| Display name | Cloud Device Administrator | ||
|---|---|---|---|
| Id | 7698a772-787b-4ac8-901f-60d6b08affd2 | ||
| Description | Limited access to manage devices in Microsoft Entra ID. | ||
| Detailed description | Users in this role can enable, disable, and delete devices in Microsoft Entra ID and read Windows 10 BitLocker keys (if present) in the Azure portal. The role does not grant permissions to manage any other properties on the device. | ||
| Categories | devices,identity | ||
| isPrivileged | True Privileged | ||
| EntraOps Tier Level | ControlPlane | ||
| #Resource Actions unique | 73 | ||
| #Resource Actions Operations unique | 74 | ||
| #Resource Actions privileged | 3 | ||
| #Resource Actions direct | 19 | ||
| Resource Actions inherited | True | ||
| #Resource Actions inherited | 54 | ||
| Resource Actions inherited from | Directory Readers (88d8e3e3-8f55-4a1e-953a-9b9898b8876b) | ||
| #Resource Actions overlap direct&inherited | 0 | ||
| Resource Actions overlap direct&inherited | |||
| #Resource Actions inherited to | 0 other Entra Id Roles | ||
| Resource Actions inherited to | n/a | ||
| #Resource Actions conditioned | 0 | ||
| #Resource Actions unconditioned | 73 | ||
| #NameSpaces | 3 | ||
| NameSpaces | microsoft.azure.serviceHealth: 1 microsoft.directory: 71 microsoft.office365.serviceHealth: 1 |
||
| Actions | allTasks: 2 delete: 2 disable: 1 enable: 1 read: 62 restore: 1 update: 4 |
||
| Operations actionVerbs | DELETE: 3 GET: 62 n/a: 2 PATCH: 5 POST: 2 |
||
| Resource Actions where Consent Policy applies | 0 | ||
| Resource Actions / Consent Policy | n/a | ||
| JSON enriched |
|
||
| JSON raw (v1.0 endpoint) |
|
||
| JSON raw (beta endpoint) |
|