Creating a custom role based on a built in role

David - 10 Reputation points
2023-03-23T16:37:06.6566667+00:00

I am currently using a trial Office 365 azure account to try out some role changes before they are deployed to our live Azure AD. I want to set up a custom role based on the built in Teams Administrator role which I can then assign to a group containing an application service principal. However when I create a custom role through the portal most of the permissions for the Teams Administrator are not listed (e.g. microsoft.directory/organization/standard/read).

Is there another way I should be creating the role? I have tried connecting to Azure through powershell but as this is a trial system, there is no azure subscription and the connection fails.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,382 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Carlos Solís Salazar 16,351 Reputation points
    2023-03-23T17:34:19.3866667+00:00

    Hi David -

    Thank you for asking this question on the Microsoft Q&A Platform.

    To create a custom role, you must have the following Prerequisites:

    • Azure AD Premium P1 or P2 license (Do you have either of this licenses)
    • Privileged Role Administrator or Global Administrator
    • AzureADPreview module when using PowerShell
    • Admin consent when using Graph explorer for Microsoft Graph API

    More info: https://learn.microsoft.com/en-us/azure/active-directory/roles/custom-create

    Hope this helps!

    ---------- Accept Answer and Upvote, if any of the above helped, this thread can help others in the community looking for remediation for similar issues.

    NOTE: To answer you as quickly as possible, please mention me in your reply.

    0 comments