Azure AD / Microsoft 365 / Microsoft Graph – 10 Azure AD roles are getting renamed – Important update :)
Azure / Microsoft 365 / Microsoft Graph - Azure AD Roles - Existing role names and proposed new role names
Hi All,
LIFE IS BEAUTIFUL 🙂 I hope we all are safe 🙂 STAY SAFE, STAY HEALTHY, STAY HOME 🙂
Today small but very important update regarding renaming of Azure AD roles. This is high importance message in message center – https://admin.microsoft.com/AdminPortal/Home#/MessageCenter so thought to share 🙂
Take away from this article: At the end of this article we got to know What consequences this change will have
- Which are the 10 Azure AD roles are getting updated.
- What consequences will this change have
- Best practice while using roles display name either in Script or Code
Background :
- Some of the Azure AD roles appears differently in Azure AD Portal – https://portal.azure.com/ , in Microsoft 365 admin center – https://admin.microsoft.com/AdminPortal/Home#/ and in Microsoft Graph – https://developer.microsoft.com/graph/
- This is the problem when we automate any process and using these roles. Like either PowerShell script or any either Azure web job or application using CSOM
- Also this is bit difficult for respective Admin to remember this kind of inconsistent names and creates more confusion
- To avoid this consistency 10 Azure AD roles are getting changed
- Following are the roles which are getting updated
Roll-out finalization :
- This change roll-out will be finalized by Early Oct 2020
- Once this roll-out is in place, we will these updated Azure AD names in the Microsoft 365 admin center, Azure AD portal, and Microsoft Graph API
Best practice while using roles display name either in Script or Code :
- We should not use roles name in our automated process if any. May be in PowerShell script or any demon job or in any code.
- We should always use template IDs for Azure AD built in roles.
- Following is the list of Azure AD role display names and template IDs
Role template IDs
Role template IDs are used mainly by the Microsoft Graph API or PowerShell users.
| Graph display Name | Azure portal display name | directory Role Template Id |
|---|---|---|
| Application Administrator | Application administrator | 9B895D92-2CD3-44C7-9D02-A6AC2D5EA5C3 |
| Application Developer | Application developer | CF1C38E5-3621-4004-A7CB-879624DCED7C |
| Authentication Administrator | Authentication administrator | c4e39bd9-1100-46d3-8c65-fb160da0071f |
| Azure DevOps Administrator | Azure DevOps administrator | e3973bdf-4987-49ae-837a-ba8e231c7286 |
| Azure Information Protection Administrator | Azure Information Protection administrator | 7495fdc4-34c4-4d15-a289-98788ce399fd |
| B2C IEF Keyset Administrator | B2C IEF Keyset Administrator | aaf43236-0c0d-4d5f-883a-6955382ac081 |
| B2C IEF Policy Administrator | B2C IEF Policy Administrator | 3edaf663-341e-4475-9f94-5c398ef6c070 |
| Billing Administrator | Billing administrator | b0f54661-2d74-4c50-afa3-1ec803f12efe |
| Cloud Application Administrator | Cloud application administrator | 158c047a-c907-4556-b7ef-446551a6b5f7 |
| Cloud Device Administrator | Cloud device administrator | 7698a772-787b-4ac8-901f-60d6b08affd2 |
| Company Administrator | Global administrator | 62e90394-69f5-4237-9190-012177145e10 |
| Compliance Administrator | Compliance administrator | 17315797-102d-40b4-93e0-432062caca18 |
| Compliance Data Administrator | Compliance data administrator | e6d1a23a-da11-4be4-9570-befc86d067a7 |
| Conditional Access Administrator | Conditional Access administrator | b1be1c3e-b65d-4f19-8427-f6fa0d97feb9 |
| CRM Service Administrator | Dynamics 365 administrator | 44367163-eba1-44c3-98af-f5787879f96a |
| Customer LockBox Access Approver | Customer Lockbox access approver | 5c4f9dcd-47dc-4cf7-8c9a-9e4207cbfc91 |
| Desktop Analytics Administrator | Desktop Analytics Administrator | 38a96431-2bdf-4b4c-8b6e-5d3d8abac1a4 |
| Device Administrators | Device administrators | 9f06204d-73c1-4d4c-880a-6edb90606fd8 |
| Device Join | Deprecated | 9c094953-4995-41c8-84c8-3ebb9b32c93f |
| Device Managers | Deprecated | 2b499bcd-da44-4968-8aec-78e1674fa64d |
| Device Users | Deprecated | d405c6df-0af8-4e3b-95e4-4d06e542189e |
| Directory Readers | Directory readers | 88d8e3e3-8f55-4a1e-953a-9b9898b8876b |
| Directory Synchronization Accounts | Not shown because it shouldn’t be used | d29b2b05-8046-44ba-8758-1e26182fcf32 |
| Directory Writers | Directory Writers | 9360feb5-f418-4baa-8175-e2a00bac4301 |
| Exchange Service Administrator | Exchange administrator | 29232cdf-9323-42fd-ade2-1d097af3e4de |
