| title | Global Administrator |
|---|---|
| description | Global Administrator |
| ms.topic | include |
| ms.date | 01/26/2026 |
| ms.custom | include file |
This is a privileged role. Users with this role have access to all administrative features in Microsoft Entra ID, as well as services that use Microsoft Entra identities like the Microsoft 365 Defender portal, the Microsoft Purview portal, Exchange Online, SharePoint Online, and Skype for Business Online. Global Administrators can view Directory Activity logs. Furthermore, Global Administrators can elevate their access to manage all Azure subscriptions and management groups. This allows Global Administrators to get full access to all Azure resources using the respective Microsoft Entra tenant. The person who signs up for the Microsoft Entra organization becomes a Global Administrator. There can be more than one Global Administrator at your company. Global Administrators can reset the password for any user and all other administrators. A Global Administrator cannot remove their own Global Administrator assignment. This is to prevent a situation where an organization has zero Global Administrators.
Note
As a best practice, Microsoft recommends that you assign the Global Administrator role to fewer than five people in your organization. For more information, see Best practices for Microsoft Entra roles.
[!div class="mx-tableFixed"]
Actions Description microsoft.agentRegistry/allEntities/allProperties/allTasks Manage all aspects of Agent Registry in Microsoft Entra ID microsoft.azure.advancedThreatProtection/allEntities/allTasks Manage all aspects of Azure Advanced Threat Protection microsoft.azure.informationProtection/allEntities/allTasks Manage all aspects of Azure Information Protection microsoft.azure.serviceHealth/allEntities/allTasks Read and configure Azure Service Health microsoft.azure.supportTickets/allEntities/allTasks Create and manage Azure support tickets microsoft.backup/allEntities/allProperties/allTasks Manage all aspects of Microsoft 365 Backup microsoft.cloudPC/allEntities/allProperties/allTasks Manage all aspects of Windows 365 microsoft.commerce.billing/allEntities/allProperties/allTasks Manage all aspects of Office 365 billing microsoft.commerce.billing/purchases/standard/read Read purchase services in Microsoft 365 admin center. microsoft.directory/accessReviews/allProperties/allTasks Create and delete access reviews, and read and update all properties of access reviews in Microsoft Entra ID microsoft.directory/accessReviews/definitions/allProperties/allTasks Manage access reviews of all reviewable resources in Microsoft Entra ID microsoft.directory/adminConsentRequestPolicy/allProperties/allTasks Manage admin consent request policies in Microsoft Entra ID microsoft.directory/administrativeUnits/allProperties/allTasks Create and manage administrative units (including members) microsoft.directory/agentIdentities/appRoleAssignedTo/update Update agent identity role assignments. microsoft.directory/agentIdentities/basic/update Update basic properties of agent identities. microsoft.directory/agentIdentities/create Create agent identities. microsoft.directory/agentIdentities/delete Delete agent identities. microsoft.directory/agentIdentities/disable Disable agent identities. microsoft.directory/agentIdentities/enable Enable agent identities. microsoft.directory/agentIdentities/owners/update Add and remove owners to agent identities. microsoft.directory/agentIdentities/tag/update Update tags for agent identities. microsoft.directory/agentIdentityBlueprintPrincipals/appRoleAssignedTo/update Update agent identity blueprint principal role assignments. microsoft.directory/agentIdentityBlueprintPrincipals/basic/update Update basic properties of agent identity blueprint principals. microsoft.directory/agentIdentityBlueprintPrincipals/create Create agent identity blueprint principals. microsoft.directory/agentIdentityBlueprintPrincipals/delete Delete agent identity blueprint principals. microsoft.directory/agentIdentityBlueprintPrincipals/disable Disable agent identity blueprint principals. microsoft.directory/agentIdentityBlueprintPrincipals/enable Enable agent identity blueprint principals. microsoft.directory/agentIdentityBlueprintPrincipals/owners/update Add and remove owners to agent identity blueprint principals. microsoft.directory/agentIdentityBlueprintPrincipals/tag/update Update tags for agent identity blueprint principals. microsoft.directory/agentIdentityBlueprints/allProperties/read Read all properties and settings for agent identity blueprints. microsoft.directory/agentIdentityBlueprints/allProperties/update Update all properties and settings for agent identity