Assigning roles for Microsoft admin portals

Bombbe 1,621 Reputation points
2023-11-22T10:49:01.4+00:00

Hello,

We have some users who only require access to the following admin portals:

I'm not particularly familiar with these portals and their access controls, but does anyone know if roles can be assigned per portal? I know that I can assign rights in Entra such as Global Reader or Security Reader, but they provide more access than necessary as we are using a Just-Enough-Access (JEA) model. Instead, I would prefer to give them some sort of reader roles that only grant access to these portals.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,568 questions
0 comments No comments
{count} votes

Accepted answer
  1. Sandeep G-MSFT 16,691 Reputation points Microsoft Employee
    2023-11-22T12:28:15.1166667+00:00

    @Bombbe

    Thank you for posting this in Microsoft Q&A.

    As I understand you want to configure a roles in Azure AD with permission to access only below portals,

    You might have to configure custom role for this. And currently we do not have any specific permission listed for above portals access.

    Under users we currently have few permissions defined as below,

    User's image

    However, you can submit request in below Azure feedback portal asking for listing permissions to specific portals.

    https://feedback.azure.com/d365community/forum/22920db1-ad25-ec11-b6e6-000d3a4f0789

    Let me know if you have any further questions on this.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Andy David - MVP 145.1K Reputation points MVP
    2023-11-22T12:29:12.6333333+00:00

    With your requirements, the Azure Global Reader role is really the only one that makes sense.

    0 comments No comments