| External Id User flow Administrator | External Id User flow Administrator | 6e591065-9bad-43ed-90f3-e9424366d2f0 |
| External Id User Flow Attribute Administrator | External Id User Flow Attribute Administrator | 0f971eea-41eb-4569-a71e-57bb8a3eff1e |
| External Identity Provider Administrator | External Identity Provider Administrator | be2f45a1-457d-42af-a067-6ec1fa63bc45 |
| Global Reader | Global reader | f2ef992c-3afb-46b9-b7cf-a126ee74c451 |
| Groups Administrator | Groups administrator | fdd7a751-b60b-444a-984c-02652fe8fa1c |
| Guest Inviter | Guest inviter | 95e79109-95c0-4d8e-aee3-d01accf2d47b |
| Helpdesk Administrator | Helpdesk administrator | 729827e3-9c14-49f7-bb1b-9608f156bbb8 |
| Hybrid Identity Administrator | Hybrid identity administrator | 8ac3fc64-6eca-42ea-9e69-59f4c7b60eb2 |
| Insights Administrator | Insights administrator | eb1f4a8d-243a-41f0-9fbd-c7cdf6c5ef7c |
| Insights Business Leader | Insights business leader | 31e939ad-9672-4796-9c2e-873181342d2d |
| Intune Service Administrator | Intune administrator | 3a2c62db-5318-420d-8d74-23affee5d9d5 |
| Kaizala Administrator | Kaizala administrator | 74ef975b-6605-40af-a5d2-b9539d836353 |
| License Administrator | License administrator | 4d6ac14f-3453-41d0-bef9-a3e0c569773a |
| Lync Service Administrator | Skype for Business administrator | 75941009-915a-4869-abe7-691bff18279e |
| Message Center Privacy Reader | Message center privacy reader | ac16e43d-7b2d-40e0-ac05-243ff356ab5b |
| Message Center Reader | Message center reader | 790c1fb9-7f7d-4f88-86a1-ef1f95c05c1b |
| Modern Commerce User | Modern Commerce User | d24aef57-1500-4070-84db-2666f29cf966 |
| Network Administrator | Network administrator | d37c8bed-0711-4417-ba38-b4abe66ce4c2 |
| Office Apps Administrator | Office apps administrator | 2b745bdf-0803-4d80-aa65-822c4493daac |
| Partner Tier1 Support | Not shown because it shouldn’t be used | 4ba39ca4-527c-499a-b93d-d9b492c50246 |
| Partner Tier2 Support | Not shown because it shouldn’t be used | e00e864a-17c5-4a4b-9c06-f5b95a8d5bd8 |
| Password Administrator | Password administrator | 966707d0-3269-4727-9be2-8c3a10f19b9d |
| Power BI Service Administrator | Power BI administrator | a9ea8996-122f-4c74-9520-8edcd192826c |
| Power Platform Administrator | Power platform administrator | 11648597-926c-4cf3-9c36-bcebb0ba8dcc |
| Printer Administrator | Printer administrator | 644ef478-e28f-4e28-b9dc-3fdde9aa0b1f |
| Printer Technician | Printer technician | e8cef6f1-e4bd-4ea8-bc07-4b8d950f4477 |
| Privileged Authentication Administrator | Privileged authentication administrator | 7be44c8a-adaf-4e2a-84d6-ab2649e08a13 |
| Privileged Role Administrator | Privileged role administrator | e8611ab8-c189-46e8-94e1-60213ab1f814 |
| Reports Reader | Reports reader | 4a5d8f65-41da-4de4-8968-e035b65339cf |
| Search Administrator | Search administrator | 0964bb5e-9bdb-4d7b-ac29-58e794862a40 |
| Search Editor | Search editor | 8835291a-918c-4fd7-a9ce-faa49f0cf7d9 |
| Security Administrator | Security administrator | 194ae4cb-b126-40b2-bd5b-6091b380977d |
| Security Operator | Security operator | 5f2222b1-57c3-48ba-8ad5-d4759f1fde6f |
| Security Reader | Security reader | 5d6b6bb7-de71-4623-b4af-96380a352509 |
| Service Support Administrator | Service support administrator | f023fd81-a637-4b56-95fd-791ac0226033 |
| SharePoint Service Administrator | SharePoint administrator | f28a1f50-f6e7-4571-818b-6a12f2af6b6c |
| Teams Communications Administrator | Teams Communications Administrator | baf37b3a-610e-45da-9e62-d9d1e5e8914b |
| Teams Communications Support Engineer | Teams Communications Support Engineer | f70938a0-fc10-4177-9e90-2178f8765737 |
| Teams Communications Support Specialist | Teams Communications Support Specialist | fcf91098-03e3-41a9-b5ba-6f0ec8188a12 |
| Teams Devices Administrator | Teams Devices Administrator | 3d762c5a-1b6c-493f-843e-55a3b42923d4 |
| Teams Service Administrator | Teams Service Administrator | 69091246-20e8-4a56-aa4d-066075b2a7a8 |
| User | Not shown because it can’t be used | a0b1b346-4d3e-4e8b-98f8-753987be4970 |
| User Account Administrator | User administrator | fe930be7-5e62-47db-91af-98c3a49a38b1 |
| Workplace Device Join | Deprecated | c34f683f-4d5a-4403-affd-6615e00e3a7f |
Thanks for reading 🙂 Feel free to discuss / comment / questions 🙂 SHARING IS CARING 🙂
Share In Teams:We have a lots of learning on Microsoft 365, for more details please visit – https://knowledge-junction.in/?s=Microsoft+365 OR https://knowledge-junction.in/?s=M+365 OR https://knowledge-junction.in/?s=O+365 OR https://knowledge-junction.in/?s=Office+365
Enjoy the beautiful life 🙂 Have a FUN 🙂 HAVE A SAFE LIFE 🙂 TAKE CARE 🙂
You must be logged in to post a comment.