New Ways to Manage Azure AD roles and administrators

Do you know how many cloud applications are being accessed by your employees?
Are your employees sharing valuable information via emails and attachments?
Is Your Help Desk Inundated with Password Reset Requests Over and Over?
Get Started With A FREE Trial Get Started With A FREE Trial Request a Consultation Request a Consultation Download FREE MOBILE DEVICE SECURITY REPORT

As of today Microsoft has announced some brand new roles and administrator experience to help make managing and controlling user assignments much more easy. The new roles and administrators feature—which is now in preview—will provide you with a complete list and description of the built-in directory roles, a streamlined process to manage roles, and links to relevant documentation to help you utilize directory roles. Read this blog to see how you can manage Azure Ad with new roles and administrators.

Manage Azure ADManage Azure AD

Check out the overview of roles and the administrator experience:

Start by clicking Roles and administrators to display the complete list and a brief description of all the built-in directory roles—including the new delegated app management roles. You can also see your active Azure AD role assignment (if you have one) and can click Your role to access the list of your active assigned roles.

Many folks ask what the roles do. So that said, to help manage Azure AD roles, Microsoft added a hyper-detailed list of permissions granted to all members of the role.

In conjunction to role permission details, they have included links to relevant supporting documentation to help you best utilize directory roles. That’s not all… They have updated the user profile experience, so you can see all the roles assigned to a user—such as user, global administrator, or limited administrator. You can also add roles from a menu of roles not yet assigned—streamlining the role assignment process.

Read Assigning administrator roles in Azure Active Directory to learn more.

  • You can assign one or more privileged roles to a user. And you only see roles available to assign, not roles they already assigned.
  • Back in the list of roles, you can jump directly to the new detailed description of the role or select the entire row to view the list of assigned members. Just click the ellipsis on the right side of each row.

Introducing Support for privileged role administrators and global admins

And, if you are a privileged role administrator or global admin, you can now easily add or remove members, as well as modify the filter to see only guest members or service principal objects. You can also select a row and go directly to a member’s directory roles profile page where you’ll see their active assigned roles. Privileged role administrators can manage both permanent and eligible assignments.

Support for Azure AD PIM

For folks who use Azure AD Privileged Identity Management (PIM) to limit standing admin access there is a dedicated link to a brand-new experience in those blades as well.

If your organization hasn’t enabled PIM, click the Manage in PIM button for information on what PIM can do to protect your administrators and sign up for a trial. If you’re not familiar with these terms or Azure AD PIM,  included is information on the ways it keeps your admins safe here.

Please note, that Roles and administrators is currently in preview for Azure AD and other Microsoft online service roles like Exchange, Intune, CRM, and more.

For more information visit or email

(Visited 65 times, 1 visits today)