Azure mfa6/6/2023 ![]() Commonly used to grant directory read access to applications and guests.Ĭan read and write basic directory information. ![]() Limited access to manage devices in Azure AD.Ĭan read and manage compliance configuration and reports in Azure AD and Microsoft 365.Ĭan manage Conditional Access capabilities.Ĭan approve Microsoft support requests to access customer organizational data.Ĭan access and manage Desktop management tools and services.Ĭan read basic directory information. Users assigned to this role are added to the local administrators group on Azure AD-joined devices.Ĭan manage Azure DevOps policies and settings.Īzure Information Protection AdministratorĬan manage all aspects of the Azure Information Protection product.Ĭan manage secrets for federation and encryption in the Identity Experience Framework (IEF).Ĭan create and manage trust framework policies in the Identity Experience Framework (IEF).Ĭan perform common billing related tasks like updating payment information.Ĭan manage all aspects of the Defender for Cloud Apps product.Ĭan create and manage all aspects of app registrations and enterprise apps except App Proxy. Read the definition of custom security attributes.Ĭan access to view, set and reset authentication method information for any non-admin user.Ĭan create and manage the authentication methods policy, tenant-wide MFA settings, password protection policy, and verifiable credentials.Īzure AD Joined Device Local Administrator Read custom security attribute keys and values for supported Azure AD objects.ĭefine and manage the definition of custom security attributes. Can create and manage all aspects of app registrations and enterprise apps.Ĭan create application registrations independent of the 'Users can register applications' setting.Ĭan create attack payloads that an administrator can initiate later.Ĭan create and manage all aspects of attack simulation campaigns.Īssign custom security attribute keys and values to supported Azure AD objects.
0 Comments
Leave a Reply. |