Share via

How to grant acces only Directory sync status

Ádám Gulyás 25 Reputation points
2025-02-13T10:15:07.0566667+00:00

Hi there!

I need exact permission that add acces only for "Directory sync status". In our organization some IT admin has only "User admin" role and in this case they cannot see the synchronisation status with on-prem AD but they need for their job.

I tried create some custom roles, but none of the options worked.

Thanks in advance for your help!

Best regards

Adam

Microsoft Security | Microsoft Entra | Microsoft Entra ID

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Harshitha Eligeti 4,380 Reputation points Microsoft External Staff Moderator
    2025-02-14T10:27:06.8466667+00:00

    Hello @Ádám Gulyás
    Thank you for Reaching Out Microsoft Q&A platform.
    I understand that in your organization some IT admin has only "User admin" role and in that case, they cannot see the synchronization status with on-prem AD.
    The "Hybrid Identity Administrator" role could indeed grant the necessary access to manage and view directory synchronization.
    The Hybrid Identity Administrator role is specifically designed for managing and viewing Azure AD Connect synchronization status and related tasks. It grants permissions to manage Azure AD Connect, monitor synchronization status, and handle hybrid identity configurations. This role is more appropriate for the specific use case of granting IT admins access to sync status

    For additional information refer this document: https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/permissions-reference#hybrid-identity-administrator
    As mentioned, when creating custom roles, the permissions associated with privileged roles cannot be customized.

    Hope this helps. Do let us know if you any further queries.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.