Share via

Microsoft Entra - Custom Roles and Administrators

Anonymous
2024-11-27T21:37:05+00:00

Is it possible to create a custom (least privileged) admin role in Microsoft Entra for the SharePoint Admin Center? In short, I'd like to create a new custom 'SharePoint Administrator (Least Privilege)' role which limits assigned Technology users from seeing AND accessing the following SharePoint Admin Center areas:

  • Containers
  • Policies
  • Settings
  • Content services
  • Migrations
  • Reports
  • Advanced settings
  • More features

Any feedback or guidance would be appreciated.

Microsoft 365 and Office | SharePoint | For business | Other

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

Answer accepted by question author

Anonymous
2024-12-13T06:33:29+00:00

Dear Dontae,

Yes, you are right. We are glad to hear that you got the answer.

As a summary, I'd like to provide the following additional information for our reference.

In the SharePoint admin roles in Microsoft Entra, you can see several SharePoint related roles in the default permissions such as Create and manage OneDrive protection policy in Microsoft 365 Backup, Manage all restore points associated with selected SharePoint sites in Microsoft 365 Backup and so on.

On the custom roles page in Microsoft Entra, very limited permissions can be selected and deployed. All are about the actions in Microsoft Entra such as Create application policies, Update audience on single-directory applications and so on. No SharePoint Online and OneDrive for Business related permissions can be selected.

So it is not possible to create the custom role with selective SharePoint administrator role permissions in Microsoft Entra.

If it is convenient, please also send your feedback as follows as it may benefit the community process.

![Image](https://learn-attachment.microsoft.com/api/attachments/974db0b7-94b8-41e6-98a0-665778d3aa15?platform=QnA

Was this answer helpful?

1 person found this answer helpful.
0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-12-02T13:33:15+00:00

    Hello Mia Zhao,

    Thank you for the outreach and shared information. Unfortunately, I tasked these very steps before submitting this community questions as didn't seem it was an available option within Entra AC. I contacted MS Support today and they have confirmed "For now, this is not possible as the custom roles available only allows custom role that limits access within the Microsoft Entra ID portal."

    Was this answer helpful?

    0 comments
  2. Anonymous
    2024-11-28T03:00:17+00:00

    Hi Dontae Jones,

    As per the description, it seems like you want to create a custom least privileged admin role in Microsoft Entra for the SharePoint Admin Center. From my search, to create a custom 'SharePoint Administrator (Least Privilege)' role, you can follow these general steps:

    1. Sign in to the Microsoft Entra admin center as at least a Privileged Role Administrator.
    2. Navigate to Identity > Roles & admins > Roles & admins.
    3. Select New custom role.
    4. On the Basics tab, provide a name and description for the role.
    5. Define the permissions for the role, ensuring that you exclude access to the areas you mentioned (Containers, Policies, Settings, Content services, Migrations, Reports, Advanced settings, More features).
    6. Assign the custom role to the appropriate users.

    However, since community moderators here mainly focus on out-of-box features in SharePoint Online, I may have limited support experience on Microsoft Entra ID environment, so if the above steps failed to meet your demand, please post in the related: Microsoft Entra ID (Azure AD) | Microsoft Community Hub to get the further guide from Entra ID engineers there who have developed support resources on such requirement. Meanwhile, I will keep your thread open to welcome other users share their suggestions for you.

    Some reference may help you achieve this:

    Least privileged roles by task - Microsoft Entra ID

    Assign or list Microsoft Entra roles with administrative unit scope - Microsoft Entra ID | Microsoft Learn

    Create custom roles in Microsoft Entra role-based access control - Microsoft Entra ID | Microsoft Learn

    Please correct me if I made any misunderstanding or if there have anything else I can do for you.

    Your patience is highly appreciated. Hope you a nice day and stay safe!

    Best Regards,

    Mia

    Was this answer helpful?

    0 comments