Azure AD adds new admin roles to make administering security a bit easier

Kareem Anderson

Microsoft has been on a roll as of late with releasing updates and adding new features to several of its platform services and applications. Azure AD continues that trend with news revealing three new administrative roles coming to the platform to enable better accountability.

The new update to Azure AD enables three new security types called, Privilege Role Administrator, Security Administrator and Security Reader.

Azure AD security protections
Azure AD security protections

Security roles in Azure AD Identity Protection include:

  • A user in the new role Security Reader can view reports and settings in Azure AD Identity Protection. This role is ideal for a security analyst who investigates issues but doesn’t necessarily take any action themselves.
  • A user in the new role Security Administrator can view reports and manage settings in Azure AD Identity Protection. Unlike global administrators, a security administrator can’t reset users’ passwords in Azure AD Identity Protection.

Security roles in Privilege Identity Management include:

  • A user in the new role Privileged Role Administrator can manage settings and role assignments in Azure AD PIM, and view the Azure AD PIM audit history.
  • A user in the any of the Global Administrator, Security Administrator or Security Reader roles can view settings, role assignments, and the Azure AD PIM audit history.

Visiting the Microsoft’s Enterprise Mobility and Security Blog will also walk some IT Pros through assigning these new roles as well as how to establish predefined time periods as to when they can be accessed.

For those interested, head over to the blog for more information.