entra-docs/docs/identity/role-based-access-control/includes/global-secure-access-administrator.md at 1563e3688d9131f52fa7185a51db5162f7cdb6b3 · MicrosoftDocs/entra-docs

title	Global Secure Access Administrator
description	Global Secure Access Administrator
ms.topic	include
ms.date	01/26/2026
ms.custom	include file

Assign the Global Secure Access Administrator role to users who need to do the following:

Create and manage all aspects of Microsoft Entra Internet Access and Microsoft Entra Private Access
Manage access to public and private endpoints

Users with this role cannot do the following:

Cannot manage enterprise applications, application registrations, Conditional Access, or application proxy settings

Learn more

[!div class="mx-tableFixed"]

Actions Description

microsoft.azure.supportTickets/allEntities/allTasks Create and manage Azure support tickets

microsoft.directory/applicationPolicies/standard/read Read standard properties of application policies

microsoft.directory/applications/applicationProxy/read Read all application proxy properties

microsoft.directory/applications/owners/read Read owners of applications

microsoft.directory/applications/policies/read Read policies of applications

microsoft.directory/applications/standard/read Read standard properties of applications

microsoft.directory/auditLogs/allProperties/read Read all properties on audit logs, excluding custom security attributes audit logs

microsoft.directory/conditionalAccessPolicies/standard/read Read Conditional Access for policies

microsoft.directory/connectorGroups/allProperties/read Read all properties of application proxy connector groups

microsoft.directory/connectors/allProperties/read Read all properties of application proxy connectors

microsoft.directory/crossTenantAccessPolicy/default/standard/read Read basic properties of the default cross-tenant access policy

microsoft.directory/crossTenantAccessPolicy/partners/standard/read Read basic properties of cross-tenant access policy for partners

microsoft.directory/crossTenantAccessPolicy/standard/read Read basic properties of cross-tenant access policy

microsoft.directory/namedLocations/standard/read Read basic properties of custom rules that define network locations

microsoft.directory/signInReports/allProperties/read Read all properties on sign-in reports, including privileged properties

microsoft.networkAccess/allEntities/allProperties/allTasks Manage all aspects of Microsoft Entra Network Access

microsoft.office365.messageCenter/messages/read Read messages in Message Center in the Microsoft 365 admin center, excluding security messages

microsoft.office365.serviceHealth/allEntities/allTasks Read and configure Service Health in the Microsoft 365 admin center

microsoft.office365.supportTickets/allEntities/allTasks Create and manage Microsoft 365 service requests

microsoft.office365.webPortal/allEntities/standard/read Read basic properties on all resources in the Microsoft 365 admin center

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Actions	Description
microsoft.azure.supportTickets/allEntities/allTasks	Create and manage Azure support tickets
microsoft.directory/applicationPolicies/standard/read	Read standard properties of application policies
microsoft.directory/applications/applicationProxy/read	Read all application proxy properties
microsoft.directory/applications/owners/read	Read owners of applications
microsoft.directory/applications/policies/read	Read policies of applications
microsoft.directory/applications/standard/read	Read standard properties of applications
microsoft.directory/auditLogs/allProperties/read	Read all properties on audit logs, excluding custom security attributes audit logs
microsoft.directory/conditionalAccessPolicies/standard/read	Read Conditional Access for policies
microsoft.directory/connectorGroups/allProperties/read	Read all properties of application proxy connector groups
microsoft.directory/connectors/allProperties/read	Read all properties of application proxy connectors
microsoft.directory/crossTenantAccessPolicy/default/standard/read	Read basic properties of the default cross-tenant access policy
microsoft.directory/crossTenantAccessPolicy/partners/standard/read	Read basic properties of cross-tenant access policy for partners
microsoft.directory/crossTenantAccessPolicy/standard/read	Read basic properties of cross-tenant access policy
microsoft.directory/namedLocations/standard/read	Read basic properties of custom rules that define network locations
microsoft.directory/signInReports/allProperties/read	Read all properties on sign-in reports, including privileged properties
microsoft.networkAccess/allEntities/allProperties/allTasks	Manage all aspects of Microsoft Entra Network Access
microsoft.office365.messageCenter/messages/read	Read messages in Message Center in the Microsoft 365 admin center, excluding security messages
microsoft.office365.serviceHealth/allEntities/allTasks	Read and configure Service Health in the Microsoft 365 admin center
microsoft.office365.supportTickets/allEntities/allTasks	Create and manage Microsoft 365 service requests
microsoft.office365.webPortal/allEntities/standard/read	Read basic properties on all resources in the Microsoft 365 admin center

FilesExpand file tree

global-secure-access-administrator.md

Latest commit

History

global-secure-access-administrator.md

File metadata and controls