| Display name | Authentication Policy Administrator | ||
|---|---|---|---|
| Id | 0526716b-113d-4c15-b2c8-68e3c22b9f80 | ||
| Description | Can create and manage the authentication methods policy, tenant-wide MFA settings, password protection policy, and verifiable credentials. | ||
| Detailed description | Users in this role can create, deploy, and maintain password protection policies and configure authentication methods in a tenant. An Authentication policy administrator can perform the following tasks - manage authentication method settings; configure smart lockout settings; manage a custom banned password list. Users in this role cannot set, change, or reset any individual users' registered authentication methods. This role is intended for managing policy rather than managing users. For example, an Authentication policy administrator will be able to configure that passwords are required to be registered, and the lockout policy for those passwords, but will not be able to reset a user's password. | ||
| Categories | collaboration,identity | ||
| isPrivileged | False | ||
| EntraOps Tier Level | ControlPlane | ||
| #Resource Actions unique | 73 | ||
| #Resource Actions Operations unique | 74 | ||
| #Resource Actions privileged | 0 | ||
| #Resource Actions direct | 19 | ||
| Resource Actions inherited | True | ||
| #Resource Actions inherited | 54 | ||
| Resource Actions inherited from | Directory Readers (88d8e3e3-8f55-4a1e-953a-9b9898b8876b) | ||
| #Resource Actions overlap direct&inherited | 0 | ||
| Resource Actions overlap direct&inherited | |||
| #Resource Actions inherited to | 0 other Entra Id Roles | ||
| Resource Actions inherited to | n/a | ||
| #Resource Actions conditioned | 0 | ||
| #Resource Actions unconditioned | 73 | ||
| #NameSpaces | 2 | ||
| NameSpaces | microsoft.azure.supportTickets: 1 microsoft.directory: 72 |
||
| Actions | allTasks: 2 create: 3 delete: 2 other: 1 read: 60 update: 5 |
||
| Operations actionVerbs | DELETE: 3 GET: 60 n/a: 2 PATCH: 5 POST: 4 |
||
| Resource Actions where Consent Policy applies | 0 | ||
| Resource Actions / Consent Policy | n/a | ||
| JSON enriched |
|
||
| JSON raw (v1.0 endpoint) |
|
||
| JSON raw (beta endpoint) |
|