blueprints. microsoft.directory/agentIdentityBlueprints/appRoles/update Modify app roles defined on agent identity blueprints. microsoft.directory/agentIdentityBlueprints/authentication/update Update authentication related settings for agent identity blueprints. microsoft.directory/agentIdentityBlueprints/audience/update Update the sign-in audience setting for agent identity blueprints. microsoft.directory/agentIdentityBlueprints/basic/update Update basic properties of agent identity blueprints. microsoft.directory/agentIdentityBlueprints/create Create agent identity blueprints. microsoft.directory/agentIdentityBlueprints/credentials/update Add and remove credentials to agent identity blueprints. microsoft.directory/agentIdentityBlueprints/delete Delete agent identity blueprints. microsoft.directory/agentIdentityBlueprints/owners/update Add and remove owners to agent identity blueprints. microsoft.directory/agentIdentityBlueprints/permissions/update Modify exposed permissions on agent identity blueprints. microsoft.directory/agentIdentityBlueprints/tag/update Update tags for agent identity blueprints. microsoft.directory/agentIdentityBlueprints/verification/update Update publisher verification setting for agent identity blueprints. microsoft.directory/agentUsers/assignLicense Manage agent user licenses microsoft.directory/agentUsers/basic/update Update basic properties on agent users microsoft.directory/agentUsers/create Add agent users microsoft.directory/agentUsers/delete Delete agent users microsoft.directory/agentUsers/disable Disable agent users microsoft.directory/agentUsers/enable Enable agent users microsoft.directory/agentUsers/invalidateAllRefreshTokens Force sign-out by invalidating agent user refresh tokens microsoft.directory/agentUsers/lifeCycleInfo/read Read lifecycle information of agent users, such as employeeLeaveDateTime microsoft.directory/agentUsers/lifeCycleInfo/update Update lifecycle information of agent users, such as employeeLeaveDateTime microsoft.directory/agentUsers/manager/update Update manager for agent users microsoft.directory/agentUsers/photo/update Update photo of agent users microsoft.directory/agentUsers/reprocessLicenseAssignment Reprocess license assignments for agent users microsoft.directory/agentUsers/restore Restore deleted agent users microsoft.directory/agentUsers/revokeSignInSessions Revoke sign-in sessions for a agent user microsoft.directory/agentUsers/sponsors/update Update sponsors of agent users microsoft.directory/agentUsers/usageLocation/update Update usage location of agent users microsoft.directory/agentUsers/userPrincipalName/update Update User Principal Name of agent users microsoft.directory/appConsent/appConsentRequests/allProperties/read Read all properties of consent requests for applications registered with Microsoft Entra ID microsoft.directory/applications/allProperties/allTasks Create and delete applications, and read and update all properties microsoft.directory/applications/synchronization/standard/read Read provisioning settings associated with the application object microsoft.directory/applicationTemplates/instantiate Instantiate gallery applications from application templates microsoft.directory/auditLogs/allProperties/read Read all properties on audit logs, excluding custom security attributes audit logs microsoft.directory/authorizationPolicy/allProperties/allTasks Manage all aspects of authorization policy microsoft.directory/bitlockerKeys/key/read Read bitlocker metadata and key on devices microsoft.directory/bulkJobs/basic/update Update all the bulk jobs in a directory microsoft.directory/bulkJobs/create Create all bulk jobs in a directory microsoft.directory/cloudAppSecurity/allProperties/allTasks Create and delete all resources, and read and update standard properties in Microsoft Defender for Cloud Apps microsoft.directory/conditionalAccessPolicies/allProperties/allTasks Manage all properties of Conditional Access policies microsoft.directory/connectorGroups/allProperties/read Read all properties of application proxy connector groups microsoft.directory/connectorGroups/allProperties/update Update all properties of application proxy connector groups microsoft.directory/connectorGroups/create Create application proxy connector groups microsoft.directory/connectorGroups/delete Delete application proxy connector groups microsoft.directory/connectors/allProperties/read Read all properties of application proxy connectors microsoft.directory/connectors/create Create application proxy connectors microsoft.directory/contacts/allProperties/allTasks Create and delete contacts, and read and update all properties microsoft.directory/contracts/allProperties/allTasks Create and delete