Add hybrid identity administrator as a possible role for config change#1876
Add hybrid identity administrator as a possible role for config change#1876AugustDailey wants to merge 1 commit intoMicrosoftDocs:mainfrom
Conversation
|
@AugustDailey : Thanks for your contribution! The author(s) and reviewer(s) have been notified to review your proposed change. |
prmerger-automator
bot
added
Change sent to author
entra-id/svc
hybrid-connect/subsvc
labels
AugustDailey
force-pushed
the
fix/role-for-fed-config
branch
from
2bc3d61 to
8ffc5e4
Compare
|
Force push was to fix a spelling error in the commit message. |
AugustDailey
changed the title
|
Learn Build status updates of commit 2bc3d61: ✅ Validation status: passed
For more details, please refer to the build report. |
|
Learn Build status updates of commit 8ffc5e4: ✅ Validation status: passed
For more details, please refer to the build report. |
There was a problem hiding this comment.
Pull request overview
This PR updates the migration guidance to recognize the Hybrid Identity Administrator role as an alternative to Global Administrator for specific sign-in/configuration steps during federation-to-cloud-auth conversion.
Changes:
- Updates the Microsoft Entra Connect wizard step to allow using a Global Administrator or Hybrid Identity Administrator account.
- Updates the Microsoft Graph PowerShell sign-in step to allow using a Global Administrator or Hybrid Identity Administrator account.
|  | ||
|
|
||
| 3. On the **Connect to Microsoft Entra ID** page, enter your Global Administrator account credentials. | ||
| 3. On the **Connect to Microsoft Entra ID** page, enter your Global Administrator or Hybrid Identity Administrator account credentials. |
There was a problem hiding this comment.
This wording is a bit ambiguous (it can read like you have two different accounts). Consider rephrasing to something like “enter credentials for an account that’s assigned the Global Administrator or Hybrid Identity Administrator role” for clarity. Also, later in this article the authentication agent installation step still says a Global Administrator account is required (around line 296), so please confirm whether Hybrid Identity Administrator should be accepted there too and keep the role requirements consistent to avoid confusing readers.
| 3. On the **Connect to Microsoft Entra ID** page, enter your Global Administrator or Hybrid Identity Administrator account credentials. | |
| 3. On the **Connect to Microsoft Entra ID** page, enter credentials for an account that's assigned the Global Administrator or Hybrid Identity Administrator role. |
| **Complete the conversion by using the Microsoft Graph PowerShell SDK:** | ||
|
|
||
| 1. In PowerShell, sign in to Microsoft Entra ID by using a Global Administrator account. | ||
| 1. In PowerShell, sign in to Microsoft Entra ID by using a Global Administrator or Hybrid Identity Administrator account. |
There was a problem hiding this comment.
Consider rephrasing to “sign in … using an account assigned the Global Administrator or Hybrid Identity Administrator role” to avoid implying these are separate dedicated accounts. As with the earlier wizard step, please also ensure the role requirement is consistent with the rest of the article (there’s at least one other step that still states Global Administrator is required).
| 1. In PowerShell, sign in to Microsoft Entra ID by using a Global Administrator or Hybrid Identity Administrator account. | |
| 1. In PowerShell, sign in to Microsoft Entra ID by using an account assigned the Global Administrator or Hybrid Identity Administrator role. |
|
Can you review the proposed changes? IMPORTANT: When the changes are ready for publication, adding a #label:"aq-pr-triaged" |
Adding Hybrid Identity Administrator as a valid role that can achieve the same prerequisite as Global Admin.
Entra Role - Hybrid Identity Administrator