| title | Partner Tier2 Support |
|---|---|
| description | Partner Tier2 Support |
| ms.topic | include |
| ms.date | 01/26/2026 |
| ms.custom | include file |
This is a privileged role. Do not use. This role has been deprecated and will be removed from Microsoft Entra ID in the future. This role is intended for use by a small number of Microsoft resale partners, and is not intended for general use.
Important
This role can reset passwords and invalidate refresh tokens for all non-administrators and administrators (including Global Administrators). This role should not be used because it is deprecated.
[!div class="mx-tableFixed"]
Actions Description microsoft.azure.serviceHealth/allEntities/allTasks Read and configure Azure Service Health microsoft.azure.supportTickets/allEntities/allTasks Create and manage Azure support tickets microsoft.directory/applications/appRoles/update Update the appRoles property on all types of applications microsoft.directory/applications/audience/update Update the audience property for applications microsoft.directory/applications/authentication/update Update authentication on all types of applications microsoft.directory/applications/basic/update Update basic properties for applications microsoft.directory/applications/credentials/update Update application credentials microsoft.directory/applications/notes/update Update notes of applications microsoft.directory/applications/owners/update Update owners of applications microsoft.directory/applications/permissions/update Update exposed permissions and required permissions on all types of applications microsoft.directory/applications/policies/update Update policies of applications microsoft.directory/applications/tag/update Update tags of applications microsoft.directory/contacts/basic/update Update basic properties on contacts microsoft.directory/contacts/create Create contacts microsoft.directory/contacts/delete Delete contacts microsoft.directory/deletedItems.groups/restore Restore soft deleted groups to original state microsoft.directory/deletedItems.users/restore Restore soft deleted users to original state microsoft.directory/domains/allProperties/allTasks Create and delete domains, and read and update all properties microsoft.directory/groups.unified/assignedLabels/update Update the assigned labels property on Microsoft 365 groups of assigned membership type, excluding role-assignable groups microsoft.directory/groups/create Create Security groups and Microsoft 365 groups, excluding role-assignable groups microsoft.directory/groups/delete Delete Security groups and Microsoft 365 groups, excluding role-assignable groups microsoft.directory/groups/members/update Update members of Security groups and Microsoft 365 groups, excluding role-assignable groups microsoft.directory/groups/owners/update Update owners of Security groups and Microsoft 365 groups, excluding role-assignable groups microsoft.directory/groups/restore Restore groups from soft-deleted container microsoft.directory/oAuth2PermissionGrants/allProperties/allTasks Create and delete OAuth 2.0 permission grants, and read and update all properties microsoft.directory/organization/basic/update Update basic properties on organization microsoft.directory/roleAssignments/allProperties/allTasks Create and delete role assignments, and read and update all role assignment properties microsoft.directory/roleDefinitions/allProperties/allTasks Create and delete role definitions, and read and update all properties microsoft.directory/scopedRoleMemberships/allProperties/allTasks Create and delete scopedRoleMemberships, and read and update all properties microsoft.directory/servicePrincipals/appRoleAssignedTo/update Update service principal role assignments microsoft.directory/subscribedSkus/standard/read Read basic properties on subscriptions microsoft.directory/users/assignLicense Manage user licenses microsoft.directory/users/basic/update Update basic properties on users microsoft.directory/users/create Add users microsoft.directory/users/delete Delete users microsoft.directory/users/disable Disable users microsoft.directory/users/enable Enable users microsoft.directory/users/invalidateAllRefreshTokens Force sign-out by invalidating user refresh tokens microsoft.directory/users/manager/update Update manager for users microsoft.directory/users/password/update Reset passwords for all users microsoft.directory/users/photo/update Update photo of users microsoft.directory/users/restore Restore deleted users microsoft.directory/users/userPrincipalName/update Update User Principal Name of users microsoft.office365.serviceHealth/allEntities/allTasks Read and configure Service Health in the Microsoft 365 admin center microsoft.office365.supportTickets/allEntities/allTasks Create and manage Microsoft 365 service requests microsoft.office365.webPortal/allEntities/standard/read Read basic properties on all resources in the Microsoft 365 admin center