partner contracts, and read and update all properties microsoft.directory/crossTenantAccessPolicy/allowedCloudEndpoints/update Update allowed cloud endpoints of cross-tenant access policy microsoft.directory/crossTenantAccessPolicy/basic/update Update basic settings of cross-tenant access policy microsoft.directory/crossTenantAccessPolicy/default/b2bCollaboration/update Update Microsoft Entra B2B collaboration settings of the default cross-tenant access policy microsoft.directory/crossTenantAccessPolicy/default/b2bDirectConnect/update Update Microsoft Entra B2B direct connect settings of the default cross-tenant access policy microsoft.directory/crossTenantAccessPolicy/default/crossCloudMeetings/update Update cross-cloud Teams meeting settings of the default cross-tenant access policy microsoft.directory/crossTenantAccessPolicy/default/standard/read Read basic properties of the default cross-tenant access policy microsoft.directory/crossTenantAccessPolicy/default/tenantRestrictions/update Update tenant restrictions of the default cross-tenant access policy microsoft.directory/crossTenantAccessPolicy/partners/b2bCollaboration/update Update Microsoft Entra B2B collaboration settings of cross-tenant access policy for partners microsoft.directory/crossTenantAccessPolicy/partners/b2bDirectConnect/update Update Microsoft Entra B2B direct connect settings of cross-tenant access policy for partners microsoft.directory/crossTenantAccessPolicy/partners/create Create cross-tenant access policy for partners microsoft.directory/crossTenantAccessPolicy/partners/crossCloudMeetings/update Update cross-cloud Teams meeting settings of cross-tenant access policy for partners microsoft.directory/crossTenantAccessPolicy/partners/delete Delete cross-tenant access policy for partners microsoft.directory/crossTenantAccessPolicy/partners/identitySynchronization/basic/update Update basic settings of cross-tenant sync policy microsoft.directory/crossTenantAccessPolicy/partners/identitySynchronization/create Create cross-tenant sync policy for partners microsoft.directory/crossTenantAccessPolicy/partners/identitySynchronization/standard/read Read basic properties of cross-tenant sync policy microsoft.directory/crossTenantAccessPolicy/partners/standard/read Read basic properties of cross-tenant access policy for partners microsoft.directory/crossTenantAccessPolicy/partners/templates/multiTenantOrganizationIdentitySynchronization/basic/update Update cross tenant sync policy templates for multi-tenant organization microsoft.directory/crossTenantAccessPolicy/partners/templates/multiTenantOrganizationIdentitySynchronization/resetToDefaultSettings Reset cross tenant sync policy template for multi-tenant organization to default settings microsoft.directory/crossTenantAccessPolicy/partners/templates/multiTenantOrganizationIdentitySynchronization/standard/read Read basic properties of cross tenant sync policy templates for multi-tenant organization microsoft.directory/crossTenantAccessPolicy/partners/templates/multiTenantOrganizationPartnerConfiguration/basic/update Update cross tenant access policy templates for multi-tenant organization microsoft.directory/crossTenantAccessPolicy/partners/templates/multiTenantOrganizationPartnerConfiguration/resetToDefaultSettings Reset cross tenant access policy template for multi-tenant organization to default settings microsoft.directory/crossTenantAccessPolicy/partners/templates/multiTenantOrganizationPartnerConfiguration/standard/read Read basic properties of cross tenant access policy templates for multi-tenant organization microsoft.directory/crossTenantAccessPolicy/partners/tenantRestrictions/update Update tenant restrictions of cross-tenant access policy for partners microsoft.directory/crossTenantAccessPolicy/standard/read Read basic properties of cross-tenant access policy microsoft.directory/customAuthenticationExtensions/allProperties/allTasks Create and manage custom authentication extensions microsoft.directory/deletedItems/delete Permanently delete objects, which can no longer be restored microsoft.directory/deletedItems/restore Restore soft deleted objects to original state microsoft.directory/deviceLocalCredentials/password/read Read all properties of the backed up local administrator account credentials for Microsoft Entra joined devices, including the password microsoft.directory/deviceManagementPolicies/basic/update Update basic properties on mobile device management and mobile app management policies microsoft.directory/deviceManagementPolicies/standard/read Read standard properties on mobile device management and mobile app management policies microsoft.directory/deviceRegistrationPolicy/basic/update Update basic properties