| Display name | Authentication Administrator | ||
|---|---|---|---|
| Id | c4e39bd9-1100-46d3-8c65-fb160da0071f | ||
| Description | Can access to view, set and reset authentication method information for any non-admin user. | ||
| Detailed description | Users with this role can set or reset any authentication method (including passwords) for non-administrators and some roles. Authentication Administrators can require users who are non-administrators or assigned to some roles to re-register against existing non-password credentials (for example, multifactor authentication or FIDO), and can also revoke remember multifactor authentication on the device, which prompts for MFA on the next sign-in. | ||
| Categories | identity | ||
| isPrivileged | True Privileged | ||
| EntraOps Tier Level | ControlPlane | ||
| #Resource Actions unique | 73 | ||
| #Resource Actions Operations unique | 73 | ||
| #Resource Actions privileged | 9 | ||
| #Resource Actions direct | 19 | ||
| Resource Actions inherited | True | ||
| #Resource Actions inherited | 54 | ||
| Resource Actions inherited from | Directory Readers (88d8e3e3-8f55-4a1e-953a-9b9898b8876b) | ||
| #Resource Actions overlap direct&inherited | 0 | ||
| Resource Actions overlap direct&inherited | |||
| #Resource Actions inherited to | 0 other Entra Id Roles | ||
| Resource Actions inherited to | n/a | ||
| #Resource Actions conditioned | 0 | ||
| #Resource Actions unconditioned | 73 | ||
| #NameSpaces | 6 | ||
| NameSpaces | microsoft.azure.serviceHealth: 1 microsoft.azure.supportTickets: 1 microsoft.directory: 68 microsoft.office365.serviceHealth: 1 microsoft.office365.supportTickets: 1 microsoft.office365.webPortal: 1 |
||
| Actions | allTasks: 4 create: 1 delete: 2 disable: 1 enable: 1 other: 1 read: 55 restore: 2 restrictedRead: 1 update: 5 |
||
| Operations actionVerbs | DELETE: 2 GET: 56 n/a: 4 PATCH: 6 POST: 4 PUT: 1 |
||
| Resource Actions where Consent Policy applies | 0 | ||
| Resource Actions / Consent Policy | n/a | ||
| JSON enriched |
|
||
| JSON raw (v1.0 endpoint) |
|
||
| JSON raw (beta endpoint) |
|