Restrict roles and administrators right just for Microsoft Entra ID

Raymond Wong (ITSD) 20 Reputation points
2024-01-05T09:11:46.71+00:00

We have a automation account which is for read the user UPN for removing Entra ID users from application group, or to restrict them to use AVD.

We have assigned the Global Reader role for the account but it seems can read our administrators details and we do not want that happen. May I ask is there any fine tuning to adjust the role's right of the automation account such that it can only read the specified Entra ID user?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,149 questions
{count} votes

Accepted answer
  1. Andy David - MVP 152.1K Reputation points MVP
    2024-01-05T13:10:37.83+00:00

    If you are looking for a specific reader role, Directory Reader is prob preferred versus Global Reader. however the ability to read the directory wont prevent seeing account details. There is no permission that will allow you to just read an account's UPN.

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.