than Office 365
CRM Service Administratorb9529330-f865-448c-bc9b-946ecbf75e80u_msinf_aad_role_crmserviceadministratorsadm or service principalDynamics 365 Administrator
Customer LockBox Access Approver4ad332ea-d40e-4c0b-bfd1-6c5ed8647502u_msinf_aad_role_customerlockboxaccessapproversadm or service principal
Not yet configured in AAD
Device Administratorsd2c6f8b3-7e5e-45ef-b1e8-259769c32875u_msinf_aad_role_deviceadministratorswadm or service principal
Do not use until AUs can be configured to limit scope
Device Managersd7a23f90-9983-4045-b2ac-b1005a678793do-not-usen/a
MS says do not use
Directory Readers86ab3142-3fa5-44cf-b471-dddfab7982c1u_msinf_aad_role_directoryreadersservice principals + other types if approved

Directory Synchronization Accountsb01de07a-46da-4e8d-ac3b-4ca3b5f3769du_msinf_aad_role_directorysynchronizationaccountsservice principals + other types if approved

Directory Writers1265d2be-1032-4030-ab32-93650cab8470u_msinf_aad_role_directorywritersservice principals + other types if approved

Email Verified User Creatorcba0c5c4-4bbc-417b-b87d-d91d1c69a169
n/a
no-longer-exists
Exchange Service Administrator5bb96ffb-025c-4ecf-bf79-a3c8dbd2fcecu_msinf_aad_role_exchangeserviceadministratorsadm or service principal

Helpdesk Administratordf84cb34-bc2a-4846-a430-a867aeb18f83u_msinf_aad_role_helpdeskadministratorsadm or service principal

Lync Service Administratorddfa53cf-9425-4fbb-9023-a06a4f9fe245u_msinf_aad_role_lyncserviceadministratorsadm or service principalSkype for Business Administrator
Message Center Reader16256d23-f72c-4bfd-aab0-4230191763a9u_msinf_aad_role_messagecenterreaderany account type

Power BI Service Administrator2691b48d-2961-400d-bb04-62ffac74bcd5u_msinf_aad_role_powerbiserviceadministratorsadm or service principal

Reports Reader0d5c12b4-2210-4230-a54d-06620dc703c6u_msinf_aad_role_reportsreadersadm or service principal

Security Reader9a743770-1903-4d22-b198-5618fd122dd8u_msinf_aad_role_securityreadersadm or service principal

Service Support Administratore00fda93-d126-46b1-8f12-dcc11e244fc5u_msinf_aad_role_servicesupportadministratorany account typeService Administrator
SharePoint Service Administratord0fd8c95-db70-49a8-88d8-ae104a5d100au_msinf_aad_role_sharepointserviceadministratorsadm or service principalSharePoint Administrator
Teams Service Administrator988d7937-b555-4f50-8b3a-603d295b782fu_msinf_aad_role_teamsserviceadministratorsadm or service principal

User Account Administrator75633034-ad7f-48f4-8f57-6a7940f423bbu_msinf_aad_role_useraccountadministratorsadm or service principalUser Administrator

...