Voltar para roles
Role actions19·Control Plane13·Management Plane6·User Access0·Não classificadas0·CategoriaSecurity·EAM TierControl Plane

Authentication Administrator

Privilegiada
Control PlaneSecurity19 role actions
Template ID
c4e39bd9-1100-46d3-8c65-fb160da0071f
Categoria
Security
EAM Tier
Control Plane (Tier 0)
Enterprise Access Model: Control Plane

Controle total do tenant. Comprometimento leva a takeover completo. Isole de planos inferiores.

Descrição

Users with this role can set or reset any authentication method (including passwords) for non-administrators and some roles. Authentication Administrators can require users who are non-administrators or assigned to some roles to re-regis...

Permissões completas

Todas as 19 role actions desta role, classificadas por tier do EAM.

Role ActionCategoriaTier
microsoft.directory/deletedItems.users/restore
Global User ManagementTier 0
microsoft.directory/users/authenticationMethods/basic/update
Global User ManagementTier 0
microsoft.directory/users/authenticationMethods/create
Global User ManagementTier 0
microsoft.directory/users/authenticationMethods/delete
Global User ManagementTier 0
microsoft.directory/users/basic/update
Global User ManagementTier 0
microsoft.directory/users/delete
Global User ManagementTier 0
microsoft.directory/users/disable
Global User ManagementTier 0
microsoft.directory/users/enable
Global User ManagementTier 0
microsoft.directory/users/invalidateAllRefreshTokens
Global User ManagementTier 0
microsoft.directory/users/manager/update
Global User ManagementTier 0
microsoft.directory/users/password/update
Global User ManagementTier 0
microsoft.directory/users/restore
Global User ManagementTier 0
microsoft.directory/users/userPrincipalName/update
Global User ManagementTier 0
microsoft.azure.serviceHealth/allEntities/allTasks
Support and Service HealthTier 1
microsoft.azure.supportTickets/allEntities/allTasks
Support and Service HealthTier 1
microsoft.directory/users/authenticationMethods/standard/restrictedRead
Tenant Configuration (Reader)Tier 1
microsoft.office365.serviceHealth/allEntities/allTasks
Microsoft 365 Support OperationsTier 1
microsoft.office365.supportTickets/allEntities/allTasks
Microsoft 365 Support OperationsTier 1
microsoft.office365.webPortal/allEntities/standard/read
Microsoft 365 Support OperationsTier 1

19 de 19 role actions

PowerShell

Get-MgRoleManagementDirectoryRoleDefinition `
  -UnifiedRoleDefinitionId "c4e39bd9-1100-46d3-8c65-fb160da0071f"

Microsoft Graph

GET https://graph.microsoft.com/v1.0/
  roleManagement/directory/
  roleDefinitions/c4e39bd9-1100-46d3-8c65-fb160da0071f
Ver documentação oficial na Microsoft Learn

Roles relacionadas

Authentication Extensibility Administrator
Tier 0Security
Authentication Extensibility Password Administrator
Tier 0Security
Authentication Policy Administrator
Tier 0Security
B2C IEF Keyset Administrator
Tier 0Security
B2C IEF Policy Administrator
Tier 0Security