|
| 1 | +--- |
| 2 | +layout: page |
| 3 | +title: 'Microsoft 365: compare admin role permissions' |
| 4 | +image: 'https://unsplash.com/s/photos/random' |
| 5 | +hero_image: '/img/IMG_20220521_140146.jpg' |
| 6 | +show_sidebar: false |
| 7 | +hero_height: is-small |
| 8 | +date: '2024-11-09' |
| 9 | +--- |
| 10 | + |
| 11 | + |
| 12 | +In Microsoft 365 admin you can now compare various admin roles and select the one with minimum privilege for your admin accounts.v The comparison lists detailed permissions of each role, which could be useful for Compliance or ISO Documentation. |
| 13 | + |
| 14 | + |
| 15 | + |
| 16 | + |
| 17 | + |
| 18 | + |
| 19 | + |
| 20 | + |
| 21 | +| Permissions | Security Administrator | Security Operator | Security Reader | |
| 22 | +|---------------------------------------------------------------------------------------------------------------------------------|------------------------|-------------------|-----------------| |
| 23 | +| Read all properties on sign-in reports, including privileged properties | ✔ | ✔ | ✔ | |
| 24 | +| Read all properties of provisioning logs | ✔ | ✔ | ✔ | |
| 25 | +| Read all resources in Privileged Identity Management | ✔ | ✔ | ✔ | |
| 26 | +| Read standard properties of authorization policies | ✔ | ✔ | ✔ | |
| 27 | +| Read all properties on audit logs, including privileged properties | ✔ | ✔ | ✔ | |
| 28 | +| Read basic properties on all resources in the Microsoft 365 admin center | ✔ | | ✔ | |
| 29 | +| Create and manage service requests in the Microsoft 365 admin center | ✔ | ✔ | | |
| 30 | +| Read and configure Service Health in the Microsoft 365 admin center | ✔ | | ✔ | |
| 31 | +| Read Attack simulator reports in the Microsoft 365 Security center | ✔ | | | |
| 32 | +| Read standard properties of all resources in the Security & Compliance center | ✔ | | | |
| 33 | +| Read basic properties of custom rules that define network locations | ✔ | | | |
| 34 | +| microsoft.directory/multiTenantOrganization/tenants/standard/read | ✔ | | | |
| 35 | +| microsoft.directory/multiTenantOrganization/tenants/organizationDetails/read | ✔ | | | |
| 36 | +| microsoft.directory/multiTenantOrganization/standard/read | ✔ | | | |
| 37 | +| microsoft.directory/multiTenantOrganization/joinRequest/standard/read | ✔ | | | |
| 38 | +| Read all resources in Microsoft Entra ID Protection | ✔ | | | |
| 39 | +| Read all properties in entitlement management in Microsoft Entra ID | ✔ | | | |
| 40 | +| Read standard properties of federation configuration for domains | ✔ | | | |
| 41 | +| Read all properties of the backed up local administrator account credentials for Microsoft Entra ID joined devices, except the password | ✔ | | | |
| 42 | +| microsoft.directory/crossTenantAccessPolicy/partners/templates/multiTenantOrganizationPartnerConfiguration/standard/read | ✔ | | | |
| 43 | +| microsoft.directory/crossTenantAccessPolicy/partners/templates/multiTenantOrganizationIdentitySynchronization/standard/read | ✔ | | | |
| 44 | +| Read conditional access for policies | ✔ | | | |
| 45 | +| Read the "applied to" property for conditional access policies | ✔ | | | |
| 46 | +| Read the owners of conditional access policies | ✔ | | | |
| 47 | +| Read BitLocker keys | ✔ | | | |
| 48 | +| Create and manage support tickets in the Microsoft Entra admin center | ✔ | ✔ | | |
| 49 | +| Read and configure service health in the Microsoft Entra admin center | ✔ | | | |
| 50 | +| Read all properties of attack simulation templates in Attack Simulator | | | ✔ | |
| 51 | +| Read all properties of attack payloads in Attack Simulator | | | ✔ | |
| 52 | +| microsoft.networkAccess/allEntities/allProperties/read | | | ✔ | |
| 53 | +| Read basic properties on policies | | | ✔ | |
| 54 | +| Read the "applied to" property for policies | | | ✔ | |
| 55 | +| Read owners of policies | | | ✔ | |
| 56 | +| Read all properties of access reviews of all reviewable resources in Microsoft Entra ID | | | ✔ | |
| 57 | +| Manage all aspects of Microsoft Defender Advanced Threat Protection | | ✔ | | |
0 commit comments