Voltar para roles
Role actions13·Control Plane9·Management Plane4·User Access0·Não classificadas0·CategoriaSecurity·EAM TierControl Plane

Conditional Access Administrator

Privilegiada
Control PlaneSecurity13 role actions
Template ID
b1be1c3e-b65d-4f19-8427-f6fa0d97feb9
Categoria
Security
EAM Tier
Control Plane (Tier 0)
Enterprise Access Model: Control Plane

Controle total do tenant. Comprometimento leva a takeover completo. Isole de planos inferiores.

Descrição

Users with this role have the ability to manage Microsoft Entra Conditional Access settings. Note: To deploy Exchange ActiveSync Conditional Access policy in Azure, the user must also be Global Administrator.

Permissões completas

Todas as 13 role actions desta role, classificadas por tier do EAM.

Role ActionCategoriaTier
microsoft.directory/conditionalAccessPolicies/basic/update
Conditional AccessTier 0
microsoft.directory/conditionalAccessPolicies/create
Conditional AccessTier 0
microsoft.directory/conditionalAccessPolicies/delete
Conditional AccessTier 0
microsoft.directory/conditionalAccessPolicies/owners/update
Conditional AccessTier 0
microsoft.directory/conditionalAccessPolicies/tenantDefault/update
Conditional AccessTier 0
microsoft.directory/namedLocations/basic/update
Conditional AccessTier 0
microsoft.directory/namedLocations/create
Conditional AccessTier 0
microsoft.directory/namedLocations/delete
Conditional AccessTier 0
microsoft.directory/resourceNamespaces/resourceActions/authenticationContext/update
Conditional AccessTier 0
microsoft.directory/conditionalAccessPolicies/owners/read
Tenant Configuration (Reader)Tier 1
microsoft.directory/conditionalAccessPolicies/policyAppliedTo/read
Tenant Configuration (Reader)Tier 1
microsoft.directory/conditionalAccessPolicies/standard/read
Tenant Configuration (Reader)Tier 1
microsoft.directory/namedLocations/standard/read
Tenant Configuration (Reader)Tier 1

13 de 13 role actions

PowerShell

Get-MgRoleManagementDirectoryRoleDefinition `
  -UnifiedRoleDefinitionId "b1be1c3e-b65d-4f19-8427-f6fa0d97feb9"

Microsoft Graph

GET https://graph.microsoft.com/v1.0/
  roleManagement/directory/
  roleDefinitions/b1be1c3e-b65d-4f19-8427-f6fa0d97feb9
Ver documentação oficial na Microsoft Learn

Roles relacionadas

Authentication Administrator
Tier 0Security
Authentication Extensibility Administrator
Tier 0Security
Authentication Extensibility Password Administrator
Tier 0Security
Authentication Policy Administrator
Tier 0Security
B2C IEF Keyset Administrator
Tier 0Security