Assigning roles for Microsoft admin portals

Question

Hello,

We have some users who only require access to the following admin portals:

• https://security.microsoft.com/
• https://admin.microsoft.com/
• https://compliance.microsoft.com

I'm not particularly familiar with these portals and their access controls, but does anyone know if roles can be assigned per portal? I know that I can assign rights in Entra such as Global Reader or Security Reader, but they provide more access than necessary as we are using a Just-Enough-Access (JEA) model. Instead, I would prefer to give them some sort of reader roles that only grant access to these portals.

Answer 1

@Bombbe

Thank you for posting this in Microsoft Q&A.

As I understand you want to configure a roles in Azure AD with permission to access only below portals,

• https://security.microsoft.com/
• https://admin.microsoft.com/
• https://compliance.microsoft.com

You might have to configure custom role for this. And currently we do not have any specific permission listed for above portals access.

Under users we currently have few permissions defined as below,

However, you can submit request in below Azure feedback portal asking for listing permissions to specific portals.

https://feedback.azure.com/d365community/forum/22920db1-ad25-ec11-b6e6-000d3a4f0789

Let me know if you have any further questions on this.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Answer 2

With your requirements, the Azure Global Reader role is really the only one that makes sense.