on device registration policies microsoft.directory/deviceRegistrationPolicy/standard/read Read standard properties on device registration policies microsoft.directory/devices/allProperties/allTasks Create and delete devices, and read and update all properties microsoft.directory/devices/permissions/update Update the alternative name property on an IoT device microsoft.directory/deviceTemplates/owners/read Read owners on Internet of Things (IoT) device templates microsoft.directory/deviceTemplates/owners/update Update owners on Internet of Things (IoT) device templates microsoft.directory/directoryRoles/allProperties/allTasks Create and delete directory roles, and read and update all properties microsoft.directory/directoryRoleTemplates/allProperties/allTasks Create and delete Microsoft Entra role templates, and read and update all properties microsoft.directory/domains/allProperties/allTasks Create and delete domains, and read and update all properties microsoft.directory/domains/federationConfiguration/basic/update Update basic federation configuration for domains microsoft.directory/domains/federationConfiguration/create Create federation configuration for domains microsoft.directory/domains/federationConfiguration/delete Delete federation configuration for domains microsoft.directory/domains/federationConfiguration/standard/read Read standard properties of federation configuration for domains microsoft.directory/entitlementManagement/allProperties/allTasks Create and delete resources, and read and update all properties in Microsoft Entra entitlement management microsoft.directory/externalUserProfiles/basic/update Update basic properties of external user profiles in the extended directory for Teams microsoft.directory/externalUserProfiles/delete Delete external user profiles in the extended directory for Teams microsoft.directory/externalUserProfiles/standard/read Read standard properties of external user profiles in the extended directory for Teams microsoft.directory/groups/allProperties/allTasks Create and delete groups, and read and update all properties microsoft.directory/groupsAssignableToRoles/allProperties/update Update role-assignable groups microsoft.directory/groupsAssignableToRoles/assignLicense Assign a license to role-assignable groups microsoft.directory/groupsAssignableToRoles/create Create role-assignable groups microsoft.directory/groupsAssignableToRoles/delete Delete role-assignable groups microsoft.directory/groupsAssignableToRoles/reprocessLicenseAssignment Reprocess license assignments to role-assignable groups microsoft.directory/groupsAssignableToRoles/restore Restore role-assignable groups microsoft.directory/groupSettings/allProperties/allTasks Create and delete group settings, and read and update all properties microsoft.directory/groupSettingTemplates/allProperties/allTasks Create and delete group setting templates, and read and update all properties microsoft.directory/hybridAuthenticationPolicy/allProperties/allTasks Manage hybrid authentication policy in Microsoft Entra ID microsoft.directory/identityProtection/allProperties/allTasks Create and delete all resources, and read and update standard properties in Microsoft Entra ID Protection microsoft.directory/lifecycleWorkflows/workflows/allProperties/allTasks Manage all aspects of lifecycle workflows and tasks in Microsoft Entra ID microsoft.directory/loginOrganizationBranding/allProperties/allTasks Create and delete loginTenantBranding, and read and update all properties microsoft.directory/multiTenantOrganization/basic/update Update basic properties of a multi-tenant organization microsoft.directory/multiTenantOrganization/create Create a multi-tenant organization microsoft.directory/multiTenantOrganization/joinRequest/organizationDetails/update Join a multi-tenant organization microsoft.directory/multiTenantOrganization/joinRequest/standard/read Read properties of a multi-tenant organization join request microsoft.directory/multiTenantOrganization/standard/read Read basic properties of a multi-tenant organization microsoft.directory/multiTenantOrganization/tenants/create Create a tenant in a multi-tenant organization microsoft.directory/multiTenantOrganization/tenants/delete Delete a tenant participating in a multi-tenant organization microsoft.directory/multiTenantOrganization/tenants/organizationDetails/read Read organization details of a tenant participating in a multi-tenant organization microsoft.directory/multiTenantOrganization/tenants/organizationDetails/update Update basic properties of a tenant participating in a multi-tenant organization microsoft.directory/multiTenantOrganization/tenants/standard/read Read basic properties of a tenant