| Display name | Global Administrator | ||
|---|---|---|---|
| Id | 62e90394-69f5-4237-9190-012177145e10 | ||
| Description | Can manage all aspects of Microsoft Entra ID and Microsoft services that use Microsoft Entra identities. | ||
| Detailed description | Users with this role have access to all administrative features in Microsoft Entra ID, as well as services that federate to Microsoft Entra ID like Exchange Online, SharePoint Online, and Skype for Business Online. The person who signs up for the Microsoft Entra tenant becomes a global administrator. Only global administrators can assign other administrator roles. There can be more than one global administrator at your company. Global admins can reset the password for any user and all other administrators. Note: In Microsoft Graph API, Azure AD Graph API, and Azure AD PowerShell, this role is identified as "Company Administrator". It is "Global Administrator" in the Azure portal. | ||
| Categories | global | ||
| isPrivileged | True Privileged | ||
| EntraOps Tier Level | ControlPlane | ||
| #Resource Actions unique | 264 | ||
| #Resource Actions Operations unique | 270 | ||
| #Resource Actions privileged | 20 | ||
| #Resource Actions direct | 210 | ||
| Resource Actions inherited | True | ||
| #Resource Actions inherited | 54 | ||
| Resource Actions inherited from | Directory Readers (88d8e3e3-8f55-4a1e-953a-9b9898b8876b) | ||
| #Resource Actions overlap direct&inherited | 0 | ||
| Resource Actions overlap direct&inherited | |||
| #Resource Actions inherited to | 0 other Entra Id Roles | ||
| Resource Actions inherited to | n/a | ||
| #Resource Actions conditioned | 0 | ||
| #Resource Actions unconditioned | 264 | ||
| #NameSpaces | 50 | ||
| NameSpaces | microsoft.azure.advancedThreatProtection: 1 microsoft.azure.informationProtection: 1 microsoft.azure.serviceHealth: 1 microsoft.azure.supportTickets: 1 microsoft.backup: 1 microsoft.cloudPC: 1 microsoft.commerce.billing: 2 microsoft.directory: 204 microsoft.dynamics365: 1 microsoft.edge: 1 microsoft.flow: 1 microsoft.graph.dataConnect: 1 microsoft.hardware.support: 3 microsoft.insights: 1 microsoft.intune: 1 microsoft.networkAccess: 2 microsoft.office365.complianceManager: 1 microsoft.office365.copilot: 1 microsoft.office365.desktopAnalytics: 1 microsoft.office365.exchange: 1 microsoft.office365.fileStorageContainers: 1 microsoft.office365.knowledge: 5 microsoft.office365.lockbox: 1 microsoft.office365.messageCenter: 2 microsoft.office365.migrations: 1 microsoft.office365.network: 1 microsoft.office365.organizationalMessages: 1 microsoft.office365.protectionCenter: 1 microsoft.office365.search: 1 microsoft.office365.securityComplianceCenter: 1 microsoft.office365.serviceHealth: 1 microsoft.office365.sharePoint: 1 microsoft.office365.skypeForBusiness: 1 microsoft.office365.supportTickets: 1 microsoft.office365.usageReports: 1 microsoft.office365.userCommunication: 1 microsoft.office365.webPortal: 1 microsoft.office365.yammer: 1 microsoft.people: 2 microsoft.peopleAdmin: 2 microsoft.permissionsManagement: 1 microsoft.powerApps: 1 microsoft.powerApps.powerBI: 1 microsoft.teams: 1 microsoft.virtualVisits: 1 microsoft.viva.glint: 1 microsoft.viva.goals: 1 microsoft.viva.pulse: 1 microsoft.windows.defenderAdvancedThreatProtection: 1 microsoft.windows.updatesDeployments: 1 |
||
| Actions | allTasks: 79 assignLicense: 1 create: 16 delete: 13 manage: 7 managePermissionGrantsForAll: 1 other: 9 read: 100 reprocessLicenseAssignment: 1 restore: 2 update: 35 |
||
| Operations actionVerbs | DELETE: 16 GET: 100 n/a: 81 PATCH: 35 POST: 37 PUT: 1 |
||
| Resource Actions where Consent Policy applies | 1 | ||
| Resource Actions / Consent Policy | Resource Action: microsoft.directory/servicePrincipals/managePermissionGrantsForAll.microsoft-company-admin Consent Policy: microsoft-company-admin displayName: Company Admin Policy description:Permissions consentable by Company Administrators. includes: 2 excludes: 0 |
||
| JSON enriched |
|
||
| JSON raw (v1.0 endpoint) |
|
||
| JSON raw (beta endpoint) |
|