| Display name | Privileged Authentication Administrator | ||
|---|---|---|---|
| Id | 7be44c8a-adaf-4e2a-84d6-ab2649e08a13 | ||
| Description | Can access to view, set and reset authentication method information for any user (admin or non-admin). | ||
| Detailed description | Users with this role can view the current authentication method information and set or reset non-password credentials for all users, including global administrators. Privileged Authentication Administrators can force users to re-register against existing non-password credential (e.g. MFA, FIDO) and revoke 'remember MFA on the device', prompting for MFA on the next login of all users. | ||
| Categories | identity | ||
| isPrivileged | True Privileged | ||
| EntraOps Tier Level | ControlPlane | ||
| #Resource Actions unique | 74 | ||
| #Resource Actions Operations unique | 74 | ||
| #Resource Actions privileged | 10 | ||
| #Resource Actions direct | 20 | ||
| Resource Actions inherited | True | ||
| #Resource Actions inherited | 54 | ||
| Resource Actions inherited from | Directory Readers (88d8e3e3-8f55-4a1e-953a-9b9898b8876b) | ||
| #Resource Actions overlap direct&inherited | 0 | ||
| Resource Actions overlap direct&inherited | |||
| #Resource Actions inherited to | 0 other Entra Id Roles | ||
| Resource Actions inherited to | n/a | ||
| #Resource Actions conditioned | 0 | ||
| #Resource Actions unconditioned | 74 | ||
| #NameSpaces | 6 | ||
| NameSpaces | microsoft.azure.serviceHealth: 1 microsoft.azure.supportTickets: 1 microsoft.directory: 69 microsoft.office365.serviceHealth: 1 microsoft.office365.supportTickets: 1 microsoft.office365.webPortal: 1 |
||
| Actions | allTasks: 4 create: 1 delete: 2 disable: 1 enable: 1 other: 1 read: 56 restore: 2 update: 6 |
||
| Operations actionVerbs | DELETE: 2 GET: 56 n/a: 4 PATCH: 7 POST: 4 PUT: 1 |
||
| Resource Actions where Consent Policy applies | 0 | ||
| Resource Actions / Consent Policy | n/a | ||
| JSON enriched |
|
||
| JSON raw (v1.0 endpoint) |
|
||
| JSON raw (beta endpoint) |
|