participating in a multi-tenant organization microsoft.directory/namedLocations/basic/update Update basic properties of custom rules that define network locations microsoft.directory/namedLocations/create Create custom rules that define network locations microsoft.directory/namedLocations/delete Delete custom rules that define network locations microsoft.directory/namedLocations/standard/read Read basic properties of custom rules that define network locations microsoft.directory/oAuth2PermissionGrants/allProperties/allTasks Create and delete OAuth 2.0 permission grants, and read and update all properties microsoft.directory/onPremisesSynchronization/basic/update Update basic on-premises directory synchronization information microsoft.directory/onPremisesSynchronization/standard/read Read standard on-premises directory synchronization information microsoft.directory/organization/allProperties/allTasks Read and update all properties for an organization microsoft.directory/passwordHashSync/allProperties/allTasks Manage all aspects of Password Hash Synchronization (PHS) in Microsoft Entra ID microsoft.directory/pendingExternalUserProfiles/basic/update Update basic properties of external user profiles in the extended directory for Teams microsoft.directory/pendingExternalUserProfiles/create Create external user profiles in the extended directory for Teams microsoft.directory/pendingExternalUserProfiles/delete Delete external user profiles in the extended directory for Teams microsoft.directory/pendingExternalUserProfiles/standard/read Read standard properties of external user profiles in the extended directory for Teams microsoft.directory/permissionGrantPolicies/basic/update Update basic properties of permission grant policies microsoft.directory/permissionGrantPolicies/create Create permission grant policies microsoft.directory/permissionGrantPolicies/delete Delete permission grant policies microsoft.directory/permissionGrantPolicies/standard/read Read standard properties of permission grant policies microsoft.directory/policies/allProperties/allTasks Create and delete policies, and read and update all properties microsoft.directory/privilegedIdentityManagement/allProperties/read Read all resources in Privileged Identity Management microsoft.directory/provisioningLogs/allProperties/read Read all properties of provisioning logs microsoft.directory/resourceNamespaces/resourceActions/authenticationContext/update Update Conditional Access authentication context of Microsoft 365 role-based access control (RBAC) resource actions microsoft.directory/roleAssignments/allProperties/allTasks Create and delete role assignments, and read and update all role assignment properties microsoft.directory/roleDefinitions/allProperties/allTasks Create and delete role definitions, and read and update all properties microsoft.directory/scopedRoleMemberships/allProperties/allTasks Create and delete scopedRoleMemberships, and read and update all properties microsoft.directory/serviceAction/activateService Can perform the "activate service" action for a service microsoft.directory/serviceAction/disableDirectoryFeature Can perform the "disable directory feature" service action microsoft.directory/serviceAction/enableDirectoryFeature Can perform the "enable directory feature" service action microsoft.directory/serviceAction/getAvailableExtentionProperties Can perform the getAvailableExtentionProperties service action microsoft.directory/servicePrincipalCreationPolicies/basic/update Update basic properties of service principal creation policies microsoft.directory/servicePrincipalCreationPolicies/create Create service principal creation policies microsoft.directory/servicePrincipalCreationPolicies/delete Delete service principal creation policies microsoft.directory/servicePrincipalCreationPolicies/standard/read Read standard properties of service principal creation policies microsoft.directory/servicePrincipals/allProperties/allTasks Create and delete service principals, and read and update all properties microsoft.directory/servicePrincipals/managePermissionGrantsForAll.microsoft-company-admin Grant consent for any permission to any application microsoft.directory/servicePrincipals/synchronization.cloudTenantToCloudTenant/credentials/manage Manage cloud tenant to cloud tenant application provisioning secrets and credentials. microsoft.directory/servicePrincipals/synchronization.cloudTenantToCloudTenant/jobs/manage Start, restart, and pause cloud tenant to cloud tenant application provisioning synchronization jobs. microsoft.directory/servicePrincipals/synchronization.cloudTenantToCloudTenant/schema/manage Create and manage cloud tenant to cloud tenant application provisioning