In den letzten Wochen und Monaten wurden für Microsoft 365 Dienste weitere Admin Rollen hinzugefügt.
Mit Admin Rollen lassen sich administrative Aufgaben für unterschiedliche Bereiche aufteilen, anstatt Accounts mehr Rechte zu geben als diese benötigen. Alle Admin Rollen listet Microsoft in der Hilfe. In der Hilfe sind ausserdem die IDs der Rollen gelistet. Beim Einsatz der Rollen mit PowerShell und Code sollten statt der Namen die IDs eingesetzt werden.
| Attack Payload Author | Users in this role can create attack payloads but not actually launch or schedule them. Attack payloads are then available to all administrators in the tenant who can use them to create a simulation. |
| Attack Simulation Administrator | Users in this role can create and manage all aspects of attack simulation creation, launch/scheduling of a simulation, and the review of simulation results. Members of this role have this access for all simulations in the tenant. |
| Authentication Policy Administrator | Users with this role can configure the authentication methods policy, tenant-wide MFA settings, and password protection policy. This role grants permission to manage Password Protection settings: smart lockout configurations and updating the custom banned passwords list. |
| Domain Name Administrator | Users with this role can manage (read, add, verify, update, and delete) domain names. They can also read directory information about users, groups, and applications, as these objects possess domain dependencies. For on-premises environments, users with this role can configure domain names for federation so that associated users are always authenticated on-premises. These users can then sign into Azure AD-based services with their on-premises passwords via single sign-on. Federation settings need to be synced via Azure AD Connect, so users also have permissions to manage Azure AD Connect. |
| Hybrid Identity Administrator | Users in this role can create, manage and deploy provisioning configuration setup from AD to Azure AD using Cloud Provisioning as well as manage federation settings. Users can also troubleshoot and monitor logs using this role. |
| Insights Administrator | Users in this role can access the full set of administrative capabilities in the M365 Insights application. This role has the ability to read directory information, monitor service health, file support tickets, and access the Insights admin settings aspects. |
| Insights Business Leader | Users in this role can access a set of dashboards and insights via the M365 Insights application. This includes full access to all dashboards and presented insights and data exploration functionality. Users in this role do not have access to product configuration settings, which is the responsibility of the Insights Admin role. |
| Network Administrator | Users in this role can review network perimeter architecture recommendations from Microsoft that are based on network telemetry from their user locations. Network performance for Microsoft 365 relies on careful enterprise customer network perimeter architecture which is generally user location specific. This role allows for editing of discovered user locations and configuration of network parameters for those locations to facilitate improved telemetry measurements and design recommendations. |
| Printer Administrator | Users in this role can register printers and manage all aspects of all printer configurations in the Microsoft Universal Print solution, including the Universal Print Connector settings. They can consent to all delegated print permission requests. Printer Administrators also have access to print reports. |
| Printer Technician | Users with this role can register printers and manage printer status in the Microsoft Universal Print solution. They can also read all connector information. Key task a Printer Technician cannot do is set user permissions on printers and sharing printers. |
| Teams Devices Administrator | Users with this role can manage Teams-certified devices from the Teams Admin Center. This role allows viewing all devices at single glance, with ability to search and filter devices. The user can check details of each device including logged-in account, make and model of the device. The user can change the settings on the device and update the software versions. This role does not grant permissions to check Teams activity and call quality of the device. |
| Usage Summary Reports Reader | Users with this role can access tenant level aggregated data and associated insights in Microsoft 365 Admin Center for Usage and Productivity Score but cannot access any user level details or insights. |
