Voltar para roles
Role actions19·Control Plane12·Management Plane7·User Access0·Não classificadas0·CategoriaSecurity·EAM TierControl Plane

Authentication Policy Administrator

Control PlaneSecurity19 role actions
Template ID
0526716b-113d-4c15-b2c8-68e3c22b9f80
Categoria
Security
EAM Tier
Control Plane (Tier 0)
Enterprise Access Model: Control Plane

Controle total do tenant. Comprometimento leva a takeover completo. Isole de planos inferiores.

Descrição

Users in this role can create, deploy, and maintain password protection policies and configure authentication methods in a tenant. An Authentication policy administrator can perform the following tasks - manage authentication method sett...

Permissões completas

Todas as 19 role actions desta role, classificadas por tier do EAM.

Role ActionCategoriaTier
microsoft.directory/organization/strongAuthentication/allTasks
AuthenticationTier 0
microsoft.directory/userCredentialPolicies/basic/update
AuthenticationTier 0
microsoft.directory/userCredentialPolicies/create
AuthenticationTier 0
microsoft.directory/userCredentialPolicies/delete
AuthenticationTier 0
microsoft.directory/userCredentialPolicies/owners/update
AuthenticationTier 0
microsoft.directory/userCredentialPolicies/tenantDefault/update
AuthenticationTier 0
microsoft.directory/verifiableCredentials/configuration/allProperties/update
Verified IDTier 0
microsoft.directory/verifiableCredentials/configuration/contracts/allProperties/update
Verified IDTier 0
microsoft.directory/verifiableCredentials/configuration/contracts/cards/revoke
Verified IDTier 0
microsoft.directory/verifiableCredentials/configuration/contracts/create
Verified IDTier 0
microsoft.directory/verifiableCredentials/configuration/create
Verified IDTier 0
microsoft.directory/verifiableCredentials/configuration/delete
Verified IDTier 0
microsoft.azure.supportTickets/allEntities/allTasks
Support and Service HealthTier 1
microsoft.directory/userCredentialPolicies/owners/read
Tenant Configuration (Reader)Tier 1
microsoft.directory/userCredentialPolicies/policyAppliedTo/read
Tenant Configuration (Reader)Tier 1
microsoft.directory/userCredentialPolicies/standard/read
Tenant Configuration (Reader)Tier 1
microsoft.directory/verifiableCredentials/configuration/allProperties/read
Tenant Configuration (Reader)Tier 1
microsoft.directory/verifiableCredentials/configuration/contracts/allProperties/read
Tenant Configuration (Reader)Tier 1
microsoft.directory/verifiableCredentials/configuration/contracts/cards/allProperties/read
Tenant Configuration (Reader)Tier 1

19 de 19 role actions

PowerShell

Get-MgRoleManagementDirectoryRoleDefinition `
  -UnifiedRoleDefinitionId "0526716b-113d-4c15-b2c8-68e3c22b9f80"

Microsoft Graph

GET https://graph.microsoft.com/v1.0/
  roleManagement/directory/
  roleDefinitions/0526716b-113d-4c15-b2c8-68e3c22b9f80
Ver documentação oficial na Microsoft Learn

Roles relacionadas

Authentication Administrator
Tier 0Security
Authentication Extensibility Administrator
Tier 0Security
Authentication Extensibility Password Administrator
Tier 0Security
B2C IEF Keyset Administrator
Tier 0Security
B2C IEF Policy Administrator
Tier 0Security