synchronization jobs and schema. microsoft.directory/servicePrincipals/synchronization.cloudTenantToExternalSystem/credentials/manage Manage application provisioning secrets and credentials. microsoft.directory/servicePrincipals/synchronization.cloudTenantToExternalSystem/jobs/manage Start, restart, and pause application provisioning synchronization jobs. microsoft.directory/servicePrincipals/synchronization.cloudTenantToExternalSystem/schema/manage Create and manage application provisioning synchronization jobs and schema. microsoft.directory/servicePrincipals/synchronization/standard/read Read provisioning settings associated with your service principal microsoft.directory/signInReports/allProperties/read Read all properties on sign-in reports, including privileged properties microsoft.directory/subscribedSkus/allProperties/allTasks Buy and manage subscriptions and delete subscriptions microsoft.directory/tenantManagement/tenants/create Create new tenants in Microsoft Entra ID microsoft.directory/users/allProperties/allTasks Create and delete users, and read and update all properties microsoft.directory/users/authenticationMethods/basic/update Update basic properties of authentication methods for users microsoft.directory/users/authenticationMethods/create Update authentication methods for users microsoft.directory/users/authenticationMethods/delete Delete authentication methods for users microsoft.directory/users/authenticationMethods/standard/read Read standard properties of authentication methods for users microsoft.directory/users/convertExternalToInternalMemberUser Convert external user to internal user microsoft.directory/verifiableCredentials/configuration/allProperties/read Read configuration required to create and manage verifiable credentials microsoft.directory/verifiableCredentials/configuration/allProperties/update Update configuration required to create and manage verifiable credentials microsoft.directory/verifiableCredentials/configuration/contracts/allProperties/read Read a verifiable credential contract microsoft.directory/verifiableCredentials/configuration/contracts/allProperties/update Update a verifiable credential contract microsoft.directory/verifiableCredentials/configuration/contracts/cards/allProperties/read Read a verifiable credential card microsoft.directory/verifiableCredentials/configuration/contracts/cards/revoke Revoke a verifiable credential card microsoft.directory/verifiableCredentials/configuration/contracts/create Create a verifiable credential contract microsoft.directory/verifiableCredentials/configuration/create Create configuration required to create and manage verifiable credentials microsoft.directory/verifiableCredentials/configuration/delete Delete configuration required to create and manage verifiable credentials and delete all of its verifiable credentials microsoft.dynamics365/allEntities/allTasks Manage all aspects of Dynamics 365 microsoft.edge/allEntities/allProperties/allTasks Manage all aspects of Microsoft Edge microsoft.flow/allEntities/allTasks Manage all aspects of Microsoft Power Automate microsoft.graph.dataConnect/allEntities/allProperties/allTasks Manage aspects of Microsoft Graph Data Connect microsoft.hardware.support/shippingAddress/allProperties/allTasks Create, read, update, and delete shipping addresses for Microsoft hardware warranty claims, including shipping addresses created by others microsoft.hardware.support/shippingStatus/allProperties/read Read shipping status for open Microsoft hardware warranty claims microsoft.hardware.support/warrantyClaims/allProperties/allTasks Create and manage all aspects of Microsoft hardware warranty claims microsoft.healthPlatform/allEntities/allProperties/allTasks Manage all aspects of Microsoft Dragon admin center microsoft.insights/allEntities/allProperties/allTasks Manage all aspects of Insights app microsoft.intune/allEntities/allTasks Manage all aspects of Microsoft Intune microsoft.microsoft365.organizationalData/allEntities/allProperties/allTasks Manage all aspects of organizational data in Microsoft 365 microsoft.networkAccess/allEntities/allProperties/allTasks Manage all aspects of Microsoft Entra Network Access microsoft.networkAccess/trafficLogs/standard/read Read standard properties of traffic logs such as DeviceId, DestinationIp and PolicyRuleId microsoft.office365.complianceManager/allEntities/allTasks Manage all aspects of Office 365 Compliance Manager microsoft.office365.copilot/allEntities/allProperties/allTasks Create and manage all settings for Microsoft 365 Copilot microsoft.office365.desktopAnalytics/allEntities/allTasks Manage all aspects of Desktop Analytics microsoft.office365.exchange/allEntities/basic/allTasks