Secure environment maker and basic user security roles by making them non-customizable


Some of the functionality described in this release plan has not been released. Delivery timelines may change and projected functionality may not be released (see Microsoft policy). Learn more: What's new and planned

Enabled for Public preview General availability
Admins, makers, marketers, or analysts, automatically - Mar 2023

Business value

To maintain SLA and a consistent user experience, makers and users can always make and run applications, respectively, using the system-provided security roles of environment maker and basic user. This SLA can only be maintained when these roles are protected from being updated.

Feature details

The environment maker and basic user security roles are managed and shipped by the platform and are marked as non-updateable. These security roles are maintained by Microsoft services and privileges are continuously updated by them to run their services smoothly. Local admins can view the list of privileges of these security roles from the admin role form, but they can't update the privileges. Admins can continue to copy these privileges to another role. but they can't update the role.