Provide a user with read only access to Entra ID Connect / Azure AD Connect configuration

Jon Kilner 66 Reputation points
2024-06-18T08:05:00.2166667+00:00

I have a requirement to provide a user account with ongoing read only access to the configuration of Entra ID Connect.

Is this possible and if so, what permissions/roles are required to only view the configuration of Entra ID Connect?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,944 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Dan Rios 2,005 Reputation points MVP
    2024-06-18T09:23:37.82+00:00

    Hi there,

    There's no built-in role for this, and I am not aware of a custom role you could create for this either (source: https://www.azadvertizer.net/azentraidroleactions/microsoft.directory_directorysync_allproperties_alltasks.html).

    The only specific custom role related to Entra Connect allows write actions so this is not a solution.

    By default everyone can 'read' Entra, unless you've changed that then the built-in RBAC role 'Directory Readers' will allow the user to view 'Entra Connect' configuration as read-only, but also all of Microsoft Entra.

    https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/permissions-reference?directory-readers

    Hope this answers your question. If it does, please mark as accepted.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.