Manage all aspects of Exchange Online microsoft.office365.fileStorageContainers/allEntities/allProperties/allTasks Manage all aspects of SharePoint Embedded containers microsoft.office365.knowledge/contentUnderstanding/allProperties/allTasks Read and update all properties of content understanding in Microsoft 365 admin center microsoft.office365.knowledge/contentUnderstanding/analytics/allProperties/read Read analytics reports of content understanding in Microsoft 365 admin center microsoft.office365.knowledge/knowledgeNetwork/allProperties/allTasks Read and update all properties of knowledge network in Microsoft 365 admin center microsoft.office365.knowledge/knowledgeNetwork/topicVisibility/allProperties/allTasks Manage topic visibility of knowledge network in Microsoft 365 admin center microsoft.office365.knowledge/learningSources/allProperties/allTasks Manage learning sources and all their properties in Learning App. microsoft.office365.lockbox/allEntities/allTasks Manage all aspects of Customer Lockbox microsoft.office365.messageCenter/messages/read Read messages in Message Center in the Microsoft 365 admin center, excluding security messages microsoft.office365.messageCenter/securityMessages/read Read security messages in Message Center in the Microsoft 365 admin center microsoft.office365.migrations/allEntities/allProperties/allTasks Manage all aspects of Microsoft 365 migrations microsoft.office365.network/performance/allProperties/read Read all network performance properties in the Microsoft 365 admin center microsoft.office365.organizationalMessages/allEntities/allProperties/allTasks Manage all authoring aspects of Microsoft 365 Organizational Messages microsoft.office365.protectionCenter/allEntities/allProperties/allTasks Manage all aspects of the Security and Compliance centers microsoft.office365.search/content/manage Create and delete content, and read and update all properties in Microsoft Search microsoft.office365.securityComplianceCenter/allEntities/allTasks Create and delete all resources, and read and update standard properties in the Microsoft 365 Security and Compliance Center microsoft.office365.serviceHealth/allEntities/allTasks Read and configure Service Health in the Microsoft 365 admin center microsoft.office365.sharePoint/allEntities/allTasks Create and delete all resources, and read and update standard properties in SharePoint microsoft.office365.sharePointAdvancedManagement/allEntities/allProperties/allTasks Manage all aspects of SharePoint Advanced Management microsoft.office365.skypeForBusiness/allEntities/allTasks Manage all aspects of Skype for Business Online microsoft.office365.supportTickets/allEntities/allTasks Create and manage Microsoft 365 service requests microsoft.office365.usageReports/allEntities/allProperties/read Read Office 365 usage reports microsoft.office365.userCommunication/allEntities/allTasks Read and update what's new messages visibility microsoft.office365.webPortal/allEntities/standard/read Read basic properties on all resources in the Microsoft 365 admin center microsoft.office365.yammer/allEntities/allProperties/allTasks Manage all aspects of Yammer microsoft.people/users/photo/read Read profile photo of user microsoft.people/users/photo/update Update profile photo of user microsoft.peopleAdmin/organization/allProperties/read Read people settings for users, such as pronouns, name pronunciation, and profile card settings microsoft.peopleAdmin/organization/allProperties/update Update people settings for users, such as pronouns, name pronunciation, and profile card settings microsoft.permissionsManagement/allEntities/allProperties/allTasks Manage all aspects of Microsoft Entra Permissions Management microsoft.powerApps.powerBI/allEntities/allTasks Manage all aspects of Fabric and Power BI microsoft.powerApps/allEntities/allTasks Manage all aspects of Power Apps microsoft.teams/allEntities/allProperties/allTasks Manage all resources in Teams microsoft.virtualVisits/allEntities/allProperties/allTasks Manage and share Virtual Visits information and metrics from admin centers or the Virtual Visits app microsoft.viva.glint/allEntities/allProperties/allTasks Manage and configure all Microsoft Viva Glint settings in the Microsoft 365 admin center microsoft.viva.goals/allEntities/allProperties/allTasks Manage all aspects of Microsoft Viva Goals microsoft.viva.pulse/allEntities/allProperties/allTasks Manage all aspects of Microsoft Viva Pulse microsoft.windows.defenderAdvancedThreatProtection/allEntities/allTasks Manage all aspects of Microsoft Defender for Endpoint microsoft.windows.updatesDeployments/allEntities/allProperties/allTasks Read and configure all aspects of Windows Update Service