Roles you can't manage in Privileged Identity Management
You can manage just-in-time assignments to all Microsoft Entra roles and all Azure roles using Privileged Identity Management (PIM) in Microsoft Entra ID. Azure roles include built-in and custom roles attached to your management groups, subscriptions, resource groups, and resources. However, there are few roles that you can't manage. This article describes the roles you can't manage in Privileged Identity Management.
Classic subscription administrator roles
You cannot manage the following classic subscription administrator roles in Privileged Identity Management:
- Account Administrator
- Service Administrator
- Co-Administrator
For more information about the classic subscription administrator roles, see Azure roles, Microsoft Entra roles, and classic subscription administrator roles.
What about Microsoft 365 admin roles?
We support all Microsoft 365 roles in the Microsoft Entra roles and Administrators portal experience, such as Exchange Administrator and SharePoint Administrator, but we don't support specific roles within Exchange RBAC or SharePoint RBAC. For more information about these Microsoft 365 services, see Microsoft 365 admin roles.
Note
For information about delays activating the Microsoft Entra Joined Device Local Administrator role, see How to manage the local administrators group on Microsoft Entra joined devices.
Next steps
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for